Can Gift Cards Be
Email
Print
Safer Than Credit Cards?">
One key potential security advantage of gift cards is that the issuer has much more freedom in establishing the number and making it as long—and as changeable—a string as possible.
Traditional credit card numbers, on the other hand, are much more restrained, with as many as a dozen of the credit card number digits being predetermined.
"Some of the initial digits have to tell you whether its a Visa or AmericanExpress. The next will tell you the issuing bank," Rasch said. "The next will tell you the type of card, such as whether its an affinity card. The next will say the branch where the card was issued. This means that if Im doing a random credit card generator, the odds are pretty good if I start guessing numbers that I can try them on a merchant account until one works. But on a gift card, I can create a gift card that has a 100-digit number and there needs to be no (processor-dictated) pattern to it."
Some in the payment space have even questioned whether some of these authentication techniques are severely undermined by making them required so often. For years, privacy advocates have complained of businesses using Social Security numbers as employee/customer identification. This associates the SS# with that person in so many places to make it an ineffective means of authentication.
A similar concern has been raised about the CVV. With almost every online site now requiring the CVV to process any e-commerce purchase, that number is associated with the credit card number in so many databases as to make it a weak verification means. Merchants are not supposed to retain the CVVs, but some do and procedures are not always strictly followed with smaller specialized merchants.
No matter how much the CVV may be diluted, Mercurys Hutt argues, something needs to be done to secure gift cards and a CVV program is a good first step.
"The whole (giftcard) market is starting to explode. Youre putting hundreds of thousands of giftcards into the market every day," Hutt said. "Its potentially a large problem for merchants, who are opening themselves up."
Not taking any gift card authentication process "is reckless for the retailers overall liability," she said.
Rasch stressed that security procedure adherence will ultimately determine whether adding CVV improves a retailers security and reduces its fraud rate.
"CVVs only work if they are logically separated from the first authentication number. If I lose the card, Ive lost the card number and the CVV and the magstripe," Rasch said.
He added that fraudulent sites set up to trick consumers into revealing their information—the so-called phishing sites—are still a gift card danger. "Adding CVV does nothing about phishing. In fact, it encourages phishing," he said, referring to the greater feeling of security, which could lead to consumers buying gift cards with larger cash value.
Retail Center Editor Evan Schuman can be reached at Evan_Schuman@ziffdavis.com.
Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
"Some of the initial digits have to tell you whether its a Visa or AmericanExpress. The next will tell you the issuing bank," Rasch said. "The next will tell you the type of card, such as whether its an affinity card. The next will say the branch where the card was issued. This means that if Im doing a random credit card generator, the odds are pretty good if I start guessing numbers that I can try them on a merchant account until one works. But on a gift card, I can create a gift card that has a 100-digit number and there needs to be no (processor-dictated) pattern to it."
Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail. 
