Already needing to contend with unusual supply, transportation, and labor challenges this holiday season, retailers will also face the annual uptick in theft and fraud, according to industry experts.
“The holidays are unfortunately a time when criminal activity in retail environments reaches an annual peak,” warns Melissa Mack, director at Pinkerton, a global provider of security and risk advisory solutions. Mack says that while isolated incidents of theft and fraud add up, organized retail crime (ORC) is a foremost risk, comprising a significant percentage of criminal and fraudulent activity.
The sophistication of ORC organizations makes them particularly harmful. “They often collude to hit multiple stores at the same time or mobilize multiple bad actors in one store at the same time, with tactics designed to steal large amounts of products in a relatively short time.”
A troublesome trend is the continuing expansion of ORC activity beyond product theft. “ORC has often been thought of as trafficking primarily in stolen merchandise—physical products taken from stores, storage facilities, or trucks, and sold illicitly, often for pennies on the dollar,” Mack explained. “In recent years, however, there has been a significant spike in crimes involving e-commerce, with gift card fraud emerging as an especially problematic and damaging area of concern.”
Data from the 2020 holiday season highlights the risk. Collected by Cyberint, the number of stolen credit card user credentials for sale on the Dark Web increased by 186 percent, and the number of fake credit cards and payment methods for sale rose 290 percent above normal traffic.
Mack told LP Magazine that multiple factors are contributing to the trend of ORC embracing cybercrime:
- The advent of chip-and-pin functionality on credit cards has helped curb credit card fraud that involved reprogramming the magnetic strip on credit cards, but has helped push criminals into the e-commerce space, where all that is needed to purchase items or gift cards illegally is credit card information and personal data that is commonly bought and sold in certain corners of the Dark Web by hackers and other bad actors.
- The financial calculus around reselling gift cards is much more appealing than with physical merchandise. Unlike stolen items that might sell to fence for 20 to 30 percent of the value of the item, gift cards can be sold online for often 70 to 80 percent of their dollar value.
Retailers’ losses can add up quickly. “Unless the retailer has a preexisting agreement with individual banks or credit card companies, they are responsible for e-commerce chargebacks—and any money lost because of a chargeback is a direct hit to the bottom line,” said Mack.
What Should Retailers Look For?
“Around the holidays, one of the most popular and most damaging schemes you’ll see is ORC-affiliated individuals targeting stores with large gift card displays,” Mack said. “They start by removing large numbers of blank or not-yet-activated cards and walking out with them—an activity that is surprisingly low risk, given that state laws vary and that gift cards technically have no value until they are activated. After carefully opening the card and recording the card number and pin, they then reseal the card to look like it has not been tampered with and actually return the compromised card to the store. Once the card has been activated/purchased, they can use the information they recorded to make fraudulent purchases. While some retailers have responded by implementing measures like automatically invalidating any card where the balance is checked prior to activation, ORC organizations have recognized that the surge in gift card purchases around the holidays makes this kind of fraud harder to detect and easier to get away with.”
This type of gift card fraud isn’t just a financial hit for stores, according to Mack, but also a reputational one. “Stores often find themselves face to face with dissatisfied customers, upset because the card they purchased for themselves or as a gift has a zero balance.”
Mack says ORC groups are perpetrating another type of fraud that involves calling vulnerable populations—the elderly, primarily, but also Millennials who are surprisingly vulnerable and statistically well-represented among victims—and conducting phone scams that involve asking the victim to purchase one or more gift cards and provide them with the information.
An LP To-Do List
Experienced loss prevention professionals are aware of the dangers of gift card fraud, and the efforts that retailers and their security partners have taken to combat this activity. So, the question becomes: What can be done? What are the most effective tactical solutions for LP pros to help retailers bolster their efforts during the holiday season—and beyond—to mitigate risk and minimize gift card fraud? Pinkerton’s Melissa Mack shared her list:
Don’t get complacent. Everyone recognizes that the volume of gift cards being purchased will be much higher than at any other time of the year. But in-store employees need to be well-trained about what to look for (a process that should start well before the holiday rush) and encouraged to speak up and alert security professionals if they see or suspect anything suspicious.
Have a plan. Come up with a specific plan to mitigate gift card fraud — one element of which should be to not neglect gift cards in regular loss prevention reviews. Inspect samples of cards from the front and back of the rack and know what to look for in terms of tampering. Have a plan to respond to/reimburse customers who have been harmed.
Identify patterns. Watch for a spike in numbers of people coming in and complaining about gift card issues. Conduct interviews and log complaints and purchase data so loss prevention can identify patterns and isolate when to look at CCTV footage for potential thefts.
Cover your bases. Make sure you have good camera coverage of larger endcaps and gift card stations.
Talk the talk. Stores with multiple locations need to communicate about potential issues, and loss prevention professionals need to be in constant communication with store management to enable them to make informed and strategic decisions about when and whether to take drastic measures like pulling potentially compromised cards from the shelves.