Gift cards and the fraud supply chain

Gift cards serve hundreds of legitimate businesses and billions in transactions for unbanked populations through companies like PaySafe/OpenBucks. Yet AARP claims 'asking for gift card payment is always a scam,' revealing a fundamental misunderstanding of alternative financial services by professionals who don't interact with financially vulnerable populations.

• •PaySafe is a publicly traded company with thousands of employees specifically enabling gift card payments for unbanked customers
• •OpenBucks embeds 'pay with cash voucher' functionality into legitimate business websites and collection workflows
• •Professional advocates often misunderstand alternative financial services because they don't belong to the social class these services target
• •Gift cards exist explicitly to provide payment methods for people without bank accounts

FBI's Internet Crime Complaint Center received $16.6B in fraud reports across payment methods in 2024. Gift card scams convince vulnerable people to buy cards and share card numbers/PINs with scammers, who use a sophisticated fraud supply chain to convert cards into cash, crypto, or laundered funds through techniques like 'layering' in AML parlance.

• •$16.6B in fraud reports to FBI in 2024, with gift cards as major vector (many victims don't report)
• •Fraud supply chain converts gift cards to: cash, crypto, scamming services (purled credit cards, lead lists), or laundered funds in regulated institutions
• •Scammers target socially vulnerable populations who are convinced to buy cards and share card details
• •Gift card marketplaces spend significant resources preventing exploitation, but regulatory gaps persist

US aggressively protects debit card users via Regulation E liability transfer to financial institutions, but gift cards have explicit regulatory exemptions. The difference stems from carve-outs, political pressure, and the industrial organization of gift card programs, creating an accountability sink where no deep pockets cover fraud victims.

• •Debit card fraud victims are 'quite likely to be made whole' through Regulation E protections
• •Gift card fraud victims unlikely to receive compensation due to regulatory carve-outs
• •US does run effective pro-consumer regulatory machines for some payment methods, contradicting common assumptions
• •Accountability sink is partly regulatory, partly political, partly structural to gift card industry organization

Most retailers outsource gift card programs to specialized financial services companies like Blackhawk Network and InComm Payments. These program managers handle software integration, state-by-state escheatment compliance, AML obligations, and cash flow management—capabilities most retailers lack internally.

• •Gift card program managers are 'financial services businesses with a sideline in software' that retailers have never heard of
• •They integrate across POS systems, websites, accounting software, balance-check hotlines, and state escheatment requirements
• •Escheatment laws require unused gift card funds be remitted to state treasurers (states keep interest income)
• •Retailers choose outsourcing over building internal teams to track 50+ state laws and legislative changes

When customers are defrauded via gift cards, retailers truthfully claim they don't 'issue' cards—they only sell and accept them. BigCo's fraud departments often cannot access gift card databases due to security practices. Unlike Regulation E's mandated 'click a button' restoration for debit cards, gift card victims face no state machine, no deadlines, and no investigation.

• •Retailers contractually separate themselves: they sell/accept cards but don't issue them (program managers do)
• •BigCo fraud departments physically cannot access gift card databases due to security isolation
• •Debit card fraud triggers automatic state machine: prominent button → quick fund restoration → investigation
• •Gift card fraud response: low-paid employee suggests filing police report to get you off the phone (minimizes call time and recidivism)

The US intentionally exempts gift cards from Regulation E to facilitate commerce. FinCEN explicitly carves out closed-loop gift cards under $2,000 to 'preserve innovation and legitimate uses.' Retail Industry Leaders Association and other lobbyists successfully argued that KYC requirements would be too burdensome for retailers.

• •FinCEN has explicit carve-out: closed-loop gift cards under $2,000 face value exempt from money transmitter rules
• •Regulatory balance: state's law enforcement interest vs 'preserving innovation and societal benefits of prepaid access'
• •Retail Industry Leaders Association lobbied FinCEN explaining KYC scope would be 'quite burdensome'
• •Higher-value activity ($10K+ to single individual per day) brings sellers back into regulatory scope

The fraud supply chain uses sophisticated industrial organization with Telegram communities, brokers, and 'brick movers' who maintain networks of compromised bank accounts. Brokers mediate disputes between scam operators and brick movers, distinguishing legitimate ACH cancellations from internal fraud—creating a 'high trust environment' for international money laundering.

• •Brick movers (term from Chinese) do repetitive work maintaining networks of popped US bank accounts for receiving ACH transfers
• •Brokers interface between scam operators with 'live fish on the line' and brick movers who can receive specific payment types
• •Dispute mediation process distinguishes victim-initiated ACH cancellations from brick mover theft of scam proceeds
• •Fraud supply chain preferentially targets firms that haven't invested in tracking customer identities across multiple transactions