Gift Card Fraud
What is Gift Card Fraud?
Gift Card FraudFraudulent purchase, draining or laundering of retail gift cards — a near-irreversible payment instrument that has become a favourite of scammers and BEC operators.
Gift card fraud abuses store and brand gift cards (Amazon, Apple, Steam, Google Play, Walmart, Target). Common typologies are: BEC and tech-support scams that pressure victims to buy gift cards and read the codes; rack tampering, where attackers peel and copy the barcodes/PINs of in-store cards then watch balance APIs for activation; card-draining marketplaces that resell freshly stolen codes at 60-80% face value; carding-driven purchases of gift cards using stolen credit cards as quick laundering; and refund/return fraud against retailer policies. The U.S. FTC reports gift cards are the number-one payment method in impersonation scams. Defences: PIN-under-scratch designs, transaction monitoring of bulk purchases, retailer KYC on resellers, customer awareness ('no agency asks for gift cards') and refund-policy hardening.
● Examples
- 01
Scammer impersonating the IRS instructs a victim to buy 5 000 USD of Apple gift cards.
- 02
Crew tampers with rack-displayed Amazon gift cards and drains them via an automated balance checker.
● Frequently asked questions
What is Gift Card Fraud?
Fraudulent purchase, draining or laundering of retail gift cards — a near-irreversible payment instrument that has become a favourite of scammers and BEC operators. It belongs to the Attacks & Threats category of cybersecurity.
What does Gift Card Fraud mean?
Fraudulent purchase, draining or laundering of retail gift cards — a near-irreversible payment instrument that has become a favourite of scammers and BEC operators.
How does Gift Card Fraud work?
Gift card fraud abuses store and brand gift cards (Amazon, Apple, Steam, Google Play, Walmart, Target). Common typologies are: BEC and tech-support scams that pressure victims to buy gift cards and read the codes; rack tampering, where attackers peel and copy the barcodes/PINs of in-store cards then watch balance APIs for activation; card-draining marketplaces that resell freshly stolen codes at 60-80% face value; carding-driven purchases of gift cards using stolen credit cards as quick laundering; and refund/return fraud against retailer policies. The U.S. FTC reports gift cards are the number-one payment method in impersonation scams. Defences: PIN-under-scratch designs, transaction monitoring of bulk purchases, retailer KYC on resellers, customer awareness ('no agency asks for gift cards') and refund-policy hardening.
How do you defend against Gift Card Fraud?
Defences for Gift Card Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Gift Card Fraud?
Common alternative names include: Gift card scam, Gift card draining.
● Related terms
- attacks№ 804
Payment Fraud
Any deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
- attacks№ 234
Credit Card Fraud
Unauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- attacks№ 1205
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.