Greetings, Square Team,

So I have a question, and a bone to pick with you folks.  This weekend I received an email from you stating that a customer had disputed an $85 e-gift card sale.  So, I have replied, and provided what information I could.  I’m sure the dispute team will handle that as best as they can.

My issue with Square is as follows.

1) The card was sold using your web site tools to sell e-gift cards.

2) I played no part in the transaction, other than receiving it.

3) I did not get the opportunity to verify the buyer, verify the CVV code on the card, etc.  That was entirely on Square.

4) The gift card has been mostly redeemed, so I will be out the redemption amount to date, should the dispute not go “my” way.

I realize that Square handled this transaction for my benefit.  But, if I am going to be penalized when a customer disputes a transaction, I’m not sure that I want to take this chance any more.  It seems to me that if I’m going to be held responsible for a disputed transaction entirely in Square’s control, then I should either stop taking e-gift certificates using Square, or I should be allowed to verify the customer’s identity, etc, before taking said e-gift certificate sale.  Ultimately, I was NOT the merchant for this sale.  Square was.  Therefore I firmly believe that Square should have its funds sequestered for the duration of the dispute, not me.

So, should I quit taking e-gift certificates through Square, since Square doesn’t seem to be doing their job in verifying customers’ identities for me?  I’m perfectly fine going back to paper gift certificates, for which I have never had a problem in my entire 8-year history, if I must.

Chip

Hi @TheRealChipA-

Thanks for posting in the Seller Community, and surfacing this issue.

As of right now, we do not have a specific dispute or chargeback protection for eGift Cards. Really sorry to hear that a customer is disputing an eGift Card charge.

I would encourage you to take a look at this Support Center article. If after reading that, you still have concerns when it comes to eGift Cards and disputes, I would agree that maybe you should look into disabling that feature, and just sticking to physical gift cards. 

Your issues are valid, and I see where you're coming from, given that the resources we offer aren't always helpful if the customer can purchase the eGift Card at any time without your approval. For other purchases, we suggest the Build Your Contract feature to help you set expectations with customers and avoid potential disputes altogether, however this is not applicable to your question/eGift Cards, but a good resource nonetheless. 

Again, apologies about this, and please don't hesitate to call and speak with our Disputes Team for any suggestions they may have to offer. Perhaps they've encountered this in the past. Thanks for your time. 

Thanks for the reply, @isabelle .  After reading it a couple of times, I want to be sure you understood.

My issues is not with the CHARGE using the e-gift card.  Rather the customer is disputing the purchase of the actual e-gift card itself.  They are saying that the e-gift card purchase transaction was fraudulent.

Having said that, I do find it odd that the e-gift card was purchased by someone named Amber, then Immediately used by someone named Amber, who is now disputing the initial purchase of the actual e-gift card.  This looks like customer fraud from beginning to end, as I have already reported to your dispute resolution folks.  It seems they agree, because they are challenging the dispute.

But, to clarify, you’re telling me that if Square sells an e-gift card on my behalf, and that transaction purchasing the actual e-gift card is disputed, that I have no recourse and have to eat that amount, even though I was in no way involved in the e-gift card purchase?

Chip

Hey @TheRealChipA!

I'm sorry, I think I misunderstood your original question. I thought this Amber had disputed the transaction of purchasing an eGift Card from you. Are you saying that she disputed the transaction where a purchase was made using funds from an eGift Card? 

Regardless, we do not have a certain or special protection for eGift Card purchases. It would fall under the same process that is detailed in the link I posted previously. If you have any further questions about this, or would like any further clarity, please reach out to our Disputes Team, as they are entirely dedicated to supporting our seller's with disputes. 

Hi @TheRealChipA,

We just had the same experience (eGift card purchased by an individual, used by another individual who ordered for pickup using different names and contact numbers/e-mails each time, $100 transaction was disputed by the purchaser). Unfortunately, and probably happened to you too—the dispute was resolved in the customer’s favor, likely because the cardholder’s card was stolen by the individual used to make this purchase.

I contacted Square about this as well and they were similarly unsympathetic and unwilling to recognize that this opens THEIR customers (us) to significant fraud risk. I’ll be discussing with my partner but most likely we will have to disable eGift Cards in order to protect ourselves from having this happen to us again.

@AshaTea 

Hmmm.  I’m sorry to hear that.  I had hoped that mine was a unique, one-of-a-kind incident.  Obviously it is not.  Once would be an oversight that is correctable.  Twice means that you and I might be the tip of an iceberg.

I have discussed this matter with my business partner as well.  He has decided that this is entirely in my control.  At this point, without something from Square to indicate that they actually care about this (which is obviously unlikely), we will be requiring that all eGift cards be purchased by telephone or walk-up.  And even for telephone purchases, we will be requiring first that purchasers email or text us a photo of their driver’s license.  

Also, we are going to set aside a certain percentage of outstanding online eGift card sales under the assumption that they are fraudulent, just to protect ourselves.

Eventually, Square will allow enough people to claim that their credit cards were stolen, or they will get the picture and step up to the plate to protect us, THEIR customers.  Or they won’t, and enough businesses will get burned and take more drastic action to get their attention.  For now, I’m too small for Square to care, obviously, and I’m certainly not going to spend money foolishly to make them care.

I’m asked pretty regularly by new local business owners about my experiences with Square.  I always give it high marks EXCEPT for this issue.  In the case of eGift cards I always tell people to think very carefully, decide what they can afford to lose into this black hole of Square’s doing, and then decide.  After hearing my experience, which is admittedly minor, they’ve all decided it’s not worth the risk and are using other eGift card options.  I hate doing that, but Square has left me with no choice.  I will always be brutally honest about my experiences when I make recommendations.

PS — Edit after I sent the original reply.  I’m betting that if Square actually did a proper investigation of my case, at least, they’d find what I suspect.  That the gift card was purchased AND redeemed from the same/similar IP address.  To me it is always suspicious when a gift card is redeemed so soon after it was purchased, and this should raise a red flag.  This could be easily fixed by Square — for example, they could put a “hold” on eGift cards (my choice of the holding period), and not allow it to be used until that time had elapsed.  This would give time for the original purchase to clear and be determined to be valid.  That’s just one way to help us here.  There are others.  The problem is, as I have stated, that the customer can purchase a gift card online, using a “stolen” card, then redeem it in the online store immediately.  It’s a glaring hole and one that is easily exploited.  But fixing it requires diligence and imagination.

@isabelle 

Hi @TheRealChipA,

That’s very diligent of you. We just decided not to sell any more eGift Cards period. I looked through the forum and a few other sellers had the same issue. I’ve also been contacting Square for almost a month now and spoken to upwards of 10 reps and all gave the same response—Square is not responsible and we as sellers can minimize our risk by decreasing eGift Card values or monitoring the purchases—neither of which is a viable option as we are a high volume business. Hopefully this will change but one of the posts I saw was from a few years ago so I’m not holding my breath.

@AshaTea I was just going to Like your reply and let this go, rather than wasting my time trying to convince Square of the error of their ways.  But, my OCD won’t let me!  LOL.  One more feeble attempt.

Square... here are the facts:

1) Customers (and scammers) can purchase eGift cards online.

2) We businesses are not involved in this purchase AT ALL.  We only find out about it after the fact, and can’t moderate the sale at all.

3) We businesses are not involved with the card transaction AT ALL.  We can not apply our usual due diligence for credit card purchases that we apply over the phone or in person.

Therefore, it is completely lost on me/us how WE can be responsible when a charge is challenged.  Square performed this sale.  Square approved this sale.  We had NOTHING to do with it.  How can we be responsible for not doing our jobs when we were not allowed to do our jobs?

More facts.

4) In my case, and in others I’ll bet, e-Gift cards were purchased and then very quickly used in our Online Stores.

5) Again, we could not verify the gift card, and could not challenge its use.  Square took the card and approved it.

6) I’m betting, but can’t prove, that the eGift. Card and it subsequent use were from either same or a similar IP.

7) After the eGift card was depleted, the original purchase was challenged and deemed by Square to be invalid.  Square even had the unmitigated gall to make it MY fault for not doing THEIR job when the card was purchased from SQUARE without my knowledge.

This is fraud on the “customer’s” part, obviously.  It is fraud that could be monitored more closely with properly developed and coded software.  But instead of making the effort, Square has decided to just make it our fault and cause us to lose money.  Instead of helping us by giving us tools and settings and insights, Square has decided to take the easy way out and make US responsible for transactions over which we had no control, no good information, and no insight.

Just my opinion.  (And probably the opinion of others.)

@isabelle 

@AshaTea and @TheRealChipA 

We just went through a few days where gift card sales were getting flagged by Square as “high risk”. Similar to your story, the purchaser and receiver had the same email address. When I dig deeper, they were actually using a temporary email service called yepmail.co. You basically log into Yepmail.co make an email address that stays active for an hour. Enough time to purchase a gift card and receive the gift card number. Strange thing is when I went to the site on my laptop, I was actually able to see what the scammer was looking at... as if I could log into their account. For the first fraudulent sale, I checked the email and saw this person also purchased random $50 gift cards to other vendors under different names. I was also able to view their purchase receipts and noticed that the scammers purchased the gift cards through “Give and Get Local” the feature offered by Square to market your gift cards on a local site. 

I have since turned off our gift cards from being available on “Give and Get Local” and haven’t had any alerts about “high risk of fraud” since. 

Wow. Well, hopefully if this happens enough, there will be new safeguards out in place. For sure I’m not selling any more digital cards online. People have to call. There are too many Square unplugged holes to take a chance. 🤞 Square takes notice and cares sometime soon. 

Our business has lost several hundred dollars in sales (in just a couple months) to these types of gift card dispute scams. By the end of the year, this will be thousands of dollars in sales and product given away, essentially for free, to these people. 

I've noticed that the customer who files a dispute for a gift card purchase almost always uses a temporary email address, and tends to file the dispute several weeks after the gift card has been used up, meaning we've already exchanged (given away) product to them. 

I hope that Square will consider implementing some sort of solution for this. 

 This is one issue that I have decided is always going to be with us.  I reported it over a year ago, and I’ve not heard any movement on it.  For now, I’ve turned off the ability for guests to purchase eGift cards online, and require customers to call or walk up to purchase them.  Yes, it’s a pain, but at least I can control things and if there is a problem, that problem is entirely on me now.  I’m not sure why Square doesn’t consider this something worthy of attention, but it is what it is. The issue is no longer a mountain on which I wish to die, as it were.  Our job now is to realize it is a problem, realize we aren’t going to get any assistance with it, and do everything we can to work around it and protect our businesses in the future.  At least, that is possible.

Best wishes,

Chip

I agree 100%. We too have received disputes on eGift Cards and now only sell physical gift cards. 

The sale of eGift Cards is not in our control. The responsibility for chargebacks should lie with Square. 

Well this is a pretty amazing update for limiting fraud and liability. Amazing. Thanks @Tom !

This is great....

This is great additional built in fraud protection.  We're getting ready to see egift cards online in addition to the physical ones we sell in the salon...knowing that it will be harder for someone to buy cards illegally puts my mind at ease 🙂

This is great news as the only charge back I've had was from an online gift card sale.

Will this apply to online orders at some point? I'd love to start offering shipping but currently only offer pick up to help manage risk

Glad to hear you're liking this update, @PartyManiaMD! We don't have any news on this coming to Square Online right now, but we'll post an update if it does. 

Hi guys - I've had this happen a couple of times now. Someone buys like 3 $100 - $500 egift cards on my website then must share them with friends to purchase items off my shop. It was a red flag in the beginning because when shipping an item, I could see it was to some warehouse. I tried to contact all parties and they wouldn't respond, so I cancelled all transactions. I noticed the same thing happen again this weekend. I think people are stealing credit card numbers and buying egift cards all over the internet with them. I believe this would end up screwing small businesses in the end as we'd have to refund everything and probably wouldn't get our stock back. Just wanted to put this out there for everyone to keep an eye out!

I'm wondering if I should remove the ability to purchase e-gift cards on my site as a safety option.

@Thistlewelly I would recommend that you do just that.  Here’s my reason.  If you search long enough here, you’ll see a thread I started a few years ago.  At that time, a customer purchased an e-gift card and then used it to purchase food for delivery (back when I had food).  A few days later the original e-gift card purchase was disputed.  Square and the bank who issued the card did not have my back.  I ended up eating the cost of the food that was delivered.  Thankfully it was less than $100.  However, it was also at the height of the pandemic lockdowns and it was $100 that hurt a lot more than it otherwise would have.

Square’s reason for not having my back?  It seems that I should have verified the customer who purchased the original e-gift card purchase EVEN THOUGH I did not know anything about it.  The customer purchased the card through Square’s online e-gift card site, Square took the card, and Square did not verify the customer but then had the gall to tell me that it was my fault for not verifying the card.  See the problem? LOL

There is an obvious glaring hole here.  If you sell e-gift cards through your web site, Square handles the entire transactions.  However, if there is fraud, Square holds you responsible for that fraud, even though you had nothing to do with the transaction.  And they then say that they can’t indemnify you because you did something wrong when you sold the e-gift card that you did not sell.

SO…. Take e-gift card sales off of your web site.  Have customers call you or come in to get them so that you can verify what you need to verify.  I have a policy of having customers email me a copy of their driver license and card before selling them the gift cards so that I can verify that, at least.  Also I recommend that you turn off the setting “Show a link to my eGift Cards in public directories” so that your gift cards do not show up on Square’s global website that allows people to search for Square gift card sellers and buy them in that manner.  That should plug all of the holes and protect you from this fraud that Square seems to have no interest in protecting you from.

I’m sorry to have to say that, and to have to be so critical of Square here.  But, in this case, the criticism is well deserved.  I’m still solidly in their court, and very much love their products.  But this is an unconscionable hole that could be easily fixed if it was important to them.  Until they do, turn off all online e-gift card capabilities to protect yourself.

Best wishes,

Yea, I had to turn off E-gift cards as an option because my one and only e-gift card sale was disputed and I lost the dispute. I'm kind of salty about it because the name on the order didn't even match the name on the credit card... How is that not a HUGE red flag on the part of Square? At the time we were extremely busy so I didn't check to make sure they matched up... but again one would think Square security practices would prevent chargebacks of this nature.

Overall Square's platform is 9/10 but even with the new risk manager settings I will most likely avoid e-gift card sales. I'm not even a fan of shipping product as they can claim it got stolen or never delivered and UPS/Fedex don't require deliveries since covid.

Thankfully my customer base is extremely honest and in the 11 years we've been open we've had less than 10 chargebacks.

@PartyManiaMD Regarding the risk manager settings, I saw nothing in those that would help with e-gift card sales that are COMPLETELY handled by Square, without our knowledge.  So, yes, I still can see no safe option other than completely disabling e-gift card sales online, and only allowing them in person so that IDs can be verified, especially for large purchases.  Unless I completely missed something, Risk Manager is useless in this case.  Sorry to say.  Maybe someone will weigh in and prove me wrong on that point.

Supposedly using 3DS shifts the liability however I'm of the opinion I'll believe it when I see it. 

I feel like the risk management system is convoluted and needs to be seamlessly integrated. Hopefully we can get there and eventually be able to not worry about e-gift card sales having issues!

https://www.sellercommunity.com/t5/Product-Updates/New-Security-features-for-eGift-Cards/bc-p/374796...

I was and really am hoping for a software feedback session soon (had hopes that it would be shortly after the hardware feedback session) as the software side of things while great could use some user feedback. (I get there are feature requests but there are feature requests and then actually sitting down with active users), the latter is much more valuable when it comes to improving software.

@PartyManiaMD Thanks for that clarification!  That is an announcement that either I never saw or I saw and glossed over.  I’ll check it out, for sure, and see if it takes care of my issue.

Yea I noticed the announcement, I'm just hoping they clarify a few things because:

"When you create a rule to enable 3DS on your APIs such as your eGift Card order site or Square Online Store, customers may be required to digitally verify they are authorized to use the card making the purchase.

If the buyer cannot verify that they are the cardholder, they will not be able to complete the transaction. However, if the buyer verifies their identity and completes the transaction and it is authorized through 3D Secure, the liability for fraud chargebacks then shifts from the seller to the card-issuing bank."

It still puts it in a really gray area because they "may" or "may not" be required to verify they are the cardholder and the liability only shifts IF they verify their identity...

Also if you don't set up every variation of 3DS and they don't get "checked" for their identity you're still liable.

Thank you so much for bringing this up @Thistlewelly , and for your perspectives @TheRealChipA & @PartyManiaMD 

I can imagine how frustrating that is for you, especially when you can't tell for sure what is going on.

Credit card fraud is definitely a big issue across industries for sellers of all sizes, especially with online sales.

As a seller I also had my share of worrying about fraudulent payments, and even had an issue of being targeted by someone testing stolen credit cards in $1-3 increments. I contacted Square Support and they were able to track down the person and prevent them from continuing it, which was really great, and hopefully that helps train what they use to spot them in the future.

So onto potential solutions. You could definitely just stop doing eGift Card sales online as you & @TheRealChipA suggested.

However, Square does have a more advanced system of finding fraud especially here, in the Risk Manager system, that @PartyManiaMD mentioned.
This was updated recently with 3D Secure which if triggered, would put the onus on the buyer to verify themselves, which would not only serve as a detractor and could stop folks from going further, and then actually stop them if/when they can't verify.
This was especially targeted for eGift Cards and Square Online.

This is an Opt-In program, and may have an added cost. According to the Support Center Article linked above, it is an additional $0.06 per eGift Card Transaction, and Free for Square Online Transactions.

As @PartyManiaMD also mentioned, there is a bit of manual work to do in enabling the Rule for 3D Secure. Square teams are constantly listening to feedback and working to make these processes easier, and hopefully that is something that is addressed here in the future.

I know it’s still not perfect and the added cost, although small, can still be a detractor from using it, but it does seem like a good option instead of just not selling eGift Cards online.

Here is the Announcement Post in the Community:

https://www.sellercommunity.com/t5/Product-Updates/New-Security-features-for-eGift-Cards/ba-p/370400

Here is the Support Center Article with how to enable it and pricing at the bottom:

https://squareup.com/help/us/en/article/7623-risk-manager-3d-secure-3ds

Here is the link with more Risk Manager info & Sign Up:

https://squareup.com/us/en/payments/risk-manager

Thank you again for bringing it up, and let us know if you have any questions!
Pesso

@PartyManiaMD So…. I just activated Risk Manager on my account, and went through the steps to set up 3DS.  See the screen shot below.

Basically, there are 3 rules you can use to set up 3DS:

1. Trigger it if the amount is more than your comfort level — I chose more than double the average payment for my location.
2. If the card is used for more than x purchases a day — I chose 3, which was the minimum.  
3. If the card origin is out of the country — I chose yes.

For my comfort level, these conditions could give me the confidence I need to reenable online e-gift card sales, especially since double my average sales (I’m an ice cream shop) is around $20.  I can live with that level of exposure, and if I decided I can’t I can always choose a lower amount.  

So @Thistlewelly You might want to check this out.  It seems like it might work for you, as well.  I’m going to take a chance and give it a try!

Thanks for all of that, @Pesso .  After exchanging information with @PartyManiaMD , I decided to enable Risk Manager and set it up, as I described in another reply here.  Actually, it seems to be what I was asking for a few years, ago, and it just might work.  I’ll certainly give it the benefit of the doubt!  Do you know if there are any plans on the roadmap to add more triggering conditions to 3DS?  Is there a channel to make suggestions?

Nice! Thanks for the info. I'll look into that - fabulous!

Yay - thanks for the info - that may be the saving grace. 🤗

@Thistlewelly I think that I can speak for all three of us who have been active on this thread when I say you are welcome!  I’m so glad that @PartyManiaMD and @Pesso jumped in so that I could find some resolution to this, as well.  Let us know if you have any further questions or concerns.  FYI, I have everything set up and enabled to allow online e-gift card sales again, along with 3DS Risk Manager set up.  So, I’m going to be going through this test period with you.  I’ll certainly let you know if I find any gotchas along the way!

Oh, and @Pesso , can you please merge the thread here with this one, since there is something of a resolution for this topic? I don’t have thread merge capabilities, but I’ll bet you do!  Thanks!

Also consider this from a customer perspective of someone that bought a Gift card from someone else.  I bought some giftcards on Craigslist and they were actual gift cards that worked.  The vendor told me he had some digital gift cards so I bought some and never had any issues.  I went to use one today and it didn't work. It said it was disabled.  I contacted that vendor but emails aren't getting answered at all.  I googled about it and found this article.

I'm not sure how rampant this is but I assumed everything was ok as I bought the card, I was provided with a QR Code with a gift card # to give in the store.   It always worked in the store and it was a month since I purchased it.   So to have the notice it was disabled got me curious.   

I agree with you vendors that if the name doesn't match the credit card # for the delivery then they should flag it.   This gift card was like 40% of the face value.  When I asked how they could do it so cheap, they said they got the gift card as a gift for their birthday and didn't like that restaurant.  Rather than a complete loss, they said they would rather get some money.  

At first, I was **bleep**ed that I lost out but I never thought that the vendor was the one losing out.  Consider that some people are getting this fraud on them buying fraudulent gift cards.

Shouldn’t square have built this in to protect their clients? 
it’s a little late… how many others lost money due to this flaw?