A Hotbed of Sophisticated Gift Card Scams
In recent years, a troubling trend has overshadowed the benefits of gift cards. Despite being a convenient and popular gift choice, gift cards have become a hotbed for sophisticated scams, with potential pitfalls escalating alarmingly over the past year. To peel back the layers of this growing concern, I sat down with an expert operating on digital security's front lines – a white hat gift card hacker – to learn how shockingly easy it is to hack the value of gift cards.
Meet a White Hat Gift Card Hacker
William Caput is a well-known figure in the cybersecurity world, notably recognized for his expertise in ethical hacking. He gained prominence for his unconventional approach to security, which involves thinking like a criminal to uncover vulnerabilities in various systems, including gift cards, ATMs, and other financial systems.
In this video interview, Caput shares that his attention turned to gift card hacks when he noticed stacks of unloaded and unmonitored cards in stores and restaurants. Then, he did a security assessment for a company and discovered predictable patterns in gift card numbers, enabling him to identify cards with a balance. When the company dismissed the concern, Caput bought a mag stripe writer from Amazon to demonstrate how easy it is to code blank gift cards with the numbers found on activated gift cards. Again, he says the retailer did not take his concerns seriously.
However, with the unacceptable increase in gift card fraud, the gift card industry as a whole now recognizes the need for improvement.
Gift Card Vulnerability
Watch this interview for a discussion on the following topics:
- Consumer Scams and Organized Crime: Caput discussed how criminals steal gift card values by manipulating the cards' magnetic strips and PINs. These activities often involve large organized crime networks that use gift cards in money laundering schemes.
- Supply Chain Compromise: Caput theorizes that some large-scale thefts involve compromising gift cards in the supply chain, leading consumers to buy cards tampered with before they even get placed on gift card display racks.
- Retailers' Responsibility: He urged retailers to improve the supply chain's chain of custody and recommended that gift cards be kept behind counters to reduce theft. Though retailers may care about the issue, their lack of decisive action and consumer support might convey a sense of indifference.
- Consumer Education and Awareness: Though businesses and media advise consumers to be more vigilant when purchasing and using gift cards, buyers should not bear the burden of complex security checks. Both Caput and I believe that consumers will accept gift card purchasing changes that make gift cards more secure.
- Impact on Retailer Reputation: We also touch on the effects of gift card fraud on retailer reputation, suggesting that ongoing issues with gift card security could lead to a loss of consumer trust in retailers.
In summary, we want the gift card industry to step up its efforts in combating gift card fraud, balancing the convenience of gift cards with adequate security measures.
But here's the big AHA of the interview.
We ALL Must Treat Gift Cards Like Cash
Toward the end of the interview, I had a powerful realization.
Since gift cards often do not fall under the same stringent regulatory and security frameworks as other financial products, businesses are not required to protect them like they do debit or credit cards. Gift cards can be purchased and used anonymously. So anyone with access to an activated gift card can use the card's value--without restraint or consequences for theft. Since implementing advanced gift card security features can be costly for businesses or create gift card purchase friction, consumers are instead encouraged to treat gift cards like cash-- shifting the responsibility for security to the cardholders.
And that's the problem.
While businesses urge consumers to handle gift cards with utmost care, they do not mirror this level of caution themselves. If businesses truly treated these cards as cash, they would rigorously monitor and secure them throughout their entire lifecycle—from production to point of sale. This significant oversight in the retail approach to gift card security reveals a fundamental flaw: a disconnect between the responsibility placed on consumers and the actions (or lack thereof) taken by the businesses issuing these cards.
We need a paradigm shift in how retailers manage gift card security.
Restoring the Original Purpose of Gift Cards
While there are critics who advocate for the abolition of the gift card industry due to its vulnerabilities, my goal is different. I firmly believe in the potential of gift cards to serve their original purpose: to be a convenient, thoughtful, and secure way of gifting. However, businesses need to take bolder steps to ensure the security and integrity of their gift card programs for that to happen.
As we move into 2024, I call for businesses to implement robust security measures, re-evaluate handling and distribution processes, and better communicate how gift cards work.
To restore trust in gift cards, I invite businesses to get certified so I can confidently list their gift cards on "Gift Cards You Can Trust."
It's time for a change – why not lead the way?
Shelley