Skip to content

Gift Cards: The Fraudster's Favorite Off-Ramp - CardsFTW #212

Plus, results of the optimizer survey

🖇️
Did someone forward this to you? Subscribe to CardsFTW today.

So Many Optimizers!

Last week, I asked CardsFTW readers how they optimize their points, and the results expose a gap the whole category should be worried about (albeit, very few of you answered, so take this with a grain of salt).

The top recognized app was Kudos (perhaps because I’m a fan and write about them frequently). There was a scattered field of CardPointers, CardRight, and Savewise; others filled out the rest. However, even though 60% of respondents said they were “expert” or “better than most,” few who answered use a tool to optimize!

When we asked what would change that, the priorities were clear: Readers want tools that track first and nag second. Tracking all their points, miles, and benefits ranked well above features that recommend a new card or push a signup, and "store my card info" landed dead last as pure table stakes.

The open-ended wishes point to where the real opportunity sits: help me spend points well, not just earn them. Redemption optimization and goal-based planning ("I want business class to Europe next year, plan my spend to get there") dominated the write-ins, followed by the dream of automatic card selection at checkout. The takeaway for anyone building in this space: the savvy crowd is watching, unimpressed by earn-side gimmicks, and waiting for someone to nail the redemption and planning experience.

Which points tools have you heard of chart
n = not enough, but interesting anyway
What features matter most in a card optimizer chart
All those coupon books mean people need help managing coupon books
Most wanted features chart
Earn: Easy. Burning: Hard

Gift Cards: The Fraudster's Favorite Off-Ramp

🕵️‍♂️
This week we’re featuring a guest post by Scott Grimes, Principal, Risk and Compliance at Totavi. Scott started his fintech career at Capital One in its early days, with stints at Target Corporation, Green Dot, and several with me at Wallaby, Bankrate, and Apto Payments. Today, Scott helps Totavi clients with fractional Chief Compliance Officer needs, AML/BSA audits, and risk and operations advisory services.

I was recently working with a client on a credit card fraud case, and when we investigated what was actually purchased, it turned out to be gift cards. Of course it was.

I've spent more than twenty years chasing this problem from almost every seat in the room: leading financial investigations for a large retailer, running fraud for a major debit card issuer, managing card programs, and, more recently, consulting with programs on where to set transaction-monitoring thresholds. If there's one product that shows up in nearly every fraud case file I've ever touched, it's gift cards. Not crypto, not wires, not even cash. Gift cards.

They don't get the headlines that account takeover or synthetic identity fraud do, but they deserve them. Gift cards have long been the preferred exit ramp for fraudulently acquired payment credentials into spendable value, and the reasons come down to three properties that most retail and payments teams still underestimate.

Liquidity: Fraud's Favorite Feature

A stolen card or card number by itself isn't worth much because it becomes a liability the moment the real account holder notices a fraudulent charge. Fraudsters want liquidity, and the fastest way to turn that card into cash is before the window of opportunity closes on a stolen card. Gift cards do just that. Someone can buy a stack of them, resell them on a secondary marketplace, and realize 90-99 cents on the dollar, often within hours and with relatively low risk. I did a quick search on eBay while writing this and found more than 5,000 active gift card listings with face values ranging from $1 to $2,200. That type of secondary market provides the ideal off-ramp for large-scale fraud.

Anonymity: No Name, No Trail

Once purchased, a gift card becomes totally decoupled from the identity of the victim whose card was stolen. There's no name, address, or traceable link back to a compromised account. The ownership is effectively "whoever holds the card number and PIN" and the chain of custody just ends. That's what makes gift cards attractive to organized fraud rings, not just opportunistic individuals.

Ubiquity: Gift Cards Are Everywhere, By Design

Gift cards are sold at grocery stores, drugstores, gas stations, and big-box retailers, frequently with minimal verification and, for open-loop network-branded cards, spending power that rivals a real credit line. Fraudsters just need to walk into any of a few hundred thousand retail locations, or better yet, click a few buttons online, and they've converted risk into a liquid asset. The barriers and effort here are only decreasing. Stolen virtual or instant-issue credit card numbers can be provisioned straight into a digital wallet, then used to buy an e-gift card, which will be delivered by email in seconds. No plastic, no store visit, no clerk to notice anything on either end of the transaction.

Put Those Three Together

Liquidity, anonymity, and ubiquity are three related problems that compound. A product that's easy to buy anywhere, hard to trace, and easy to resell near face value is close to the ideal instrument for monetizing stolen payment credentials. This is also why gift cards show up constantly in scam scripts. "Go buy gift cards and read me the numbers" is the closing move of many romance, IRS impersonation, and tech support scams, because it is fast, anonymous, and hard to claw back.

So What Should Card Programs Actually Do?

This is the part that tends to get oversimplified into "just decline gift card purchases," which doesn't work. Most gift card transactions are grandparents buying birthday presents or people grabbing a Starbucks card on the way out the door. My nieces and nephews are no strangers to receiving these on birthdays and holidays. Blunt-force blocking creates false positives and frustrates good customers over a category that's socially normal and seasonal.

The real work is understanding what normal gift card behavior looks like for a given cardholder and portfolio, so the behavior that doesn't fit stands out. A few signals that separate normal gift card purchasing from fraud:

  • Denomination, quantity, and velocity. Multiple max-denomination cards in one transaction, or purchases spread rapidly across several merchants to stay under any single limit look very different from one card bought once a quarter. Model expected spend patterns and track transaction velocity across merchants, not only at a single merchant.
  • Gift cards as a first move, or a break from history. A gift card purchase as the very first transaction on a new account is one of the strongest risk indicators. The risk signal becomes even stronger when these transactions occur alongside other new-account or account-change indicators. Examples include a request for rush shipping or the recent addition of a digital wallet to the account.
  • Digital and virtual issuance channels. Virtual card numbers and instant-issue credit cards, combined with e-gift cards, remove every physical-world control. Transactions exhibiting these characteristics should be subject to more stringent monitoring and risk thresholds than comparable in-store purchases.

None of these should be a hard rule that auto-declines. They are inputs into a model or layered thresholds that raise a transaction's risk score, so normal customers sail through, and outliers get a step-up challenge, a hold, or a review.

The Bottom Line

Gift cards aren't going anywhere, and honestly, they shouldn't because they're good business and a fine product. However, as long as they remain the most liquid, anonymous, and available way to convert stolen payment credentials into spendable value, they'll keep showing up at the center of fraud investigations. The programs that get ahead of it aren't the ones blocking gift card purchases outright. They're the ones that have actually taken the time to model what normal looks like for their own customer base, so abnormal is easy to spot.

I'd love to hear from anyone else who's spent time in the trenches on this — especially if you've built detection models around gift card velocity or resale patterns. Always happy to compare notes.

🙏
CardsFTW is made possible in part by our paid subscribers. If you’re one of them, thank you. If you’re not, please consider supporting CardsFTW (who knows, maybe you can expense it!)

CardsFTW

CardsFTW, released weekly on Wednesdays, offers insights and analysis on new credit and debit card industry products for consumers and providers. CardsFTW is authored and published by Matthew Goldman and the team at Totavi, a boutique consulting firm specializing in fintech product management & marketing. We bring real operational experience that varies from the earliest days of a startup to high-growth phases and public company leadership. Visit www.totavi.com to learn more.

Interested in reaching our audience? You can sponsor CardsFTW.

Subscribe to CardsFTW

Don’t miss out on the latest posts. Sign up now to get access to the library of members-only posts.
[email protected]
Subscribe
Start typing to search...