Does this mean that giftcards are secure financial tools for retailers and consumers? Not necessarily, but today's giftcards are certainly no less secure than traditional credit cards, with most retailers and issuers willing to be flexible with consumers who have been burned.
The most popular giftcard fraud rumor hitting Web discussion forums and many newspapers is that there are bands of thieves who copy down giftcard numbers out in the open and then wait for a hapless consumer to buy?and thereby activate?the card. The thief then uses the card anywhere he doesn't have to physically present the card, such as online.
It may be an interesting story, said giftcard fraud expert Paul Cogswell, but it won't work and it likely never did.
"It flat out won't work for you," said Cogswell, the VP of loss prevention for CommData Inc., which issues about half the giftcards used in the U.S. "This is a recycling of an urban myth. It's rare if ever that you've had a giftcard retailer that wouldn't have anticipated this scam."
The giftcard industry has gotten a lot more sophisticated in the last few years and now use quite a few security methods. The simplest one is to cover some of the identification number with a scratch-off adhesive, which makes it obvious that the card has been tampered with. An alternative approach is for retailers to use packaging that obscures much of the giftcard number.
Using a supplemental code?akin to the credit card's CVC (card-validation code), which is not embossed on the card?is another popular tactic. That requires merchants to insist on the supplemental code, which not all retailers do.
But more recent high-tech approaches include capturing phone number calling in to check giftcard balance status?they use toll-free numbers, which can grab the incoming number even if caller-ID-block is used?and running them against a database, looking for various patterns. If a particular unused card's balance is checked?suggesting a crook checking to see if it's been activated yet?the card is disabled and the calling number can be blocked. The records can also show other card numbers that phone number has checked into, allowing them to be cancelled as well.
If the giftcard checking is done online, IP address tracking has also gotten more sophisticated. Security video camera footage is also now being catalogued, theoretically allowing footage to be matched to specific transactions. Let's say a Starbucks customer complains that the giftcard balance is lower than it should be. That customer might be able to have them access footage of the crook using the bogus card replica.
But there are indeed many ways that crooks today can use giftcards effectively. The most popular method is using a giftcard to, in effect, extend the life of a stolen credit card. Under this scenario, the thief steals the creditcard. A few years ago, that card would have likely remained active for a few days after it's reported stolen, said Joseph LaRocca, the VP of loss prevention for the National Retail Federation.
Today, however, the nation's POS networks will likely have that card invalidated within minutes of it being reported stolen. That gives the criminal a very small window after the theft to access the money. A popular tactic is for the thief to immediately use the stolen credit card?while it's still active?to purchase as many giftcards as possible, using up as much of the credit card's balance as possible in the available few minutes.
Today's networks do not automatically link giftcard numbers, so it will likely take a day or two?or more?before the police will identify what was fraudulently purchased. Once the credit card is shut down, police often don't see a need to rush. Once the police contact the retailer, it will take more time to identify the account numbers of the giftcards that the thief purchased.
The connection will eventually be made, but it gives the thief a lot more time to convert the card into cash, either by purchasing products and then quickly selling them or even by selling the giftcards themselves, often at auction sites, LaRocca said.
Regarding the traditional giftcard fraud, much of it is up to the retailer to protect their cards. Smaller retail sites are the ones most likely to forego seeking additional security, but that's not an issue for giftcards because "a lot of the smaller players don't take giftcards online yet," LaRocca said.
One security tactic that is not typically used yet is seeking photo id from customers using giftcards in stores. LaRocca doubted many retailers would want to bother giftcard customers by asking for additional identification.
The only benefit would be if the POS system was modified to allow for the cashier to enter the identification data. "So let's say they capture it electronically. People don't want to wait in line," LaRocca said, for a very small boost in fraud-prevention for an offense retailers they are simply not seeing that often. "Weigh that against a cashier asking everyone in line for ID. It's not always prudent to do that."
An even more simple approach is to move giftcards away from the public area, forcing customers to ask for a clerk to get them from behind the counter. But that defeats some of the card's attraction. "Consumers look to giftcards as a quick gift item," LaRocca said.
But consumers make purchases based on their beliefs and perceptions, not necessarily on reality. Will consumer see giftcards as unsafe?
LaRocca hopes not, but he's suggesting various things consumers can do to make them more comfortable with giftcards. Among his suggestions: keep giftcard receipts; before purchasing, make sure the PIN on the back of the card has not already been scratched off; never purchase giftcards from online auction sites, such as EBay, which are popular with thieves.
One giftcard site?called PlasticJungle.com?is partnering with major retailers to sell discounted giftcards officially. Those private sites are much less likely to be attractive to giftcard thieves because of the additional scrutiny.
Of course, if consumers shy away from giftcards and try and actually think up personal gifts for loved ones, well, maybe that wouldn't be such a bad thing.