Enterprise Applications - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Enterprise Applications


Gift Card Fraud Rumors and Reality



 By: Evan Schuman
2006-12-07
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Enterprise Applications story.


Rate This Article:
Poor Best
Opinion: As gift cards soar in popularity—some $25 billion in gift cards are expected to be sold this holiday season alone—the attempts to use them fraudulently have also soared.

As gift cards have soared in popularity in recent years—some $25 billion in gift cards are expected to be sold this holiday season alone—the attempts to use them fraudulently have also soared. But some of the theft techniques are woefully out of date.

Does this mean that gift cards are secure financial tools for retailers and consumers? Not necessarily, but todays gift cards are certainly no less secure than traditional credit cards, with most retailers and issuers willing to be flexible with consumers who have been burned. The most popular gift card fraud rumor hitting Web discussion forums and many newspapers is that there are bands of thieves who copy down gift card numbers out in the open and then wait for a hapless consumer to buy—and thereby activate—the card. The thief then uses the card anywhere he doesnt have to physically present the card, such as online.

Click here to read why Evan Schuman says data thieves are one big MasterCard commercial.

It may be an interesting story, said gift card fraud expert Paul Cogswell, but it wont work and it likely never did.

"It flat out wont work for you," said Cogswell, vice president of loss prevention for CommData, which issues about half the gift cards used in the United States. "This is a recycling of an urban myth. Its rare if ever that youve had a gift card retailer that wouldnt have anticipated this scam."

The gift card industry has gotten a lot more sophisticated in the last few years and now use quite a few security methods. The simplest one is to cover some of the identification number with a scratch-off adhesive, which makes it obvious that the card has been tampered with. An alternative approach is for retailers to use packaging that obscures much of the gift card number.

Using a supplemental code—akin to the credit cards CVC (card-validation code), which is not embossed on the card—is another popular tactic. That requires merchants to insist on the supplemental code, which not all retailers do.

Resource Library:

But more recent high-tech approaches include capturing phone numbers of those calling in to check gift card balance status—they use toll-free numbers, which can grab the incoming number even if caller-ID-block is used—and running them against a database, looking for various patterns. If a particular unused cards balance is checked—suggesting a crook is checking to see if the cards been activated yet—the card is disabled and the calling number can be blocked. The records can also show other card numbers that a phone number has checked into, allowing them to be canceled as well.

If the gift card checking is done online, IP address tracking has also gotten more sophisticated. In addition, security video camera footage is now being catalogued, theoretically allowing footage to be matched to specific transactions. Lets say a Starbucks customer complains that the gift card balance is lower than it should be. That customer might be able to have them access footage of the crook using the bogus card replica.

But there are indeed many ways that crooks today can use gift cards effectively. The most popular method is using a gift card to, in effect, extend the life of a stolen credit card. Under this scenario, the thief steals the credit card. A few years ago, that card would have likely remained active for a few days after it had been reported stolen, said Joseph LaRocca, vice president of loss prevention for the National Retail Federation.

Today, however, the nations POS (point of sale) networks will likely have that card invalidated within minutes of it being reported stolen. That gives the criminal a very small window after the theft to access the money. A popular tactic is for the thief to immediately use the stolen credit card—while its still active—to purchase as many gift cards as possible, using up as much of the credit cards balance as possible in the available few minutes.

Todays networks do not automatically link gift card numbers, so it will likely take a day or two—or more—before the police will identify what was fraudulently purchased. Once the credit card is shut down, police often dont see a need to rush. Once the police contact the retailer, it will take more time to identify the account numbers of the gift cards that the thief purchased.

Gartner says $2 billion in e-commerce sales have been lost because of security fears. Click here to read more.

The connection will eventually be made, but it gives the thief a lot more time to convert the card into cash, either by purchasing products and then quickly selling them or even by selling the gift cards themselves, often at auction sites, LaRocca said.

Regarding the traditional gift card fraud, much of it is up to the retailer to protect its cards. Smaller retail sites are the ones most likely to forgo additional security, but thats not an issue for gift cards because "a lot of the smaller players dont take gift cards online yet," LaRocca said.

One security tactic that is not typically used yet is seeking photo ID from customers using gift cards in stores. LaRocca doubts many retailers will want to bother gift card customers by asking for additional identification.

The only benefit would be if the POS system was modified to allow the cashier to enter the identification data. "So lets say they capture it electronically. People dont want to wait in line," LaRocca said, for a very small boost in fraud prevention for an offense retailers are simply not seeing that often. "Weigh that against a cashier asking everyone in line for ID. Its not always prudent to do that."

An even simpler approach is to move gift cards away from the public area, forcing customers to ask a clerk to get them from behind the counter. But that defeats some of the cards attraction. "Consumers look to gift cards as a quick gift item," LaRocca said.

But consumers make purchases based on their beliefs and perceptions, not necessarily on reality. Will consumers see gift cards as unsafe?

LaRocca hopes not, but hes suggesting various things consumers can do to make them more comfortable with gift cards. Among his suggestions: Keep gift card receipts; before purchasing, make sure the PIN on the back of the card has not already been scratched off; and never purchase gift cards from online auction sites, such as eBay, which are popular with thieves.

One gift card site—PlasticJungle.com—is partnering with major retailers to sell discounted gift cards officially. Those private sites are much less likely to be attractive to gift card thieves because of the additional scrutiny.

Of course, if consumers shy away from gift cards and try to actually think up personal gifts for loved ones, well, maybe that wouldnt be such a bad thing.

Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at Evan_Schuman@ziffdavis.com.

To read earlier retail technology opinion columns from Evan Schuman, please click here.

Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.



  Reader Comments: Gift Card Fraud Rumors and Reality
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Enterprise Applications Articles          >>> More By Evan Schuman
 


x}r㶲s\@♵M푦dKƶ,8:U*$ER$g~u~|.'ؖnt7F;vv> IM לٔN\Sãww$wvC2q-*rdz&j9%G jT7R}f]S ׫L|Aშ :#:UG.Sk4jZ53j5Gԗoˏne0-ZIa6)VNմ<ڴ$)q@áh] QQMږyH6ՇH*7܉x8ѽ/DeO^b&{Bq85;^7W2`V~|!k`TOm l׸ڮUX'[vB䅠1FE/t#7J;rNG9"ScO$ա9UNIp/0Q#@ڮS.HVfIJ;guGg bݩGMҵG(&$g v?ǭR If ag?-Gq p\΋2 ˺}= :Ѝۑ<8]Ԓ],r"U)wS>dRr-2谖þȲnMw3a[mޡlطZ*kUE9,T}|-t}rfNe4oFuRV5MQ/ ? ?uh;XARy] > EeK<>si^_UJ`Z. $_c::z\Bn,>@FI/j/ny#ܲ_/hvdꡑf1O=˧0_8rn򳹥uk]_]-k]['>1fP+M~(#3hؕgxg_:nN77fKN:פ>nu3ɀ&dXAZ|[kU[lxmuH||z>5401\]Z-Kj#2qUxy$Y)r$?. !=Ow| nr2GrI/]o$$̛cM|Imd©$zNYu*D`Kc7I_3뮖;nZK=0[-RFƺ\ Дa|dMab&DJH7Ӕye $}ВEtBAͨO%ތE z%Kuu7pe s4rYY4'*taeAUi3ӛӢKsQ}n5IsোV8mǫg9",$ꨦU|\J jExQW_W, F̶#ؠ)S&3;,}0 ZC>Odz'Դf@wP?: M/G˥~f1@ LNa p|w͇v13O/|\aRքZN=H:]6(Z\χ`#˖C&@B뎂9{׻ޚ@<Q%ݻi`y1&=զOAC@X\7 >)@}9 nc@+WePÃ"`"+42[!Z! = \P-T)w^IY䞅Tড়,, H@,gmdz;Oq)f$ ,4tOݡ~u_?~UkCT]ٽh@r6Ҟy0sm- {g@x dX{ /WèKAJ _hi tsaɰCl6<E9Ȇɨg?i}mu}ZMwXUM.  }dҶ鍬ߪ%M*_>ڹe3 %P$7SJ$l%KW wNF TzRhjUՖL-F*|( +)#NWɅk?N/,{ IkqMّ.R\|rjN Y=:=4̄+uh'T-qO=}:8Hy¬5ѝ_φRP՘Iڏ9&_G5 k^ˣ6Wеm>2躢΍GƱ4St%ra9h9& 'րziDe˜,Za' #ؚðye_86kr]ilu0q`(Z3:qV*[MST+pzۻ(Sܧ&;alâ#_-pJFM@X Gt\d0!P\Q-W0.#_L_LU1(TOn»hCz-X]>L,,@ХCkz]W9(#_%hq w.$JPVbrxɡUT9,J8;|%ZAg~~Ȼ8 iJ @g}s`~:~'F2k WeOo(Z?`3|x+ߙ3[aecƘH?`W._5ݧ+i fB1&} ldA{X~\U4Uud XZ 0(E{h0 qD ҀJ ^ƙl)W2ݝ'(R~-h;?mRYf0`%l* Ie(#f~+kJ$XS 1j>Lk}\S~Wݬ`,mC[$ zXÈ h{qņZ ZYMf~q?Oqߎ3XAmŠk+sD ü z30Jјlw?o_/Qm(}gϣ*騫VJۜe2&0ʃF5c; [ LلY6RLsݿxWji==#ݸM">sԵйtNcl }~rnAf D|8 F-.K6,헳f14D|\D"p-nōap@dD"9zB*>_7aOn[JI) `uVDZ)~9HǞ1|]ܩe>t1֎;*}z)cʌEo(SYmq'&F.Ҁ^\fvmvLTSdPRZ|b\).3zxLaWPjjz L*>MC 7PZ[#n$}=բ,Aגy`*+ZR<*4 ZlmL l⊗qXAKτkox~E 6-2j=kR/ԕKOe3q1GX=x=d6 5C+jBgyr`1O?f#[FIgYyVum4uP"5Hq+$˴I>N0atA*¾G.CGf﩮 Ϛ8_arOn;W>0Jj$7 rQӊ5JR~#0Lp ( rA-ã,z(d2rY+`7&ɠK= j ;!O}+tSZ1wOX]dK!O7ƒ"'!Z+3,qvë eVqe^?2Z cSwWwvZU}?"}QL pفbßyc(m'@Ώ}绛vwv@ ۦ>\E2a^}Wn\ab>$gY/ ЏWKӇ/4.ašHfR:$htz|ٔ?pȾYM$(X4qs'^Y{{h6ۗ5a>;oF!$ _9z q}ھ_>w!Cr޾lI^z+փ  yG!hUHV:<bShmƛ&a/kC2ȰV J_ĥsl]sf빨kZ ^k5WE.'27Le8\F`~Y; ²VXȬy`&|]7$T0r(`$X)XBe:^7F:Ky96P^S(+RJ)"4FYM |FϚu3fEpDinEb}Cn`e>!G[yRb] QגZ4ҫoeW!9 |Ds`c=CD!aFrWzaUu"ı0@k#O.\< ;n; WS eZnWa7pϲl^ta_}c|w=F'5];HF DucLA095|DϝO(|i9cw H-@N޽?Qp]Qz AC~gt3r¸E}_)=h[xܕv{qOsr<]1n'vlL'#I"ɫ:7}\8%++x|421@7Yu (f^#za116gnR;=zCt@{~mI.e~W(TRn νbOk$J鲇\v%(c|MT-^\RK>_+Uk@< bY_IKwvzYVN ȦwS'{cgf7?y Sb2JMoqp'`9vO"Q<iflQxA]= ؁ ^nNrxaN=ttܐNa HPݖE1dA$TǹbM>)4ei:? 3|.ۭ{"U'{^XzT p/hD3AK i~VيKʒHJqS.)Dr Zė>b#w%j)7z@BsS ƛ`q:[1>uS(SbnֈBpJ`v2Ag E9zo^sL_̆\b>SXD}n>=Q87!_K{ s-xϡ-FZ&9r1~Ưcw:4vb.vj℈ $ַȟ! +~kUA2ЂUAfo$C91|jܢ9k.U%g!~Z#GǣH^uБ0mLڼz`= :AX\90"S)?H><ALS |̕1ÄJ05 y{|v3W:,{}n#Kh@ A4a܉@& i|B՟ }=iA=܊<6YOMVK'2,'A0!%A'3on}㪯Y"RW:_ܡg&VϝJH 7C{ <+NA_ݓаײLDAH$pH~l"2!I܎_>cI<jk#`/\Wky@mt(F "Bѹtʼn\ι{ӪQ+ 㓲esm@ y33MoQy"<:G7?D-%;ͤX_0wR $aW.W buDL``T?jDR٫JC/ 5u8_Ϝij1Kg2ަW@(Ǘ5=6[wvjmekk39=m{7ibW۰:pX]EY.j>*귵G']3>%`5;۴|6A=W7%4C2Ċa+I錃qlrN_&ep5l~3Zx8=|c98X O~{kҽ9>u]<̧;2)PTQ_5?}b闶QpI}3Ym˼ K ۞Aړ5liİO ŰX т,#;Ћ'ódSts )0? e{#Үo2n;*x}YdãEUIJo|֊[N[kiΞC#Ԟ`5`Ӑt𨍸!n1x߾HzZY :â?$Lc{4۳R\0ky :&Miq#oh?&.$cu(,!sU;Qt. S¤Xt'O|Gⷈa2q!pSҚ{?Lo3ǝ@ E,Kxrs쳬~Y13ʉmO V_M~+&-8=BYWP>e0‡,z rNa1[D}%Dp+#5e9L>1v%1h}PR #r%1w {=cn܎yb+n'-;3x"(ͪD&EuPc^r&:Ʋq. cG2C`m 4,\ |(\πTnhI&MB ܧMPs7.{ȕժTjQܣF +*Pr`.UrsGV$(b؛ ~z/ g?L l9 c=ZF]Mj0QC]{LcxB! 8Wxo/%5&¯I{e>;bI+'A40ڱJ R ?SRyC}Fhu)xE2V!iZ`3+nslKZIȶ8+ilwNQg)q8 @ə莥E ݢx*1<?dߗOobD )n2BwCˠOc+ӘP2!1 \TbЍB1˪M;InP~z*ڟOd^n3nZU}kȚXw/"J L۶6 E Q:#o›7yd6:I. ^j{#4G_ 6b^ZGZa!IG)>xI1K= _-”kgl* v!߰,VIm{7R[ [yꊍ\DQL`꭛VC}N.[7V׺U OdG}m!̴<y]\hꏄ}`H  Djw/%C "PF: / j1n Q&@Ĕv7UI,QZ/x` 3 lbXangj߀dz?,GLwe~d@M)dbAKl͒wy 6t0VQ=1e&|2[7'ΥiBsB<䱤P<'/JpgyFg$ƻB-×>0}(-ŌCZQJФ*}M=VReU]y}݋xWyF7XKz+i+sj9Iˑ!;}^(,#&ybɵ7֝>Xz+9\9nHQ}kw.xZҷptԭsi~=\}=i_ۗ\|j5<ח6Lg(P\6.ZNQʉ`Sgĵ,<^;OKvE Ccq~^ I{k(%lFyї51o&Ll+Sӌ~ϫڹY{u9+ˡ}QogS7W( _W 0/2_d^dsA " ϋ O /@3(?(#/2a|/32C~.a.3Ưd:_: *?3 w3 { ?. 9@rK~_~_2w7Y7{dwɹN2!(odY NoT8G\(_JeYW@a uyQ@yJ2,c2\. f{5[?;BX\jzr+^&e4v+iA- {}ys/-#yioĦBx(0gG6+F.Э-'ވm]=g%Iy=0?$Mu{.1پWߕ\)ܼ}:QOXE)9s8WɴFVی 듩{#|,y |e8Nt7:LwU/3y˘w;ʤ=q&%.Fw\+[/:)7.p{ZڎvڝGfzuieDd;w6 S췡^@€:'<+;}4x]-xLԸRNGpoQV"#<5 |?fze&Hq޿jCg6'[ j*85ߚL u8y$߽R ,^ ,>L)cعkjY蛡r:Hù֦@$?#5RiErT)ߑN0lFGDP1<ˈɪ"+Uw9 ط]V++b`" *s>P`24UJ` z!OJ1=4c­dKo1;BDO"׏ ё:fͤw*ۼx7l{Tyثގe@?o 7 ̯ vR'W+Bx{;Ϩ?^ocLpLЦ!猰Kva[F0 mc|NG2k>MqkqB4;Po6@cmc߻C{ Fcx`⦘$l1@xD zB&H" 9oފ_*G,U`Yd9vyVU̳XC,&lybmb+ H|b[ -I? N,ꩃCV}># ۵XC0exMC?y% ]ۑ)G1_n\H730,4_Sdk,7^ȞB7z; LiaŽ l o1N4Xfw+#P^< `Vbg94Iأ_BDO֤->#%0uocOIg@gX1WdgAg|bOhMx2 U\&-GCuhBYw`AoN[a>$VSP}XGm:Zd_L7,U=Jݽw#TF\|gȌa)xD%=Qcdp x}}F垓$gg_6b Fy&b3@3p6+Ӥdv/+ 0bŽ%O#HYUҎ_}$+t#R.܋OFې)0XPy4% /1-ik%:/9-/p,ZftO#m4` G&J$߀)0t1?FuoϳAsl2qY[ !ˌKmӤ6q¥"U HNX,8. +tiQh0.r$#<[_ڵ묁Ft] vE hMgK_2qWV`H؂{S-WrcdK{f:e^ƃtl+!R!Ty X^c0У,2095q삢enDaa^o1n,ـ@ ֹٝ˱˶ E=b\ ѨpCTVDǮ3^mǺgyeDmE>m+ЍiO|3'ȱ ya1 g{yW=?5j3lvjsxA@`U\3zf7ZS5gZB܏]S 9!j1Bi6aY1}bRrYW`0-Z.<̳(`,$v"VKjMΡmlpR!*acTx 1L(_+.גu!{xZ~Ƌ{El>byx ^ŧ$AS?xDtFW .rW=a%PzZk'oYI'4._xH%B=Sw= ɳaFK+O(QF>=,)>wco`-/=j:|lJaEe鑢%!t4!ջj4dEg0m\}l4n_!eTUA$摭7yM1uc*d_)V gq۩ g۰M*d.%rRbҍR4'r0>_֌&|Z2c{͵N_ ?l!