By Sam Crowther, CEO and Founder, Kasada
Pundits are saying that all the Whos in Whoville will have a tough time purchasing gifts this holiday season, and the culprit this time around is a clogged-up supply chain. This is causing many to turn to giving gift cards instead of specific items—a trend that has attracted fraudsters and cybercriminals, all auditioning to play the role of the Grinch this holiday season.
The Everything Shortage
Last season, Grinches armed with the latest bots ruined the holidays for many by purchasing multiple quantities of the new PS5, XBox and other hot gifts, and then reselling them at a markup, forcing gift-givers to make a difficult decision—pay an exorbitant amount, or go without.
This year, the situation is even worse as there is currently an “everything shortage” due to the global supply chain issues. This shortage of goods has driven bot users to scoop up what in-demand items there were remaining in stock. Gift cards are being purchased at a higher rate than ever before, as they can serve as a stopgap for consumers who encounter empty shelves.
Bot operators have recognized this trend and have extended their efforts to steal gift card codes and offer as many for sale as possible on the secondary market. Even before 2021, digital gift card fraud represented a $950 million annual loss to the industry. Now, with gift cards in the national focus, this is expected to be even worse.
A Bit About Bots
If you’re not immediately familiar with this variety of bots, they’re specialized software that can scan websites to determine the exact moment an in-demand item is available and purchase it before any human can. Often referred to as “scalper” or “sneaker” bots, they’re the reason the highly lucrative sneaker resale industry even exists today, or that ticket resellers can skip the digital line for in-demand live events and end up with numerous pairs of tickets. Bots automate the process and create an unfair advantage whenever demand exceeds supply, allowing users to profit on the resale.
Bot-driven purchasing has dramatically increased since the start of the pandemic. Many of those who found themselves out of work turned to the resale industry to replace their income. Bots are cheap and easy to find, use, and profit from. They’re highly sophisticated and effective, especially when used at scale.
Bots become especially problematic during the holidays as there are so many ways they can be exploited to get in-demand hype goods—or for more dodgy activities like stealing credit cards, gift cards, rewards points, and other acts of online fraud. Which brings us back to this year’s holiday season.
Gift Card Fraud on the Rise
The way gift card fraud works is that cybercriminals use bots to test millions of combinations of digits to identify active gift cards that hold values of various amounts. When a valid gift card is identified, there are three ways that they can be used: by quickly purchasing an item, by transferring funds to another gift card, or by selling stolen cards to users at a discount. More often than not, the stolen cards are already spent before the physical cards the numbers came from are ever given as a gift. This year, this could result in a major headache for retailers who are faced with cases where consumers are trying to use gift cards that had already been drained of their value months ago by fraudsters. They’re then faced with the decision to gift the consumer the value of the card anyway, or to try and explain that they’ve been the victim of fraud and potentially lose their business for good.
Recent research from the cybersecurity research team at Kasada found that automated gift card balance lookups have increased 4x over the past two months leading into the holidays. This is a key indicator that bad actors are using bots to identify and steal gift card balances.
There’s another trend increasing this holiday season, related to the third use of stolen gift cards that was mentioned above: the resale of the cards at a discount. As demand for gift cards rises, fraudulent websites—purporting to be resellers of discounted gift cards—have been launched on the open internet. This activity was usually “behind closed doors,” not where regular consumers could find the sites. But the demand and chance to make profits this year have pushed gift card fraud right out into the open.
If they’re legit gift cards for sale on these sites, then they may have been bought using stolen credit cards or already had their gift card numbers sold or used. The bottom line is that because this level of fraud has transitioned from the Dark Web to websites easily found on public browsers, consumers will have an even harder time discerning which are legitimate cards and which are not. As a result, even the most well-intentioned consumer could end up as a victim of gift card fraud.
What Retailers Should Do
There are a few key things that retailers should do immediately to help cut down on gift card fraud: analyze your risk, remove the bots that can cause harm, pay attention to the customer experience, and help to educate others about the problem.
- Analyze Your Risk: What do you sell that might be in demand this holiday season? Can your checkout experience be easily abused? Have you seen an increase in gift card activity? Have there been any anomalies already detected, such as consumers trying to use cards that were already depleted?
- Remove Bots from Your Traffic: How can you accurately distinguish bad bots from legitimate traffic? Could you sell more if you knew for certain what your human traffic vs. bot traffic was during spikes? The goal is to identify and prevent bots from gaining access to your sites. Once they’re in, the damage is done. The problem is, bot operators are very good at disguising themselves as humans. Retailers must take on the task of using the latest technology solutions to prevent bot traffic, instead of forcing humans to confirm their identities.
- Protect Your Customer Experience: Would you improve your conversion rates if you were able to eliminate CAPTCHAs? How can you use technology to help ensure your products can be purchased by legitimate customers, not fraudsters looking to make a profit? All retailers want to provide an excellent customer experience. The problem often occurs when trying to balance security protection with that experience. Whatever approach you take to stopping bots, be sure that you’re not adding unneeded friction to the customer experience, or you’ll have a whole different problem to solve.
- Educate Consumers: The problems of online gift card fraud is accelerating and many consumers may not know it’s even a possibility. Unsuspecting gift givers may think they found a great deal. Educating consumers about the issue may make them think twice about buying from a sketchy website with deals that seem too good to be true. To defeat this type of fraud, consumers will have to play a role.
Don’t Let Bots Steal the Holidays
The Grinch’s heart may have grown three sizes that day, causing him to undo the holiday theft he had been a part of. It’s unlikely that bot operators will suddenly have a dramatic change of heart like this, so it’s up to retailers to use a combination of technology and education to stop these Grinches in their tracks.