prepaid card fraud

Prepaid Card Fraud: How Your Business Can Resolve and Mitigate Malicious Activity

Justin Calderon

Justin Calderon

14 min

About 41,632 cases of prepaid card fraud and gift card fraud were reported in the US alone in 2023, according to the Federal Trade Commission (FTC). A sum of $217 million was lost across all these cases. 

Though prepaid card and gift card fraud is still less frequent than traditional debit card, credit card, wire transfer, and cryptocurrency fraud, it is growing in volume.

In 2019, 38,000 cases were reported and $103 million was lost. That’s a 9.5% increase in the number of cases and a whopping 100.7% increase in the amount lost between 2019 and 2023. 

This does not even include fraudulent e-commerce chargebacks that prepaid card and gift card sellers face from scammers and customers alike. Data from Clearly Payments, a payment processor, shows that this makes up 34% of all e-commerce chargebacks.

Source: Clearly Payments

One conclusion is that prepaid card fraud is becoming more popular, which means the sellers and issuers of prepaid cards or gift cards must be on alert. 

In this article, we will help you understand the nature of prepaid card fraud and then outline how you can resolve and mitigate it. We’ll cover:  

  1. What is a prepaid card? Pursuing clarity
  2. Types of prepaid card fraud
  3. How to resolve prepaid card fraud
  4. E-commerce chargebacks: Additional risks for prepaid card sellers
  5. How to prevent prepaid card fraud and e-commerce chargebacks

[Do you want a gift card API that will help you send verified and authentic gift cards securely across the globe? Sign up for Reloadly to start creating your gift card programs.]

1. What is a prepaid card? Pursuing clarity

A prepaid card is a card that can be loaded with a specific amount of money which can be withdrawn at an ATM or used to purchase goods and services both online and offline. 

When the balance is exhausted, users can reload the card online or through an ATM. 

Below is an example of a prepaid card:

Source: Signature

Employers have found prepaid debit cards useful as a way to pay salaries to their employees (payroll cards). They can reload the card on every payday, a more comfortable system than issuing checks. It is also appropriate for employees who don’t have bank accounts. 

Employees have also found payroll cards useful as a way to monitor how they are spending their salaries (as opposed to other income sources).    

Open-loop gift cards (which can be used in any store and also support ATM withdrawals) are exactly like prepaid debit cards except that they may or may not be reloadable while prepaid debit cards are usually reloadable.

In essence, a reloadable open-loop gift card is the same as a prepaid card. 

Below is an example of an open-loop gift card:

Source: Reloadly

On the other hand, closed-loop gift cards can be used only in a particular store. They usually have an expiry date and are not reloadable. An example is the Amazon gift card. 

Source: The Sun

Gift cards have become popular as a way for organizations to reward employees, customers, salespersons, and survey respondents. Individuals have also embraced them as a way to gift friends and families while allowing them to buy exactly what they need.  

The major difference between prepaid debit cards and traditional debit cards is that the former is not linked to a bank account

On the one hand, this difference provides certain benefits. 

First, it provides an option for those without traditional bank accounts. Even the US government pays social security through prepaid cards.  

Second, it can help to improve financial management. For example, if you receive your salary into a prepaid debit card, you can better track how you spend it since no money will enter into the card except your salary.

On the other hand, the absence of a link to a bank account has certain disadvantages.

First, anyone with access to the information on the card can use it. Protections like OTP (one-time passwords sent to your phone number or email address) used to confirm traditional debit card transactions are absent. 

Second, transactions made via prepaid debit cards are difficult to trace. While you can know the card that was used, that does not provide any information about who used it.

Consequently, prepaid card scams have become an issue in the prepaid card industry with scammers using various strategies to swindle funds. 

2. Types of prepaid card fraud

Prepaid card fraud comes in various forms even as scammers continue to develop their strategies. 

Below are the common scams you should be aware of:

Advance fee scams

This is a prevalent scam where the scammer informs the target about a windfall they have just won but requests them to pay before they can access the funds. 

It can be a “Prince” who wants to send them money but needs a few dollars to process the deal or a “lottery official” who needs them to pay taxes before they can release their winnings.   

Skimming

Scammers can also scan (or skim) the magnetic stripe of a prepaid card inside the store and copy the data into another card

Once the original card has been purchased and activated, they can then use the copy card with the skimmed data to spend the money loaded on the original card.

Switching or swapping

Fraudsters can also steal an original prepaid card and replace it with a cloned fake card. They can even do this in mass by breaking into a store selling prepaid cards.  

When the fake card has been purchased and loaded, the scammer will have access to the funds via the stolen card.  

Utility bill fraud

Here, scammers target those who are due on their utility bills and tell them to pay immediately with a prepaid card or risk disconnection. Once they have collected the prepaid card information (card numbers and PIN) they can use the funds as they like. 

This is an example of a phishing scam. 

Tax refund fraud

Fraudsters can use stolen identities to process tax refunds while also including a prepaid card as the destination for the refund. Since these cards are not connected to a bank account, it is harder for the tax authorities to detect the scam. 

Repair fraud

A fraudster can impersonate a technology company proposing to help take care of some malware on the target’s computer. They may then request prepaid card information as part of the process.

Card reloading scam

Scammers can get a hold of a reloadable card they didn’t purchase or own, call a representative of the gift card company, disguise themselves as an employee of a payment processor, and request that the card be loaded. 

Once the card has been loaded, they can withdraw the funds or use them for purchases. 

In addition to all these prepaid card fraud, fraudsters have also used these cards for money laundering. They can purchase them with illegal money without uncovering their identities and then withdrawing money from ATMs or making online and offline purchases.  

3. How to resolve prepaid card fraud

Do prepaid cards have fraud protection? Or does the absence of connection to a specific bank account mean fraud can never be resolved?

Not necessarily.

Though unconnected to a specific bank account, prepaid debit cards are connected to recognized card networks like Visa and MasterCard. These credit card networks have rules that guide disputes and chargebacks. 

Unlike traditional payment cards where disputes and chargebacks are guided by the Fair Credit Billing Act, it is left to card networks to set their guidelines regarding prepaid debit cards

For Visa, disputes regarding prepaid debit cards are handled under the Zero Liability Policy. This policy “does not apply to certain commercial card and anonymous prepaid card transactions or transactions not processed by Visa.”

In essence, not all prepaid card transactions will be protected under this policy. 

The policy requires that cardholders report unauthorized transactions immediately to the card issuer. Issuers must refund the money within 5 business days though “Replacement funds are provided on a provisional basis and may be withheld, delayed, limited, or rescinded by your issuer based on gross negligence or fraud, a delay in reporting unauthorized use, an investigation and verification of a claim, and account standing and history.”

Since Visa does not specify which anonymous prepaid card transactions are exempted, there is no harm in reporting every unauthorized transaction while waiting to see if the policy covers it or not.

Though MasterCard’s general policy regarding disputes and chargebacks does not cover prepaid debit cards, the typical approach, according to National Merchants, is that they mandate  “cardholders register their cards prior to filing a dispute claim, and will send cardholders to the issuer if a specific dispute comes up.”

Said simply, you might only have a chance at a refund if the card has been duly registered (with your personal information) with MasterCard.   

What about gift cards?

Well, open-loop gift cards are also supported by card networks and they are generally treated as prepaid debit cards. 

However, with closed-loop gift cards, there is no card network protection. But this does not mean that all hope is lost. 

According to Aura, a cybersecurity firm, “In most cases, it will be nearly impossible to refund a gift card you’ve sent to scammers. However, some card issuers may be able to help — especially if the funds haven’t been spent or transferred.”

The task of the prepaid card issuer 

If your organization issues prepaid cards or sells them as a merchant, then you must be aware of your responsibility as regards resolving disputes and chargebacks. 

The first thing is to be sure of the guidelines of the card networks regarding disputes and chargebacks. More importantly, you have to know which types of prepaid debit card transactions won’t qualify for disputes and chargebacks so you can inform recipients and buyers at the point of purchase or distribution.

For those transactions that will qualify, you need to have a system to determine when card users can get a refund. 

As noted above, Visa agrees that you can take back a refund if the card owner is negligent or has delayed in reporting the fraud while MasterCard will not even entertain any claim if the card is not registered. 

Again, it will be helpful to have a standard definition of negligence and a rule that specifies the window for reporting fraud. It will also help to inform card owners that they must register their cards if they ever want to report fraudulent transactions in the future. 

If the card owner has a claim, then you must have a process for investigating and resolving fraud. But how do prepaid cards investigate debit card fraud?

Most organizations issuing prepaid cards work with a card-issuing partner who most likely has a partnership with a bank (or another financial institution). The card-issuing partner (or the bank they partner with) should have a fraud department that can investigate reported fraudulent transactions.  

Though closed-loop gift card resellers are under no obligation to refund buyers when there is a scam, there is no harm in working with card issuers (in this case, the retailers) to see if there is any way they can help their customers. Going the extra mile to help customers in this way can be a competitive advantage. 

Some retailers even go over and beyond, offering protections that keep customers safe from unauthorized transactions, according to CNBC

4. E-commerce chargebacks: Additional risks for prepaid card sellers

So far we have considered fraud that involves scammers gaining access to the information on prepaid cards and stealing money from those cards. 

But there is another type of fraud that is connected to that. 

This involves scammers stealing traditional debit cards or credit cards and then using them to purchase prepaid debit cards or gift cards. Scammers go through this indirect route because, as we have seen, prepaid cards and gift cards are unconnected to bank accounts, and transactions done through them are not easily traced. 

Interestingly, some customers even use the protections offered by chargebacks to defraud businesses, what is referred to as friendly fraud. They can falsely declare that a transaction was unauthorized or that the goods had not been received after payment. Interestingly, some of them get away with it.  

If the purchase of a prepaid card or gift card was made through a debit or credit card, then the original owner can request a chargeback as per the Fair Credit Billing Act (FCBA) quoted above.

“Merchants are liable for chargebacks, and the open-ended mandate of the FCBA leaves them wide open for all sorts of fraudulent chargebacks,” according to Chargebacks Gurus, a platform helping merchants handle chargebacks. “To protect their revenue and their standing with acquirers and payment processors, merchants are forced to spend considerable time and effort fighting these disputes.”

Simply put, you either pay for these frauds by reimbursing the card owner (thus reducing your revenue) or you spend time and effort fighting the disputes that have been raised by these customers. 

Below is the typical process of dealing with an e-commerce chargeback, according to Stripe:

  • Initiation: The card owner contacts the card issuer to request a chargeback for unauthorized transactions. 
  • Review by issuer: The card issuer refunds the money temporarily pending investigation. 
  • Notification to business: In a process called representment, the card issuer requires the business to provide any evidence (transaction records, shipping information, communication logs, etc.) countering the customer’s claims. 
  • Business response: The business sends any evidence it has, in response to the card issuer’s request. 
  • Final decision: The card issuer reviews all relevant evidence and makes a decision. If it upholds the chargeback, the refund will become permanent. If not, the refund is reversed.
  • Potential additional fees: The business that processed the transaction will pay a chargeback fee (usually between $20 and $100 but can be more) if the card issuer upholds the chargeback. Other penalties might also be issued depending on the number of chargebacks a business has faced. 

The loss to a business can be enormous when the card issuer upholds the customer’s claim. First, the prepaid card or gift card sold is usually lost since those are hard to trace. Second, they will have to pay fees and penalties to the card issuer. You can lose more than twice the transaction amount for each chargeback, according to Chargeback Gurus

If not tackled, then, e-commerce chargeback fraud can eat into your revenue and even threaten the very existence of your business. 

After considering how to identify and prevent potential prepaid card fraud in general, we will come back to specific strategies to protect yourselves from e-commerce chargebacks resulting from fraud. 

5. How to prevent prepaid card fraud and e-commerce chargebacks

Prevention, they say, is better than cure. 

Therefore, identifying potential prepaid card fraud can help avoid the headache of dealing with fraud. 

Most card-issuing partners have fraud prevention software that will analyze transaction patterns and spending behaviors to quickly identify transactions with red flags before they are processed. 

These software learn from past fraud cases, establish patterns, and then identify when those patterns begin to form. 

Mitigating prepaid card fraud through policy changes

The information provided by this software can also be used to update operational policies so that it becomes more difficult for these patterns to even form. 

Some useful policy changes, according to Chargebacks 911, a technology firm helping merchants with chargebacks  prevention and remediation, include:

  • Limiting bulk prepaid card sales: Frequent bulk purchases may be evidence of the action of a money launderer. Limiting bulk purchases or requesting frequent bulk purchasers to provide more information may help to prevent fraud. 
  • Daily purchasing or withdrawal limits: Those who obtained prepaid cards or gift cards by fraud usually try to empty the account immediately. A daily purchasing limit may prevent them from doing this, providing more time for any potential recovery. 
  • Tracking prepaid card data: Tracking cards from purchase to activation can help identify suspicious behavior. 
  • Monitoring marketplaces: If the prepaid cards you sell appear regularly on eBay and social media marketplaces, that might be evidence that some of your buyers are scammers.   
  • Dollar value limits: Scammers will typically be attracted to cards with high dollar value limits (say $1,000). If your cards have lower limits (say $100, they will be less attractive).  
  • Securing data: For offline stores, this means avoiding the exposure of card data from purchase to activation. 

Strategies for preventing e-commerce chargebacks

  • Use 3D secure authentication in your payment gateway: 3D security adds another layer of protection to card transactions. When the cardholder is completing a purchase, they are redirected to a 3D secure page where they will be required to input a one-time authentication code or a password before the purchase can be completed. 

If the card was stolen, the scammers will find it hard to provide such information. 

Furthermore, when you include 3D secure authentication on your site, then you are no longer liable for chargebacks. It is now the sole liability of the issuing bank. Do well to contact your payment service provider on how you can add 3D secure authentication to your gateway. 

  • Use card verification value (CVV) checks: In some cases, fraudsters have only captured the front part of a debit or credit card. In those instances, requesting a CVV before the transaction can be processed is a good way to hinder scammers. 
  • Choose a secure payment gateway: Some payment gateways will provide fraud detection tools that will help identify and prevent potential fraudulent transactions. Ask different payment gateways what security tools they offer and choose the one that offers the best tools. 
  • Take KYC processes seriously: Yes, it is important to make the checkout process as comfortable as possible. Yet, ignoring key KYC processes like requesting name, phone number, billing address, and phone number can expose you to fraudulent transactions. 

If you want to protect yourself from chargebacks, then you must Insist on KYC information for first-time users. 

  • Consider an address verification service: One advantage of KYC information is that you can quickly use it to confirm the identity of the person behind the screen. For example, you can use an address verification service to confirm if the billing address inputted is the same as the one registered with the card issuing company. 

If there is any divergence, that should put you on a high alert that something fishy might be ongoing. 

  • Regularly monitor transactions: You can monitor transactions to identify suspicious patterns. If someone is creating multiple orders within a short period, that should be a red flag.
  • Use fraud prevention software: This monitoring is better done with fraud prevention software, either provided by your payment processor or third parties. These machine-learning tools can monitor millions of transactions and quickly identify fraudulent patterns that you should be cautious of. 
  • Keep relevant records: In the case of friendly fraud, sometimes all that is needed is for you to keep relevant transaction records and present them to the card issuer during the chargeback process. 
  • Purchase limits: As we mentioned in the case of customer-facing prepaid card fraud, scammers often try to quickly spend their ill-gotten money. Having purchase limits for first-time users can make your store undesirable to them. 
  • Include return policies on your payment gateway: Some chargebacks are the result of miscommunication between customers and merchants. You can prevent these chargebacks by clearly communicating useful information at every stage of the purchase process and requiring the buyer’s consent each step of the way. 

One very useful piece of information is your return policies. State clearly whether you give refunds for returned items and what must happen for them to get a refund if you do give them.

Choosing a helpful card partner

As we have seen, the card issuing platform and payment process you work with can help to make prevention and remediation easier or more difficult. 

Your card-issuing partner must not just be nominally committed to cybersecurity, they must have a clear cybersecurity strategy that includes distinct guidelines for fraud prevention and remediation. Similarly, your payment processor should provide fraud prevention tools that make you less prone to chargebacks. 

At Reloadly, we also do our part to ensure that gift card resellers and issuers who use our platform (and their customers) are protected from various cyber threats. 

We deploy standard cybersecurity strategies to protect your money and data while on our platform. This includes firewall and logical access control, strong cryptography for communication over public networks, 2-factor authentication, and rate limiting on API calls and our dashboard logins. 

Furthermore, our servers are hosted by IBM soft layer and Amazon Web Services in data centers in Europe, the US, and South East Asia. 

Regarding fraud, we are committed to the utmost quality assurance. We ensure that every gift card you purchase and send through our platform is unused and is delivered securely through text messages or email addresses to the intended recipient.   

By integrating Reloadly’s API on your platform, you can be sure of the safe purchase of more than 14,000 closed-loop gift cards from over 400 brands in over 100 currencies. You can send gift cards purchased on Reloadly across the globe in just five seconds.

[Are you looking to reward your employees, salespersons, survey respondents, and customers? Sign up for Reloadly to send a wide range of gift cards that will meet their needs.] 

Takeaways

  • Prepaid card fraud has become popular because prepaid cards are not connected to a bank account. 
  • Some of the popular types of fraud involving prepaid cards include advance fee fraud, card reloading scams, utility scams, repair scams, switching, and skimming. Prepaid card sellers can also be victims of e-commerce chargebacks – perpetrated by scammers or customers themselves.  
  • Are prepaid gift cards fraud protected? The possibility of recovering money from fraudulent transactions will depend on the card issuer and the card network (in the case of prepaid debit cards and open-loop gift cards). 
  • Merchants must work with card-issuing platforms and payment processors that can help them prevent and resolve fraud and chargebacks. 

This might also interest you:

Content by developers to developers.

Subscribe to The Monthly Reload for Developers and start receiving all the developers’ updates.

The Monthly Reload: the newsletter for you

Subscribe to our Newsletter and don’t miss any news about our industry and products.

It’s time to build, make your first API call today