In June of 2018, prosecutors from the U.S. Attorney’s Office indicted five people from Washington who admitted to using gift cards to steal almost $800,000 from Target and its customers. One of the scammers cracked the gift card algorithm and managed to identify the unique barcode numbers from thousands of Target gift cards. With that information, they stole gift card balances and sold illegally-purchased goods and gift cards for bitcoin.
The scammers used Target’s automated customer service phone number to verify gift card balances for the numbers they stole. Then, they would load the gift card numbers onto a mobile device so they could use them to buy legitimate gift cards at Targets in Washington, Oregon, California, Nevada, and Colorado.
When customers tried using their gift cards, their balance would be zero because the money had already been drained from it. In response to the scam, Target changed their gift card system.
The question is, when it comes to gift card fraud prevention, what can businesses do to protect themselves? Let’s take a deeper look into gift card fraud, the types of scams in operation, and tips for preventing fraud.
What is Gift Card Fraud?
Gift card fraud is an extension of credit card fraud. It’s the act of stealing money, whether from retailers or consumers, using gift cards as a vessel. Even though the scammer tactics are similar, gift card fraud is rarely reported or talked about in the media. However, with the increased use of online gift cards, the risk for this type of fraud is on the rise and monetary losses can range anywhere from under $100 to millions of dollars.
How Does Gift Card Fraud Work?
Since gift card fraud is fairly easy to commit and turn a profit, scammers often use invasive techniques, steal money, and still manage to fly under the radar. To protect yourself and your business, it’s important to know the details of each type of fraud.
Types of Gift Card Fraud
When it comes to online gift card fraud, scammers often target customers rather than businesses since individuals tend to use the same usernames, emails, and passwords to log in to different accounts. Their online shopping scams include hacking websites and stealing all of the account information. They will then try using the logins to access other website accounts. After they gain access, consumers can lose money, rewards, and points attached to accounts that have been saved in order to exchange for a bill credit, goods, or services.
They also target auto-reloading consumer gift cards such as the ones integrated into apps for coffee shops like Starbucks and Dunkin’ Donuts. Once they gain access to the auto-reloading card information, they’ll drain the attached bank accounts.
Gift card theft doesn’t just happen online. This type of fraud originally began in stores with physical gift cards and some still use the tactic. Scammers will steal the card numbers off of in-store gift cards and monitor them until they’re activated in hopes of draining the money off of them. To combat this, some retailers have begun to add unique Personal Identification Numbers (PINs) to gift cards, requiring that the user have both the card number and PIN that’s hidden under a scratch-off sticker.
Unfortunately, even with PINs, scammers still find a way to steal gift cards. The scratch-off PIN stickers can easily be bought online. Scammers will steal multiple gift cards from a store, scratch off the sticker to reveal the PIN, copy down all the information, place a new sticker over the PIN, and covertly return all the gift cards to the store. Once the cards are activated by unsuspecting customers, the scammers will transfer the gift card balances to another card, buy products in order to sell them, or convert them to cash.
Bulk Number Stealing
This tactic is similar to traditional number stealing, but is committed on a larger scale. Scammers will use phishing, SQL injection, social engineering, and accidental disclosure tactics to gain access to thousands of gift cards.
- Phishing — Scammers send emails trying to impersonate someone else. If they succeed, they could gain cash, products, or gift cards. A recent example of this involved a scammer who began phishing in the Better Business Bureau. An employee received an email asking them to purchase gift cards for coworkers. The email was created to look like it came from their supervisor, but in reality, it was the work of a scammer.
- SQL Injection — In this instance, scammers set up links that place a specific, malicious code in databases on business computers and other electronics. Once in place, scammers can gain access to sensitive company data, customer lists, and other confidential data.
- Social Engineering — Scammers target both employees and consumers using this tactic. They’ll create “official-looking” emails that let recipients know that they’ve either missed information, have something urgent to take care of, or won something for free and need to claim their prize.
- Accidental Disclosure — If an employee accidentally discloses confidential company information to others, scammers can use the information for their own benefit. This happened in 2015 with an Australian grocery store, Woolworths. An employee accidentally sent out 8,000 gift cards in a single email to over 1,000 customers in their data system, totaling up to $1 million. When the gift cards were checked, many had already been spent by scammers who took advantage of the situation.
Manual Register Shutdowns
In this scenario, store employees are the thieves. An employee rings up a gift cart, activates it, then unplugs the register before it can complete the transaction. The transaction is never made or recorded, yet the card is activated and ready for use. If inventory and profits aren’t being looked at thoroughly, store owners won’t know they are victims of gift card fraud until it’s too late.
One way to keep tabs on gift cards is to monitor whether or not they have been sold and/or used. If store records indicate that a certain gift card hasn’t been sold, but looks to be used, the card should be shut down immediately and the possibility of fraud should be investigated.
Payments via Gift Cards
Some scammers also ask for gift cards as payment for goods and services. The FBI has warned the public that thieves will play with their target’s emotions in order to get gift cards from them. In exchange for a proposed service, the scammer will request gift cards as payment because they’ve “been hurt by shady practices like chargebacks” in the past. If the victim falls for the scheme and hands over gift cards, they’ll never receive any goods or services in exchange.
Free Gift Cards for All
You should also be aware that scammers create fake gift card websites. They’ll promise to provide free gift cards to users as long as they fill out surveys, watch ads, and sign up for promotions. The victim will provide personal information while interacting with the surveys, ads, and promotions, and the information will be used directly by the scammers to gain access to email accounts, bank accounts, etc.
The Consequences of Gift Card Fraud
Despite gift card fraud rarely being reported, it’s considered a federal offense. Similar to credit card fraud, perpetrators may face a hefty fine up to $250k and can even spend 10 years in prison. If perpetrators are convicted of other offenses in addition to gift card fraud, the prison time could increase to 15 years. If the individual commits gift card fraud two or more times, the prison time may increase to 20 years.
Tips for Gift Card Fraud Prevention
Protect yourself and your business from gift card fraud by implementing the following tips:
Secure Your Store
Gift cards should never be placed on display or put in easy reach of the cash register. Instead, they should be locked in a cabinet or stored in a safe, enclosed place. It’s also best to have policies and procedures in place for the issuing and redemption of gift cards. For added protection from fraud, be sure to utilize gift cards that require a PIN.
Secure Your Computer System
Your computers, registers, and other technology systems should have up-to-date software. They should be locked with strong passwords and the passwords should be changed routinely. In addition, any gift card PINs should be stored in a separate location from the gift card numbers. This will make it harder for scammers to access and drain gift cards of their balances.
Train Employees Thoroughly
It’s important that you train your employees. Inform them of the types of gift card theft and the ways they can prevent it. As you hire new employees, be sure to monitor them to ensure they aren’t switching activated gift cards for unactivated cards. It’s recommended that you keep monitoring them until a relationship is established and you trust the employee. After that, randomly monitor the employee’s use of gift cards to ensure there hasn’t been any thievery.
Limit Gift Card Values
Another aspect of gift card fraud prevention is limiting your gift card values. If you’re extremely worried about the potential for fraud and want to avoid gift card scams, you can limit the amount of money a customer can put on a gift card upon purchase. Keeping your gift card values at $500 or less will minimize the risk of your business losing tons of money if fraud occurs.
Sell Gift Cards from One Location
Rather than selling gift cards from multiple cash registers in your store, limit gift card sales to one particular register, such as the one at your customer service desk. You can effectively monitor the person in charge of the gift cards while ensuring control over where the gift cards are located.
How to Report Gift Card Fraud
The good news is that gift card fraud is simple to report. Consumers only need to contact their local authorities or police department, then reach out to the business from which they received the gift card. The gift card amount should be reimbursed by the business. In addition, consumers can also file a complaint with the Federal Trade Commission (FTC).
If you’re a business and you’re worried about the potential for gift card fraud, take some of the advice above to keep your gift cards secure.