For many years, gift cards have been ultra-popular for both shoppers and thieves. As mobile domination has soared, the convenience of gift cards — for both sides — has grown right along with it. In an attempt to fight theft, some retailers have started to crack down on how gift cards are purchased. This move is ultimately self-defeating, if not outright suicidal. The thieves will find other tactics and the shoppers will shop elsewhere. Congrats, retailers: You'll have succeeded in becoming less popular for all.
Let's start with the problem. When a bad guy steals a physical payment card (or enough card details to complete purchases), he or she knows the clock is ticking. If it's a physical card, the thief can only use that card until the customer discovers the theft and alerts the bank, which will immediately shut down the card. In a physical theft, Thieves never really know if they have minutes or hours left to use the card. If they have stolen the card details only, the clock starts from the moment of the first fraudulent use of the card. And it ends when the customer is alerted to a problematic transaction.
What thieves often do is take advantage of a technology hole with most retailers. That hole is that the specific identifying numbers of gift cards are not always tied to the card that made the purchase. In other words, when a bank shuts down credit or debit card 123456, there is usually not an automatic way to instantly shut down any gift cards recently purchased by payment card 123456. Therefore, thieves like to take stolen cards/stolen card credentials and immediately purchase as many gift cards as they can. In effect, that extends how much time they have to use the gift cards to purchase merchandise that they quickly monetize through pawn shops, eBay or even street sales.
The proper fix for this problem is to close the loop. Make sure that every purchase of a gift card includes the serial number of that card, so that a canceled payment card can almost instantly cancel all recently purchased gift cards.
But the retail industry has opted for a different way. Instead of universally fixing the hole, they have opted to make it harder for legitimate shoppers to purchase gift cards.
A key motivator for this change is the liability shift, where retailers who have not completed the move to EMV have to accept more fraud liabilities. Given that gift cards do not use EMV (at least not yet), the fraud costs for those are also being covered by not-yet-EMV-embracing retailers.
"Some merchants are requiring that customers buy the cards with cash or asking that they show identification. Others have cut back to smaller denominations, put limits on repeat purchases or stopped selling certain cards altogether, according to people who are familiar with the stores’ policies. The restrictions are putting a crimp on an increasingly popular form of plastic, not only among gift-givers, but also among shoppers — in stores and online — looking to rack up loyalty points by using a credit card," noted The Wall Street Journal. "Kroger is in the midst of upgrading its checkout equipment to accept chip cards and expects to complete the overhaul by the end of the month. To ward off thieves, the grocer is limiting the number of gift-card purchases that are made on a credit card within a 24-hour period, said Chris Hjelm, the chain’s chief information officer."
A store-specific gift card is a gift from the retail gods. It replaces the $20 bill stuffed into a birthday card with a card that can only be spent at fill-in-the-blank retailer. Cutting back on the size of these cards, limiting repeat purchases or halting gift card sales are all terrible ideas.
If the retailer doesn't feel like linking card IDs to purchases — which is potentially the best long-term answer — what about asking for additional identification on gift cards? That would address the fraud fears without making the cards more difficult to sell.
This article is published as part of the IDG Contributor Network. Want to Join?