Obstacles for Grocers to Overcome
Technologies that protect credit cards can be ineffective or cost-prohibitive for gift cards, because of the different economic models. For example, gift cards become a person’s property for a short time and aren’t supported by fees charged on unpaid balances.
“Credit cards with the most fraud protection have higher associated costs,” says Alyson Fischer, manager at Chicago-based retail consultancy McMillanDoolittle LLP. “They’ve already done a credit check on you and can track spending patterns. But you don’t register gift cards.”
Gift card fraud detection technologies don’t use a centralized clearing house or database like credit cards do. Consequently, if a card is purchased in Vermont and redeemed in California — a potential red flag — there’s no record. “Merchants are islands unto themselves in redeeming gift cards,” observes Paytronix’s Schultz. “Once the card is activated, the merchant must take it. With credit cards, the credit card company provides authorization.”
Retailers generally create their own gift card protection systems or use outside providers like Blackhawk Network or Incomm. “They can see the last time the card was used and deactivate it if there’s fraudulent activity,” explains Diana Cabrera, director of front end retail operations at Northgate Gonzalez Market, a leading Hispanic grocery chain based in Anaheim, Calif.
Staffed by tech experts 24/7, Atlanta-based Incomm’s Transaction Monitoring System sends fraud alerts and recommendations directly to retail locations. Activities can be observed and monitored down to the individual store terminal level.
Meanwhile, Pleasanton, Calif.-based Blackhawk’s Cash Star Platform bypasses traditional rules-only-based systems, as these are easy for fraudsters to penetrate and can generate false declines. Cash Star starts with predictive models based on good behavior, and then layers on rules, alleviating both problems. Its 57 multifactor predictors contain more than 800 distinct attributes. A growing data bank comprises information from 400-plus brands and 6 million transactions. However, to be effective, fraud detection systems must also operate quickly and in real time.
“Consumers expect to buy a digital gift card and have it delivered to the recipient’s email instantly,” says Eyal Raab, VP of sales and business development with Tel Aviv- and New York-based Riskified. “In that period, merchants must decide whether to approve an order — and risk fraud — or decline it and risk losing revenue and upsetting legitimate customers. Solutions must examine as much information as possible and make real-time, accurate decisions.”
Riskified uses machine-learning algorithms to compare data points of submitted orders with billions of previous transactions, approving or declining purchases in seconds.
Other technologies use algorithms to ensure that issued gift card numbers are nonsequential, making it hard for fraudsters to guess them, says Schultz.
To deliver information in real time, technologies must interface with modern CRM and POS systems. Otherwise, gift cards could be redeemed twice via different devices. “Sometimes, a gift card is redeemed online and again on a mobile app,” notes McMillanDoolittle’s Fischer. “There’s a delay, and the retailer doesn’t realize there’s no balance.”
What’s Next for Food Retailers
Online and in stores, retailers are implementing a number of tactics to deter fraud. While most don’t conduct international transactions or sell large denomination cards, some do, and there are special considerations in play when that’s the case. Large denominations are flagged by fraud-monitoring systems, as are small denominations that continually and consecutively appear on gift card resale sites like CardCash.com and Raise.com, according to Fischer.
However, there are exceptions. Northgate Gonzalez Market sells many proprietary gift cards to corporations and charities, and orders can exceed $1,000. Purchasers must provide tax ID numbers, and cards are not sold through other retailers. “We keep logs and monitor the back end, tracking purchasers and pulling reports,” says Patty Rodriguez, an enterprise risk manager at Northgate.
In stores, third-party gift card sales cannot exceed $1,000, cards being purchased must be swiped, and cashiers can’t manually enter numbers. This deters number theft from unredeemed cards, and the retailer’s front end closing checklist includes nightly gift card audits. Most gift card numbers are hidden at the point of purchase by secure packaging and scratch-off codes. It’s hard to access cards without destroying the packaging, and some scratch-off materials have printing on them, which adds a layer of protection.
Other deterrence measures in place at Northgate include placing displays in locations where they can be monitored. Employees are also trained to question consumers purchasing cards in large amounts and not to sell cards with exposed PIN numbers or damaged packaging.
On the law enforcement side, government agencies are investigating fraud and educating consumers and retailers. In 2018, the FTC launched a “Data Spotlight” report, which analyzes information on gift card scams. That year, for example, it found that iTunes and Google gift cards were involved in the most scams, notes Lois Greisman, associate director, division of marketing practices at the FTC.
The FBI is breaking up crime rings, identifying best practices and furthering educational efforts. “They share intelligence confidentially,” says Schultz. “If there’s a ring hitting area retailers, they inform other retailers. They look for ‘hot spots’ so people can take protective actions and educate store employees.”
An Eye Toward the Future
More than 20 years ago, Blockbuster and Starbucks were the first retailers to aggressively promote modern gift cards. But it was only a decade ago that PIN codes were added and later covered. These moves were followed by multiple technologies and enhancements, including fraud protection. But efforts are still not standardized, centralized or comprehensive.
“It’s not just a fraud issue, it’s an enablement issue,” points out Schultz. “We need many controls. When we detect a problem, we need a way to react. It won’t happen in one step. And penalties for crimes are still small enough that people keep trying.”