IntouchCX

Resources

Case Study: Combating Gift Card Fraud Through Strategic Security Solutions

Strategic sprints enable us to effectively nurture our partnerships, tackle persistent obstacles, drive progress, and explore innovative technologies. This method boosts creativity and opens up new possibilities for services and opportunities.

A leading global beauty brand faced significant issues with gift card fraud due to a lack of proactive monitoring and system access controls. Using our strategic sprint approach, we were led to initiate a targeted fraud assessment program to combat these issues. Our program leverages collaboration between frontline agents, operations leaders, CX support teams, and our dedicated fraud prevention team. This allows us to identify and implement a layered approach to mitigate fraud risk and financial losses.

The Challenge

Our partner was experiencing a high volume of fraud related to internal gift card manipulation and reissuance. The lack of proper security measures and controls in their gift card management tools led to increased fraudulent activity, as agents were given the ability to perform duties above and beyond their roles in combination with access controls leading to multiple attack vectors. In response, we identified and partnered with our client to implement a range of solutions that helped build safeguards to protect the company, enhancing fraud mitigation and overall system security.

Our Solution

In order to address these problems, we identified and implemented the following risk safeguards:

1. Proactive Monitoring and SOP Implementation
Through our comprehensive fraud assessment, we produced a gap analysis that identified the necessary process and system changes. By limiting access and functionality within the partner’s gift card management system, we mitigated exposed risks by ensuring agents only had the ability to perform actions appropriate to their role. Improved reporting enabled a proactive red-flag monitoring program, allowing for early detection of fraudulent behavior. Additionally, enhanced password management and issuance practices were put in place to mitigate account takeover scenarios, significantly mitigating financial losses. 

2. Fraud and Infosec Collaboration
During the fraud risk assessment, our fraud prevention group partnered with our Infosec team. A thorough analysis determined that the fraud was most prevalent when our partner’s VPN portal was not required. This led to the identification of additional fraud from various vendors with access to multiple client-owned tools. Our partner initially believed the systems were still behind a VPN, but it had been removed. We validated that the fraud coincided with these periods. By collaborating with our partner, we were able to enforce consistent VPN usage not only on the gift card management tool but on multiple client-side tools. This, in combination with other safeguards, effectively reduced fraud volumes for the identified attack vector to zero.

Our Results

These targeted solutions significantly improved our partner’s security practices and eradicated their gift card fraud. 

The year-to-date data showed:

  • Zero incidents of gift card fraud since implementation 
  • Improved security protocols 

Conclusion

Our fraud assessment process enabled us to effectively address existing fraud concerns while identifying and resolving major security gaps impacting multiple systems and processes, ensuring ongoing success for our partner. Implementing the recommended action items has resulted in not only a decrease in fraud volumes but also a significant strengthening of processes and systems.