Gift Card Fraud Rumors and Reality

Opinion: As gift cards soar in popularity-some $25 billion in gift cards are expected to be sold this holiday season alone-the attempts to use them fraudulently have also soared.

As gift cards have soared in popularity in recent years—some $25 billion in gift cards are expected to be sold this holiday season alone—the attempts to use them fraudulently have also soared. But some of the theft techniques are woefully out of date.

Does this mean that gift cards are secure financial tools for retailers and consumers? Not necessarily, but todays gift cards are certainly no less secure than traditional credit cards, with most retailers and issuers willing to be flexible with consumers who have been burned. The most popular gift card fraud rumor hitting Web discussion forums and many newspapers is that there are bands of thieves who copy down gift card numbers out in the open and then wait for a hapless consumer to buy—and thereby activate—the card. The thief then uses the card anywhere he doesnt have to physically present the card, such as online.

/zimages/1/28571.gifClick here to read why Evan Schuman says data thieves are one big MasterCard commercial.

It may be an interesting story, said gift card fraud expert Paul Cogswell, but it wont work and it likely never did.

"It flat out wont work for you," said Cogswell, vice president of loss prevention for CommData, which issues about half the gift cards used in the United States. "This is a recycling of an urban myth. Its rare if ever that youve had a gift card retailer that wouldnt have anticipated this scam."

The gift card industry has gotten a lot more sophisticated in the last few years and now use quite a few security methods. The simplest one is to cover some of the identification number with a scratch-off adhesive, which makes it obvious that the card has been tampered with. An alternative approach is for retailers to use packaging that obscures much of the gift card number.

Using a supplemental code—akin to the credit cards CVC (card-validation code), which is not embossed on the card—is another popular tactic. That requires merchants to insist on the supplemental code, which not all retailers do.

But more recent high-tech approaches include capturing phone numbers of those calling in to check gift card balance status—they use toll-free numbers, which can grab the incoming number even if caller-ID-block is used—and running them against a database, looking for various patterns. If a particular unused cards balance is checked—suggesting a crook is checking to see if the cards been activated yet—the card is disabled and the calling number can be blocked. The records can also show other card numbers that a phone number has checked into, allowing them to be canceled as well.

If the gift card checking is done online, IP address tracking has also gotten more sophisticated. In addition, security video camera footage is now being catalogued, theoretically allowing footage to be matched to specific transactions. Lets say a Starbucks customer complains that the gift card balance is lower than it should be. That customer might be able to have them access footage of the crook using the bogus card replica.

But there are indeed many ways that crooks today can use gift cards effectively. The most popular method is using a gift card to, in effect, extend the life of a stolen credit card. Under this scenario, the thief steals the credit card. A few years ago, that card would have likely remained active for a few days after it had been reported stolen, said Joseph LaRocca, vice president of loss prevention for the National Retail Federation.

Today, however, the nations POS (point of sale) networks will likely have that card invalidated within minutes of it being reported stolen. That gives the criminal a very small window after the theft to access the money. A popular tactic is for the thief to immediately use the stolen credit card—while its still active—to purchase as many gift cards as possible, using up as much of the credit cards balance as possible in the available few minutes.

Todays networks do not automatically link gift card numbers, so it will likely take a day or two—or more—before the police will identify what was fraudulently purchased. Once the credit card is shut down, police often dont see a need to rush. Once the police contact the retailer, it will take more time to identify the account numbers of the gift cards that the thief purchased.

/zimages/1/28571.gifGartner says $2 billion in e-commerce sales have been lost because of security fears. Click here to read more.

The connection will eventually be made, but it gives the thief a lot more time to convert the card into cash, either by purchasing products and then quickly selling them or even by selling the gift cards themselves, often at auction sites, LaRocca said.

Regarding the traditional gift card fraud, much of it is up to the retailer to protect its cards. Smaller retail sites are the ones most likely to forgo additional security, but thats not an issue for gift cards because "a lot of the smaller players dont take gift cards online yet," LaRocca said.

One security tactic that is not typically used yet is seeking photo ID from customers using gift cards in stores. LaRocca doubts many retailers will want to bother gift card customers by asking for additional identification.

The only benefit would be if the POS system was modified to allow the cashier to enter the identification data. "So lets say they capture it electronically. People dont want to wait in line," LaRocca said, for a very small boost in fraud prevention for an offense retailers are simply not seeing that often. "Weigh that against a cashier asking everyone in line for ID. Its not always prudent to do that."

An even simpler approach is to move gift cards away from the public area, forcing customers to ask a clerk to get them from behind the counter. But that defeats some of the cards attraction. "Consumers look to gift cards as a quick gift item," LaRocca said.

But consumers make purchases based on their beliefs and perceptions, not necessarily on reality. Will consumers see gift cards as unsafe?

LaRocca hopes not, but hes suggesting various things consumers can do to make them more comfortable with gift cards. Among his suggestions: Keep gift card receipts; before purchasing, make sure the PIN on the back of the card has not already been scratched off; and never purchase gift cards from online auction sites, such as eBay, which are popular with thieves.

One gift card site——is partnering with major retailers to sell discounted gift cards officially. Those private sites are much less likely to be attractive to gift card thieves because of the additional scrutiny.

Of course, if consumers shy away from gift cards and try to actually think up personal gifts for loved ones, well, maybe that wouldnt be such a bad thing.

Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at

To read earlier retail technology opinion columns from Evan Schuman, please click here.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.