Gift cards are growing in popularity. They’re perfect for that loved one that’s impossible to shop for. For merchants, they’re money in the bank; they can be used for promotions, or to reward loyalty, and they’re often never redeemed. They are a $200billion market annually. Deloitte’s 2020 holiday survey found them to be the single most wanted gift item among consumers. But guess who else likes them: fraudsters. With another holiday in the books, merchants should be weary of the various scams and fraud perpetrated with gift cards.

They may be intended for the act of giving, but gift cards are also the de facto online currency for fraud. They can be as anonymous as cash in eCommerce transactions and can change hands without being tied to bank accounts. They are fast becoming the preferred payment method for scammers; they’ll swindle their victims into sending gift cards rather than other more traceable payments. They are also the leading currency for prison black markets, where cards can be loaded and combined to function as merchant accounts for cons selling contraband.


Crooks love them, so merchants that use them should be especially vigilant against gift card fraud. The cardholder is not the only target for these schemes either. The databases that manage these cards are essentially bank accounts, and ideal targets to hack if they have poor security relative to other financial targets. Fraudsters also use merchants to launder stolen credit cards into cash.

Some common exploits include:

  • Buying with stolen credit cards
  • When fraudsters obtain a working stolen card, they’re in a race against time to use it, before its theft is detected. If a credit card is canceled from fraud, any gift cards purchased with it will still hold value. A fraudster can resell the card or redeem it well after the purchasing card is blocked.

  • Refund fraud
  • Refund fraud is a more circuitous version of stolen card fraud. The fraudster purchases an item, but then cancels and requests the credit in gift cards. They’re trying to cover their tracks by transferring the funds from a stolen card into an anonymous gift card.

  • Account takeover
  • Rather than stealing a credit card, the fraudster can hack into your customer’s account and purchase gift cards or redeem loyalty points.

  • Breaches
  • Hackers can break into your gift card management system using malware, brute force or social engineering and steal card numbers and activation codes. These hacks can be ruinous if your data is not adequately encrypted.


Merchants should have good tracking and good security with gift cards. Crooks love these cards because they can be as anonymous as cash online. The more you do to prevent fraudulent activity, the less attractive your cards become for scams.

  • Keep the card value fixed if possible; reloadable cards can become a bank account for bad actors.
  • Tie gift cards to the credit or debit cards that purchase them. Then, if you get a chargeback on that purchase, you can prevent losing any merchandise.
  • Do not refund transactions with gift cards.
  • Watch out for your cards on secondary markets. This is symptomatic of fraudulent activity somewhere in your supply chain.
  • Secure all gift card data — use encryption.
  • Keep card management applications and databases updated.


Gift card purchases are an indicator of loyalty. Recipients are usually frequent customers. These are the kind of customers you want to preserve, and a negative experience can sour the relationship. Just as you would protect your customers’ privacy and data in purchases, their information pertaining to their cards should equally be protected.

Additional steps you can take to protect consumers include:

  • Educating your customers about scams and how to prevent them.
  • Ensuring customers can only redeem cards directly from you.
  • Selling cards directly to consumers only, minimize resellers and bulk purchases.
  • Requiring pin codes & enable recipients to change them.


Gift cards are a hit with consumers and merchants alike, but they are also popular with crooks. Just as credit and debit cards can be compromised by fraud, account takeovers and breaches, these gifts are also targets for abuse. Merchants need to be aware of this and manage their programs securely.

Merchants can get a leg up in protecting their card programs when they restrict the ability to “anonymize” the cards. Controlling their distribution, tracking them, and restricting their use to purchases only are some basic steps that can help prevent gift card fraud. Merchants should also do their best to protect their consumers from scams, as those consumers are often your most valued customers.