The holidays are upon us, and gift cards remain a favorite to give and receive.
And the fraudsters lie in wait — armed with advanced technologies and sophisticated schemes.
Doriel Abrahams, head of risk at Forter, told PYMNTS in an interview that gift cards have always been riskier than other payment form factors.
He noted that, for instance, food and beverage retailers see only 5% of their “traffic” tied to gift cards — and yet those same cards account for 50% of fraud they encounter.
Gift cards have become an attractive target for fraudsters due to their easily monetizable nature. Using stolen credit card information, fraudsters can purchase gift cards, which can then be resold or used for purchases. Gift cards provide fraudsters with a level of anonymity, as they can be sent electronically or used directly in-store. And there are generally no chargeback options, which makes it virtually impossible to recover funds.
“A gift card is essentially the online world’s version of cash,” he said. Of course, fraud can compromise the actual physical cards, too, as fraudsters can record gift card numbers and PINs with only a slight bit of tampering.
“Gift card fraud is extremely lucrative for fraudsters,” he said, “because it is easy to resell them.”
And now, he said, social engineering is ramping up as a key means of attack.
“Innocent people might get a phone call from someone pretending to be an Amazon Prime representative, for example,” encouraging them to buy gift cards — instructing them to send those cards somewhere else, or use some else’s credit card. Artificial intelligence (AI) and tools like ChatGPT, he added, are making it possible for bad actors to spoof our friends and loved ones.
“We’re just a few steps away,” he told PYMNTS, “from the scenario where you get a phone call from your mother asking you to buy her a gift card, where in fact, it’s someone else using a deepfake or another program.”
There are some basic tenets to follow as individual consumers gird themselves against gift card fraud.
Consumers should exercise caution when receiving unsolicited phone calls or messages requesting gift card purchases. It is crucial to verify the legitimacy of such requests independently and through official channels, said Abrahams. When making gift card purchases, it is advisable to validate the authenticity of the purchase links and make purchases directly from the retailer’s official website. Additionally, consumers should be mindful of where they enter their payment information and ensure that the website or platform is secure and reputable.
“Generally speaking,” he said, “when online shopping, you would typically use some sort of a payment instrument of your own. That can be either an Apple Pay or Google Pay or a credit card of sort, a debit card, even a cryptocurrency wallet. All of those things are directly connected to a persona — and to a user,” said Abrahams.
Merchants also have a role to play in mitigating gift card fraud, if their consumers opt for that payment instrument. By focusing on identifying patterns and behaviors of fraudulent users, merchants can analyze data using statistical tools, AI and machine learning to detect anomalies and suspicious patterns.
Implementing additional security measures such as two-factor authentication or prompting users to complete transactions through alternative channels can also help prevent fraud.
Platforms such as Forter’s, he said, help leverage large data sets not to focus solely on transactions — but who’s making those transactions. A fraudster might conceivably utilize several identities across emails, addresses and personas. The platform model and advanced analytics, he said, can identify pattens right down to slightly tweaked (but similar) email names, or a slew of IP addresses attached to one name…and flag those tell-tale signs that something might be amiss.
The ultimate aim is to create a “map” of actual users as they complete legitimate transactions, weeding out the riskier ones. In that manner, he said, fraudsters are interrupted as multi-factor authentication is stepped up.
“It’s not about stopping fraud from existing,” he said. “It’s about making sure that it’s too ‘annoying’ to perform,” and they abandon the effort, “because they are frustrated. They don’t want to ‘fight’ over every transaction.”