The growing threat of bot-based gift card fraud

With Black Friday arriving on 27 November, many consumers are already planning their shopping sprees to get the best deals ahead of the Christmas season. And millions more will be rushing to get their hands on bargains on the day itself.

But with the increased popularity of digital gift cards for making online purchases, there is a growing threat that shoppers and e-commerce businesses need to be wary of: gift card fraud.

Gift card fraud

This bot-based type of attack comes in two forms: gift card cracking and account takeover. Both rely on batches of stolen account usernames and passwords that malicious actors use to launch distributed attacks through multiple proxies or IP addresses. 

Gift card cracking involves automated bots guessing millions of combinations of digits, usually based on known gift card numbers. Once the bots gain access, criminals can check balances and empty the cards by purchasing items or transferring funds to other cards.

Attacks via account takeover deploy bots to take unauthorised ownership of online accounts using stolen usernames and passwords. Criminals then gain credentials to a credit card or loyalty rewards programme and try to redeem the victim’s points for gift cards and cash, using online gift card exchange services.

Once a bot has confirmed that a stolen account works and isn’t blocked by a retailer or website, it then uses an existing gift card balance or buys new gift cards using the account information.

The growing trend of malicious bot activity

More purchases will likely be made online this holiday season as people stay away from physical shops due to the pandemic. That trend is expected to fuel a further increase in these bot-driven types of fraud. 

There has been an 820% increase in digital gift card fraud since March 2020, according to cyber security firm PerimeterX. And experts predict gift card fraud will be worth $600 billion by 2026, up from $381 billion in 2020. 

When you consider a post-holiday spending report by Blackhawk Network – which found that close to 20% of US holiday gift card sales in 2019 came from digital gift cards – you can see the attraction for cybercriminals. 

In addition, this type of fraud doesn’t require bank accounts or traceable fund transfers. And it’s hard to detect, due to the botnets being highly distributed and using multiple IP addresses and different devices. The large number of IP addresses also helps criminals bypass bot protection methods, such as CAPTCHA.

How to avoid gift card fraud

Many companies – Adidas, Amazon, Apple, Google, McDonalds, Nike and Starbucks, to name a few – have already spent huge amounts of money to investigate incidents related to gift card theft. 

But e-commerce players can take additional steps to reduce the risk of gift card fraud. This includes creating complex card numbers, which reduces the chance of numbers being correctly guessed. Another strategy is to pay closer attention to advanced automated threats by monitoring application traffic patterns on digital gift card pages.

E-commerce businesses can also deploy technology specifically designed to combat bot-based threats.

Variti’s comprehensive bot protection solutions overcome the issue of multiple IP addresses by blocking malicious automated requests, rather than blocking IP addresses. We also provide real-time protection to stop fraudsters in their tracks by tracking patterns rather than collecting data.

 

To understand more about how automated attacks can affect your business and how Variti solutions can help you combat them, get in touch today. To reach us, just fill in the form at the bottom of the page or visit www.variti.com

Recent Articles

Why Buyagift Chose Variti

In December 2019 Variti announced being chosen by Buyagift (part of Smartbox Group) to protect...

Variti chosen as part of UK’s government cyber security programme

Variti is proud to announce that the London Office for Rapid Cybersecurity Advancement (LORCA)...

The e-commerce cyber threats to watch out for in 2021

With pandemic-related restrictions still in place, it’s likely that 2021 will be another bumper...