When organizations distribute virtual or physical gift cards to consumers, they are issuing payments. Just like all other financial transactions, rewards payments are prime targets for fraudsters. That places the onus on fintech companies developing solutions to make the payment process more efficient to also ensure the security of those transactions.
The threat fraudsters present is significant and growing. Forbes reports that in the first nine months of 2021, nearly 40,000 consumers lost $148 million in gift card scams, more than the $125.3 million stolen in all of 2020. Not only are instances of theft on the rise, but so are the amounts of money consumers are losing. According to the Federal Trade Commission, the median amount a victim lost to a gift card scammer in 2018 was $700. Last year it was $1,000.
Thieves use a wide variety of tactics to target consumers. For example, a bad actor posing as their target’s boss sends an urgent text message or email instructing them to buy gift cards for a client, and reply to the message with the gift card number and security code. As soon as they comply, the scammer can access those funds.
Criminals not only target consumers, they will also try to trick companies issuing rewards to consumers in return for activities like trying a new product, joining a loyalty program, or participating in market research. An increasingly common tactic is deploying bots — software applications that perform automated tasks online — that instantly submit hundreds or thousands of fake identities to the company’s payments issuance system. If the system does not include identification verification technologies like multi-factor authentication (MFA), it will fail to discern which recipients are legitimate or fraudulent.
Deploying MFA is table stakes for hardening the security of any payments issuance system. It enables you to add extra layers of security such as inserting challenge questions into the reward redemption process, and verifies a recipient’s identity without the need for collecting personally identifiable information (PII) like social security numbers or home addresses.
The Virtual Incentives API interfaces with the financial systems of dozens of countries, employing security technologies and best practices such as MFA, IP blocking, and password rules to ensure rewards are delivered to the right person every time. Our API enables you to block email addresses and values you send in user defined fields by timeframes and reward count and set parameters on a client level or program level to ensure rewards are always delivered to legitimate recipients. It also provides real time reporting on the precise date and timestamp of when it blocks a reward payment.
Do not underestimate the threat fraud presents to your reward payments issuance programs. The criminals are highly motivated and their tactics are becoming increasingly sophisticated and effective.
Follow this link to learn more about how we can help you thwart fraudsters and build trust in your brand.