What Grocers Need to Know About Gift Card Fraud
As COVID-19 prompted shoppers to shift to online methods, digital gift card sales soared and increased the prevalence of fraud. While the heightened fraud activities affected all types of retailers, there are several factors that make it particularly concerning for food retailers, namely shopping frequency and innovation in the gift card category.
“Grocery stores do a significant portion of gift card sales and were one of the first channels to become heavily involved,” says Nathan Ehrlich, chairman of the Washington, D.C.-based Retail Gift Card Association. “They prominently displayed them, and they’ve become a big draw, with people attuned to seeing them.”
Indeed, gift card malls are a common site on end caps in food stores, and retailers make them increasingly available as part of online assortments, with recent data from digital gift card provider Rise.ai revealing the pandemic-driven popularity of gift cards. For example, third-quarter gift card purchasing increased 114% and revenue grew 65% versus the same period last year, according to Tel Aviv, Israel-based Rise.ai.
“Lack of product availability and physical shopping aversion are likely to increase gift card sales,” observes Randy Burt, a managing director with New York-based Alix Partners’ consumer products practice, “but gift cards don’t have the protection credit cards do. They’re hard to trace and require ongoing vigilance.”
Unfortunately, the popularity of e-commerce has brought with it a surge in fraud that was especially evident over the Thanksgiving holiday weekend. TransUnion reported a 14% increase in suspect holiday weekend e-commerce fraud compared with last year, with a pronounced spike on Cyber Monday, when suspected fraud behavior spiked 26%.
“With the COVID-19 pandemic accelerating the move from offline to online transactions, detecting digital fraud attempts has become paramount for e-commerce providers,” notes Shai Cohen, SVP of global fraud solutions at Chicago-based TransUnion.
Not all of the suspected fraud identified by TransUnion involved gift cards, but the popularity of stored-value cards as a payment and gifting option creates new challenges for grocers.
“Increased e-commerce sales mean increased fraud risk,” asserts Rafael Lourenco, EVP and partner with ClearSale, a Miami-based supplier of fraud detection solutions. “Card-not-present transactions appeal to villains looking to quickly monetize stolen gift card data. Digital gift cards can be spent or resold easily, making crimes hard for fraud detection systems to catch.”
ClearSale saw a 30% increase in attempts to purchase fraudulent gift cards online, and its sales doubled from March to October. The company estimates that 10%-20% of online retail fraud attempts involve gift card purchasing.
According to the Federal Trade Commission (FTC), fraud reports involving gift/reload cards climbed from $39.7 million in 2017 to $78 million in 2018, reaching $102.9 million in 2019. But the recent spike in digital gift card sales has made the problem much worse.
Why Grocers Should be Wary
There are many types of digital gift card fraud. A popular one involves scammers telling consumers that they must purchase gift cards to pay debts or help a troubled loved one. One of these type scams ran for five years, bilking Georgia consumers out of more than $20 million. Based in India, fraudsters used voiceover internet protocol (VoIP) to place robocalls involving fictitious loan officers who demanded payment with retail gift cards, according to a U.S. Department of Justice report. The FTC says that the percentage of consumers who paid scammers with gift cards has increased 270% since 2015.
Criminals also employ gift card fraud bots, which abuse gift card balance checking facilities by testing myriad possible card numbers. When a match is found, the balance is used to make fraudulent purchases. A U.K. company called Netacea uses technology to address the problem.
“We’ve observed widespread growth in size and frequency of bot attacks year over year and throughout the pandemic, due to inexpensive, readily available tools for carrying out attacks,” affirms Thomas Platt, head of e-commerce at Manchester-based Netacea.
Bot-fighting technologies let retailers view IP addresses, says the Retail Gift Card Association’s Ehrlich, who is also senior manager, gift card operations, for The Home Depot, in Atlanta. When repeated balance checks emanate from one address, retailers can block that address.
Some fraudsters use stolen credit cards to buy digital gift cards, incurring monetary losses for retailers. Transactions are hard to trace. “How do retailers determine this?” muses Marc Schultz, head of data privacy and security at Newton, Mass.-based gift card supplier Paytronix. “Larger retailers and service providers are working on technologies to trace this. Big data and analytics are helping to some degree.”
Then there are privacy issues. “We can track lots of information,” notes Schultz, “but we can’t be overlords asking why somebody used gift cards to buy an airline ticket, since that can be legitimate.”
Obstacles for Grocers to Overcome
Technologies that protect credit cards can be ineffective or cost-prohibitive for gift cards, because of the different economic models. For example, gift cards become a person’s property for a short time and aren’t supported by fees charged on unpaid balances.
“Credit cards with the most fraud protection have higher associated costs,” says Alyson Fischer, manager at Chicago-based retail consultancy McMillanDoolittle LLP. “They’ve already done a credit check on you and can track spending patterns. But you don’t register gift cards.”
Gift card fraud detection technologies don’t use a centralized clearing house or database like credit cards do. Consequently, if a card is purchased in Vermont and redeemed in California — a potential red flag — there’s no record. “Merchants are islands unto themselves in redeeming gift cards,” observes Paytronix’s Schultz. “Once the card is activated, the merchant must take it. With credit cards, the credit card company provides authorization.”
Retailers generally create their own gift card protection systems or use outside providers like Blackhawk Network or Incomm. “They can see the last time the card was used and deactivate it if there’s fraudulent activity,” explains Diana Cabrera, director of front end retail operations at Northgate Gonzalez Market, a leading Hispanic grocery chain based in Anaheim, Calif.
Staffed by tech experts 24/7, Atlanta-based Incomm’s Transaction Monitoring System sends fraud alerts and recommendations directly to retail locations. Activities can be observed and monitored down to the individual store terminal level.
Meanwhile, Pleasanton, Calif.-based Blackhawk’s Cash Star Platform bypasses traditional rules-only-based systems, as these are easy for fraudsters to penetrate and can generate false declines. Cash Star starts with predictive models based on good behavior, and then layers on rules, alleviating both problems. Its 57 multifactor predictors contain more than 800 distinct attributes. A growing data bank comprises information from 400-plus brands and 6 million transactions. However, to be effective, fraud detection systems must also operate quickly and in real time.
“Consumers expect to buy a digital gift card and have it delivered to the recipient’s email instantly,” says Eyal Raab, VP of sales and business development with Tel Aviv- and New York-based Riskified. “In that period, merchants must decide whether to approve an order — and risk fraud — or decline it and risk losing revenue and upsetting legitimate customers. Solutions must examine as much information as possible and make real-time, accurate decisions.”
Riskified uses machine-learning algorithms to compare data points of submitted orders with billions of previous transactions, approving or declining purchases in seconds.
Other technologies use algorithms to ensure that issued gift card numbers are nonsequential, making it hard for fraudsters to guess them, says Schultz.
To deliver information in real time, technologies must interface with modern CRM and POS systems. Otherwise, gift cards could be redeemed twice via different devices. “Sometimes, a gift card is redeemed online and again on a mobile app,” notes McMillanDoolittle’s Fischer. “There’s a delay, and the retailer doesn’t realize there’s no balance.”
What’s Next for Food Retailers
Online and in stores, retailers are implementing a number of tactics to deter fraud. While most don’t conduct international transactions or sell large denomination cards, some do, and there are special considerations in play when that’s the case. Large denominations are flagged by fraud-monitoring systems, as are small denominations that continually and consecutively appear on gift card resale sites like CardCash.com and Raise.com, according to Fischer.
However, there are exceptions. Northgate Gonzalez Market sells many proprietary gift cards to corporations and charities, and orders can exceed $1,000. Purchasers must provide tax ID numbers, and cards are not sold through other retailers. “We keep logs and monitor the back end, tracking purchasers and pulling reports,” says Patty Rodriguez, an enterprise risk manager at Northgate.
In stores, third-party gift card sales cannot exceed $1,000, cards being purchased must be swiped, and cashiers can’t manually enter numbers. This deters number theft from unredeemed cards, and the retailer’s front end closing checklist includes nightly gift card audits. Most gift card numbers are hidden at the point of purchase by secure packaging and scratch-off codes. It’s hard to access cards without destroying the packaging, and some scratch-off materials have printing on them, which adds a layer of protection.
Other deterrence measures in place at Northgate include placing displays in locations where they can be monitored. Employees are also trained to question consumers purchasing cards in large amounts and not to sell cards with exposed PIN numbers or damaged packaging.
On the law enforcement side, government agencies are investigating fraud and educating consumers and retailers. In 2018, the FTC launched a “Data Spotlight” report, which analyzes information on gift card scams. That year, for example, it found that iTunes and Google gift cards were involved in the most scams, notes Lois Greisman, associate director, division of marketing practices at the FTC.
The FBI is breaking up crime rings, identifying best practices and furthering educational efforts. “They share intelligence confidentially,” says Schultz. “If there’s a ring hitting area retailers, they inform other retailers. They look for ‘hot spots’ so people can take protective actions and educate store employees.”
An Eye Toward the Future
More than 20 years ago, Blockbuster and Starbucks were the first retailers to aggressively promote modern gift cards. But it was only a decade ago that PIN codes were added and later covered. These moves were followed by multiple technologies and enhancements, including fraud protection. But efforts are still not standardized, centralized or comprehensive.
“It’s not just a fraud issue, it’s an enablement issue,” points out Schultz. “We need many controls. When we detect a problem, we need a way to react. It won’t happen in one step. And penalties for crimes are still small enough that people keep trying.”
