Instead of shopping at retail stores for gifts this year, many consumers are choosing to give gift cards instead due to how easy they are to purchase and send to family and friends.
However, the cybersecurity firm PerimeterX has observed spikes in carding attacks and gift card scams during every holiday so far this year which means that gift cards may not be the best gift this holiday season as they could put the security of recipients at risk online.
Based on the firm’s analysis, every major holiday is now a gift card hacking day for scammers aiming to make money through gift card hacks on shoppers. This makes sense as hackers often go where the money is and this year online gift card sales have risen significantly.
According to InComm’s 2020 Consumer Pulse: Gift Cards Report, online purchases of gift cards more than doubled during the first half of 2020 versus the same period last year. In addition to avoiding large retail chains and malls during the pandemic, those who purchased gift cards for others did so in part because the cards can be sent and received immediately with far less hassle.
Cashing in digital gift cards
One of the main reasons hackers love to steal online gift cards and gift card balances is because their security is far less comprehensive than credit cards. As checking a gift card’s balance can be tedious, recipients are less likely to notice changes to the amount of funds stored on their cards. At the same time, unactivated gift cards have far less stringent security measures in place and gift card pin numbers are often quite easy to guess.
According to a new blog post from threat intelligence researcher at PerimeterX Yossi Barkshtein, hackers use stolen gift card balances for purchases or to additional egift cards to sell on secondary markets. They also convert gift cards into cash on dedicated platforms or sell a validated password/username pair for a card holder for up to $45 on the Dark Web.
PerimeterX estimates that the market for stolen gift cards and theft using unauthorized digital gift cards is now into the billions of dollars each year. In fact, there are even organized web marketplaces on the Dark Web where sellers can upload stolen gift cards and buyers can purchase them for big discounts when compared to the card’s actual value.
In order to block gift card attacks this holiday, PerimeterX recommends that retailers randomly generate e-gift card numbers, closely monitor application traffic patterns on gift card related pages, adopt newer types of challenges to replace CAPTCHA and implement machine learning systems capable of identifying granular behavior patterns and more accurately distinguish bots from real visitors.