Just a quick post about whats happening right now in the market with regards to selling Online Gift Vouchers.
The fact that the merchant no longer gets to view a physical card is now giving nefarious clients an opportunity to cheat the Online system.
We are writing this Blog to just inform and warn all clients as we are on the coalface seeing a number of these issues crop up due to the fact that these nefarious clients seem to be buying credit cards details on the dark web, probably as a result of the lax security that Latitude, Medibank Private, Optus, Crown and the like who have been hacked recently, have unwittingly exposed customers card details to the seedier side of the web world.
In the "olden days" when we used to sell Gift Vouchers onsite you always got to see the client, you got to speak to them and you see their physical card or cash right in front of you. However now in the days of selling Gift Vouchers online, you see none of this and there is no visual or audible link to the client buying that Gift Voucher.
The problem now being that the payment method for those Gift Vouchers are manually entered numbers from hacked or stolen cards that at that point have not been flagged by their owners as having been hacked or stolen.
The nefarious client purchases a number of Online Gift Vouchers (sometimes even calling the venue and purchasing via MOTO transaction) using these hacked or stolen details and uses the Gift Voucher as soon as possible., sometimes whilst they are even in the venue racking up a large tab.
As an example, one of the brilliant features of our NowBookIt integration is that Online Gift Vouchers are auto uploaded within a few minutes of being purchased. These nefarious clients are aware of this and were purchasing hundreds of dollars worth of Gift Vouchers from sites such as NowBookIt and instantly using them within a few minutes of the Gift Voucher entering the system.
By the time the legitimate holder of the card realises their card has been charged hundreds of dollars the venue has accepted the charge and has given food and beverage product that subsequently will be lost to an understandably irate card holder via a bank chargeback.
What we have done to fix this is give Bossii users the ability to automatically offer a small window after the purchase of the Gift Voucher that the Gift Voucher will be unable to be redeemed, such as first 2 days embargoe'd, when after that 2 days the Gift Voucher will be active.
This 2 day window can be set to be longer or shorter depending on the venues own decision.
We also have implemented a secondary check at the time of redemption that if NBI or the like flag a Gift Voucher as inactive that we request a second check to NBI at time of redemption to see if that Gift Voucher is still active or not. Should NBI tell us that it is in fact inactive, then at time of redemption we will reject the sale.
A venue can also put in the same policy of not accepting vouchers sold online for x amount of days and we feel that this is a smart initiative (that would need to be communicated at time of purchase) however this gives the legitimate holder of the hacked or stolen card some time to realise that a charge has been put against their card and to allow the bank to then contact NBI to reject the transaction.
Also asking for identification from your Online Gift Voucher client can also make nefarious clients somewhat nervous when attempting to redeem their ill gotten gains.
All of these procedures are constantly being reviewed and monitored and that is why you partner with a Professional POS company that is quick to make changes to code, changes to procedure and recommending changes to policy that help you run your business more securely and professionally.
