Pre-paid and Gift Card Fraud in a Post-EMV World

by Christopher Uriarte 0

The US card market has been eagerly awaiting the pendingmigration to EMV chip cards for some time. Although their proliferation and regulatedliability shifts are just around the corner, the message to card issuers andmerchants is simple: If you can’t support EMV chip cards, get ready to pay forfraud.

As issuers, acquirers, terminal manufacturers and brick-and-mortarretailers scramble to put EMV-compatible solutions in place, one of the majorimpacts associated with EMV’s deployment doesn’t affect any of those players atall. While EMV will most certainly squeeze out fraud from lost, stolen andcounterfeit cards in the card-present space, history tells us that manyfraudsters will quickly shift their focus from in-store channels to online,card-not-present (CNP) channels.

This has been the case in nearly all mature card marketsthat have implemented EMV in the past 10 years. For example, CNP fraud in theUK jumped from approximately 30% to 60% of total fraud value in the yearfollowing that country’s EMV rollout. Based on the historical data, the USshould see a significant increase in the value of card-not-present fraud as EMVgains greater acceptance in the coming years.

A closer analysis of these trends reveals sub-segments ofcard-not-present retail channels that will be particularly vulnerable. Theseinclude online gift card and electronic gifting products — prime targets thatwill be “top of mind” for fraudsters with a new focus on CNP attacks. Toprotect sensitive consumer data (as well as brand reputation), merchants needto approach the EMV evolution with a fresh perspective on managing risk andfraud among their most susceptible, fraud-prone payment channels.

The quickly-accessible and quasi-cash nature of gift cardproducts is so attractive to the consumer that online gift card sales havebecome the top selling product at popular online retailers including Walmartand Macy’s. But the growth of these products has also created an interestingconundrum for merchants: Gift cards sold through online channels are also typicallytheir most fraud-prone products. Retailers have the peculiar challenge ofensuring that their best selling product is delivered to good customers whilethwarting the constant attack from fraudsters across that very same productline. This has proved immensely difficult and has resulted in increased fraud losses,legitimate customer denials, slow fulfillment cycles, and expensive manualreview processes.

Adding to the difficulty of the e-gifting environment is agrowing consumer shift from purchasing plastic gift cards to purchasinge-gifting products that are delivered via email or mobile application.According to CEB Tower Group, this segment of gift card sales was barely evennoticeable when compared to industry-wide sales in 2012. Given their increasedpopularity, the gift card segment is growing quickly and will account fornearly $10 billion in sales between all online and offline channels by2016.

Electronic gifting products are becoming a critical offeringthat helps satisfy consumer demand for an instant-delivery product that can be“shipped” to anyone around the world in seconds. But the convenience ofe-gifting products also introduces a number of critical challenges and risksbecause the consumer expects them to be delivered within minutes. Whilephysical goods retailers often have hours or days to determine if an onlinetransaction is fraudulent, most decisions about e-gifting transactions must bemade in real-time.

Merchants often begin to attack the problem of e-giftingfraud by using standard tools, technologies, and techniques that are alsoapplied to the typical “shopping cart” full of goods from their regular productportfolio. But the on-demand delivery of digital goods creates an entirely newset of demands for fraud teams. While their standard tools often serve as agood basis for fighting payments fraud in the e-gifting space, they need to beadjusted to accommodate the unique nature of e-gifting products.

Merchants must grapple with the fact that critical orderattributes — such as a physical shipping address — may not be available. Inaddition, the electronic, real-time nature of these products means that riskmanagement decisions must be made in minutes and fulfillment should be executedas quickly as possible in order to provide a positive customer experience.Recent statistics from InComm Digital Solutions, a leading e-gifting programmanager, demonstrate that the largest spikes in e-gifting purchases occur fromlast-minute shoppers on the mornings of major holidays, such as Christmas,Mother’s Day, and Father’s Day. In other words, placing e-gifting transactionsin an hours-long manual review queue may just ruin Christmas morning for some.

So how do merchants effectively manage risk for the onlinesale of e-gifting products? First and foremost, they must ensure their currentfraud tools provide the capabilities to segment e-gifting products from other(physical) items in the shopping cart and then execute unique fraud strategiesfor these products. Many retailers may choose to modify in-house fraud preventionsolutions or collaborate with third-party fraud prevention platform providersto implement this practice. They also have the ability to choose a gift cardprogram manager who provides bundled services and expertise that help mitigategift card fraud. Beyond this, retailers have recently gained the option to workwith a specialized third-party payments services provider who has the abilityto manage risk and even completely indemnify the merchant from any fraudlosses. This ensures conversion and payment while providing customers with africtionless shopping experience.

Finally, merchants should realize that there is value indata from all parts of the gift card lifecycle. Was the e-gift card purchasedwith a New York billing address, but delivered and picked up by someone sittingat a computer in Russia? Are there excessive balance checks or small “test”transactions being used on cards? Monitoring abnormal behavior beyond just thepayment transaction can help provide clues as to whether a gift card has beenfraudulently acquired.

As the deadline for EMV approaches, retailers of digitalgoods would be wise to plan ahead for an increase in CNP fraud activity. Thisshould begin with an assessment of current payment risk profiles and a mappingof vulnerabilities in areas of fraud monetization. With that knowledge in hand,they can develop and implement a prevention strategy grounded in theappropriate tools and services required. Most importantly, they will need tocontinually reassess operations and develop improvements to stay ahead of the fraudsters.

About Chris Uriarte

Chris Uriarte leads the company’s development of global paymentsproducts and services. He joined Vesta from American Express, where he servedas the Vice President and Head of International Operations and Implementations,overseeing major investments in Asia, Europe and Latin America. While at American Express, he received a number of awards and accolades,including the Chairman’s Award for Excellence and the Amex Pinnacle President’sAward. Prior to Amex, Chris spent 11 years as the Chief Technology Officer atRetail Decisions (ReD), a global leader in payment services and fraudprevention. While at ReD, he oversaw the company’s product, research, developmentand strategy efforts, which grew to over 19 billion payment card transactionsprocessed annually for the world’s largest banks and retailers. Chris has received several industry recognitions, including theInfoWorld Magazine CTO 25 Award, awarded annually to the top 25 most innovativetechnology executives in the country. He has presented at numerous payments,fraud and technology conferences, and has served on the boards of severalindustry trade organizations.