Are you sure you would like to proceed? Anyone who received the email could immediately go shopping or start to convert the gift card numbers into cash. Merchants and vendors are increasingly opting to use electronic gift cards instead of paper certificates because of lower costs and because electronic cards are less vulnerable to fraud or counterfeiting.
When they are, transferring balances to another card or converting into cash by using a third-party redeemer drains the balances out. There are no reported incidents of POS skimmers used to grab gift card numbers, but this attack would work as well.
The addition of a PIN number can delay a fraudster, but not deter them entirely. They can scratch off the coating, revealing the PIN and replace it with a new sticker easily purchased from eBay. This type of fraud is fairly low-level and does not result in a huge loss to the merchant, but is quite a shock to the customer when the recipient of a gift card tries to redeem it and finds that the balance is zero. Some retailers will reimburse the customer with the face value of the gift card, but this ends up being a reputational hit for the retailer, as well as a headache for the consumer.
Slightly more difficult, but much more rewarding, is to acquire gift card numbers in bulk from the issuers, merchant, reward redemption program, etc. This can be done through a multitude of methods, including phishing, SQL injection, social engineering and accidental disclosure. The employee accidentally sent the email to more than 1, people. Anyone who received the email could immediately go shopping or start to convert the gift card numbers into cash.
In-store security is important. Store gift cards behind the counter or locked in a cabinet. First, require a PIN for the use of a gift card. Next, on a corporate policy level, never store the gift card PINs with the gift card numbers — keep the two separate. Last, limit online balance look-ups to several per hour, maximum. The best advice for customers buying gift cards is to only buy gift cards from reputable merchants. Most importantly — keep your receipt.
If you get the card home and find it drained of funds, you may be able to recoup your losses by going to the merchant that sold the card or the store where the gift card is redeemable. Gift card fraud is pretty unsexy when compared with the latest nation-state threat actors exploiting multiple 0-day vulnerabilities, but it is a significant problem that drains money from retailers and consumers alike. By being aware of how this fraud is committed, we can spot the scams and protect ourselves.
Tony Martin-Vegue is a year Information Security veteran with expertise in network operations, cryptography and risk management. Worldwide acceptance The recipient is never limited to what's available in just one store. A personal touch Depending on the issuer, you may be able to personalize your gift card with photos, messages or the recipient's name.
How it works Purchase a card online from the below 3 options or at a participating retail store. Either in-store at time of purchase or by calling the phone number on the card packaging. Make purchases everywhere Mastercard debit is accepted. American Cancer Society GiftCards. Akimbo Gift Mastercard GiftCards. You are about to leave the Mastercard site. Are you sure you would like to proceed? Cancel Go to my bank.
Use the Mastercard Prepaid Gift Card anywhere that Mastercard debit is accepted. A personal touch Depending on the issuer, you may be able to personalize your gift card . The CITGO Gift Card is more convenient to use than cash. Use at more than 5, locations in 29 states. Pay for gas at the pump or purchase convenience items in-store. Credit CARD Act Requirements for Gift Certificates, Store Gift Cards, and General-Use Prepaid Cards. By Rebecca S. Reagan, Supervisory Examiner, and Aaron M. Thompson, Senior Examiner, Federal Reserve Bank of Richmond. A gift card is a type of prepaid card (or other electronic access device) typically purchased by one consumer and given to.