When birthdays or holidays roll around and the perfect gift remains elusive, digital gift cards often save the day. They’re easy to buy, transferable and take the guesswork out of gift-giving. Plus, they give the recipient the freedom to buy exactly what they want.
When consumers receive a gift card, they’re not just redeeming its value — they often spend more, with 58% of U.S. shoppers reporting they’ll go beyond the card’s value, driving additional revenue for brands.
While digital gift cards boost spending and build brand loyalty, their convenience also makes them targets for fraudsters looking to make a quick buck. In fact, fraud pressure — a measure of likely fraudulent transactions — on online orders to purchase gift cards is up 91% year over year, according to Signifyd data. In March alone, year-over-year fraud pressure increased 125%.
And the impact of gift card fraud can be significant, especially the costs associated with investigating fraudulent online transactions, covering chargebacks and paying the associated fees.
So, how can merchants strike the right balance between safeguarding against fraud while reaping the benefits of digital gift cards? By understanding common tactics used by fraudsters and leveraging advanced fraud detection systems, brands can protect revenue, build trust and ensure a safe, seamless experience — without sacrificing convenience for real customers. Let’s explore how.
Why are gift cards a target for fraud?
Gift cards are big business — the U.S. gift card market is expected to reach $260 billion by 2026 — and unfortunately, their popularity makes them an equally large target for criminals.
“Gift cards are one of the main currencies of fraud.”
Michael Pezely, senior director of risk intelligence at Signifyd
Unlike physical goods, which require more effort to steal or ship, gift cards can be easily stolen, resold or used online. Fraudsters can simply take the digital codes and either redeem them or sell them. Their cash-like value and ease of transfer make them especially attractive to criminals. With no physical shipping address, billing information or name required, these fraudulent activities can be carried out anonymously, making them difficult to trace.
This ease of exploitation has given rise to criminal gift card rings, where fraudsters work together in coordinated efforts to steal and launder funds. These rings often use stolen credit card information, account takeovers (ATOs) and other deceptive tactics to purchase gift cards in bulk. In many cases, bots are employed in these schemes to conduct enumeration (brute force attacks), testing the validity of credit card details and making purchases quickly within seconds of visiting a website.
What the rise in gift card fraud says about the evolution of fraud
Fraudsters will always look for a way. When merchants slow or stop one form of fraud, another form rises up. Allyiz Partner Catherine Tong explains how a move to gift card fraud is just another in a long series of zigs and zags in the fraud-fighter vs. fraudster story.
Fraudsters are becoming more aggressive in trying to exploit vulnerabilities, with 60% of online merchants reporting a rise in ATO attempts in 2024. Even when these attempts aren’t successful, they still allow fraudsters to test the system and find ways to bypass fraud detection measures. If they do gain access to personal accounts and stolen credit card details, they can purchase gift cards without triggering the usual red flags. This makes it harder for ecommerce merchants to identify and prevent suspicious transactions, and the repercussions of falling victim are far-reaching.
The hidden costs of gift card fraud for merchants
Beyond the direct costs of fraudulent transactions and potential damage to consumer trust, there are significant hidden costs tied to digital gift card fraud — a major one being preauthorization fees.
Every time an attempted transaction is authorized, the payment processor or credit card network charges a small fee. This means merchants not only face the direct costs of the fraudulent transactions themselves but also the cumulative fees associated with each authorization attempt. Considering fraudsters often use bots to attempt millions of transactions within just a few days, these fees balloon. Fast.
Aided by the rise of ecommerce fraud, which is projected to grow from $44.3 billion in 2024 to $107 billion by 2029, payment industry players are implementing new programs — i.e. the Visa Acquirer Monitoring Program (VAMP) — to reduce fraud-related chargebacks, protect customers and safeguard the payment ecosystem.
For example, merchants flagged by Visa for exceeding an acceptable number of fraud and non-fraud disputes will face additional scrutiny and fees. These merchants could ultimately lose their ability to accept Visa payments. This lost revenue can be significant, especially for merchants operating in more highly targeted industries for online fraud.
Common scenarios for gift card fraud
Gift card fraud is industry agnostic — any merchant that offers gift cards can fall victim. However, certain sectors are more vulnerable than others due to a high demand for their offerings and the ease with which fraudsters can exploit their systems. In particular, grocery, fashion, electronics and gaming are frequent targets, with fraudsters using sophisticated tactics to take advantage of any weak spots in security. Consider the following real-life scenarios:
- Grocery: A fraudster successfully carries out a phishing attack, obtaining a victim’s credit card information. The criminal then places a small online grocery order, buying a few low-cost items, like an energy drink and a banana, using the stolen credit card. The transaction seems legitimate and the card is processed, passing through the grocer’s basic fraud checks easily. Once the order is approved, the fraudster modifies it, adds a $100 gift card to the cart and pays the difference with the same stolen card. After the in-store shopper receives the order confirmation, the fraudster contacts them via text or phone call, urgently asking them to share the gift card codes from the order. Once the fraudster has the gift card details, they drain the funds immediately. Later, they may claim they never received the gift card, leaving the grocer or delivery platform on the hook for the loss.
- Fashion: A fraud ring spins up hundreds of email accounts and sends referrals among them to cash in on a customer referral promotion offered by a luxury retailer. The fraudsters then stack promotions (the referrals, birthday promos and sales promos) and through multiple orders buy thousands of brand gift cards over months through the retailers’ third-party gift card vendor. Once the fraud ring has the gift cards, it is able to buy millions of dollars worth of inventory with them, before the luxury retailer has any meaningful way to detect the fraud or trace the buyers behind the illicit purchases.
- Gaming: A bad actor uses a skimmer on a self-service kiosk to steal credit card information. After they’ve subtly collected these details, they use them to purchase gift cards online, targeting high-value “dual-threat” gift cards — ones that can be used for multiple purposes. Once the fraudster gets the gift card codes, they typically use them to buy gaming merchandise (like Steam or PlayStation codes) and a meal (“I’ll take an extra large supreme pizza and a liter of Mountain Dew for pick-up.”) or resell them in bulk on the black market for 100% profit.
- Electronics: A fraudster acquires a list of compromised accounts from a dark web marketplace. They use automated bots to test the validity of thousands of accounts on a popular electronics retailer’s website. These bots quickly cycle through different combinations of usernames and passwords to uncover valid login credentials, bypassing manual checks and speeding up the ATO process. Once the fraudster successfully takes over an account, they avoid buying high-ticket electronics that would trigger fraud alerts. Instead, they use the account’s saved payment method or a stolen credit card to buy gift cards. This method lets the fraudster avoid immediate detection and benefit from a high return, often selling the sought-after gift cards for up to 90% of their face value.
By understanding these common fraud scenarios, merchants can better recognize fraud schemes and proactively protect their systems from fraudsters who constantly find ways to exploit weak points. Keep in mind, however, that even with heightened vigilance, the complexity of gift card fraud can make it difficult to handle, especially in cases where gift card management is outsourced.
The risks of outsourcing gift card management
Many merchants outsource their gift card programs to third-party providers or rely on outside platforms for fulfillment, thinking it will reduce their fraud risk. While outsourcing can streamline operations, it doesn’t eliminate exposure to gift card fraud. In fact, it can introduce blind spots and make it harder to detect fraud patterns.
Without strong fraud prevention measures in place or proper integration with the merchant’s fraud signals, third-party services can become a target for fraudsters. They often exploit the path of least resistance. For example, an outsourced gift card portal might be seen as a softer target compared to a merchant’s main checkout system.
This isn’t to say that merchants should avoid outsourcing altogether — many third-party gift card management providers prioritize security. However, it’s crucial for merchants to ensure that:
- The provider’s security measures are robust enough to prevent gift card fraud.
- Their own fraud signals are fully integrated with the third-party systems.
- Proactive fraud prevention measures are consistently tested, implemented and refined.
How to get (and stay) ahead of gift card fraud
Setting account age requirements. Applying account velocity controls. Limiting gift card purchases. Implementing tarpitting.
While these traditional strategies can help mitigate gift card fraud, they often create friction for legitimate customers, hurting their overall experience. And, as fraudsters continue to adapt and use more sophisticated tactics, these defenses aren’t as effective as they once were. As a result, the friction-to-reward ratio is being increasingly skewed, making it more difficult for merchants to protect themselves and consumers without sacrificing customer satisfaction or triggering false positives.
At Signifyd, we take a different approach. Rather than relying solely on static fraud signals, our AI-driven solution analyzes a broader, more nuanced set of data points to accurately assess risk.
“The scope of our network helps make more accurate decisions for good buyers and allows us to see fraud trends before they result in a loss at the merchant level.”
Vito Petruzzelli, senior risk intelligence analyst at Signifyd
Our Commerce Protection Platform leverages thousands of retailers and millions of global transaction data points to build a deep understanding of customers. It examines small details — like how quickly a shopper types on their device — and uses sophisticated fraud detection models to spot patterns that others miss. Designed to minimize false positives and safeguard revenue, our solution ensures that gift cards remain a secure option for merchants and consumers alike.
Photo by Getty Images
Looking to tackle gift card fraud? Let’s talk.
