How to protect your business from gift card fraud

Gift cards bring in a whopping $130 billion per year, so while the FBI estimates that gift card fraud and illegally cloned gift cards only affect a small percentage of sales, it's still significant. A step beyond the now more familiar ATM skimming fraud, cloned gift cards are also frustrating and inconvenient for consumers, and they can harm a retailer's reputation.1

Do you know what cloned gift cards are, and how to best handle your inventory management to prevent it from happening in your retail store?2

 

How a card is cloned

To create an illegal "clone," thieves target gift cards displayed on a retail store's rack that are not yet purchased. They use a handheld card reader to swipe the card's magnetic stripe and record the serial number and other data. If there is a PIN, the thief scratches off the protective decal, records the security number, and then replaces the scratch-off sticker with a new one that can be purchased online by the roll.1

Then, the thief monitors the gift card's account online, at the retailer's portal, until that particular card is paid for and activated. When it is, he or she encodes that card's data onto any other card with a magnetic stripe. The thief uses the cloned card to make purchases right away, often reselling the stolen goods online or on the street. When the person who legitimately loaded or received the gift card tries to use it, they find it devoid of funds.1

One way retailers can tell their gift cards are a target is by noticing scratch-off debris on the ground near the gift card rack.1

How to protect against cloned cards

If you only make one change to your inventory management, stop putting your gift cards in an area that's publicly accessible. Instead of displaying them on a rack where a customer (or thief) can pick them up, store them locked in a cabinet or, perhaps easier, behind the counter.

There are other changes that can protect against cloned cards, as well. Try to only purchase gift cards that are wrapped in plastic and also require a PIN. Make sure your online page, where customers can check their balance, has strong CAPTCHA security. Limit how often anyone can check an online gift card balance, perhaps to only a handful of times per hour at most.

There are security measures you can take right in the store to protect against fraud, too.

  1. Aim one of your security cameras at the gift card rack.
  2. Keep your gift card display tidy, so you can easily tell if someone has tampered with it.
  3. Do not make the card's PIN available until after the card is purchased.
  4. Never store a list of PINs with the list of gift card numbers.
  5. Train your employees to recognize gift card fraud and the tactics that thieves use.3

 

There may be a solution

Researchers from the University of Florida, in conjunction with Walmart, recently developed technology that quickly and accurately detects cloned cards.

The new technology correctly distinguishes legitimate gift cards from fraudulent, cloned ones 99.3 percent of the time. Researchers say that the technology can easily and inexpensively be incorporated into post-of-sale systems at retail cash registers.1

1."Krebs on Security." Brian Krebs. Accessed August 15, 2018. https://krebsonsecurity.com/2018/05/detecting-cloned-cards-at-the-atm-register/
2."Gift Card Cloning." LPM. August 14, 2018. Accessed August 15, 2018. https://losspreventionmedia.com/insider/retail-fraud/gift-card-cloning/
3. "Gift Card Fraud: How It's Committed and Why It's So Lucrative." The State of Security. July 09, 2018. Accessed August 10, 2018. https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/gift-card-fraud-how-its-committed-and-why-its-so-lucrative/