The holiday season is upon us. Besides spending time with family and friends, we also find ourselves searching high and low for the perfect gift for those special ones in our lives. Many times, we believe a gift card will do the trick. However, what if the person receiving this gift card from you was unable to use it? What if the credit on the gift card has already been used? This is a likely and realistic scenario in the current age of hacking.
Gift card security is a topic of recent concern amongst a number of popular corporations including Best Buy, Starbucks, and Toys R Us. Originally, gift cards were simple cards with a serial number on the back of the card. Once purchased, the serial number and the credit associated with the card is activated. Although the most logical approach, this technique of activation has become very vulnerable to theft. Gift card hacking has become a common enterprise and corporations are feeling the consequences. Individuals will go to the counter, write down the serial numbers on the card, and periodically check online as to whether the card has been activated or not. Once activated, the hacker will go on a online shopping spree with no trace of who they are. Neither the owner of the card nor the company has any control. Obviously, something needs to be done.
This holiday season, new and improved activation techniques are in place to ensure the right people are using these gift cards. Stores are investing into various mitigation techniques to reduce the risk of theft. One precaution taken by virtually all stores is selling the cards behind the counter- enhancing security. Another mitigation technique that is being used is coating the back of the gift card. The coating is to then be scratched off to access the serial number before being able to purchase any desired products. Yet another procedure being initiated by stores is passwords attributed to specific gift cards so that the purchaser has the sole ability to use it. All in all, small steps are being taken to avoid the risk of gift card theft.
Overall, in my opinion, the whole gift card industry is a very high-risk enterprise. Individuals who chose to circumvent the law will find ways to acquire gift card information. I do believe mitigating the risk within the stores is the first and most important step that needs to be taken. An idea I have not heard much about is sealing the entire gift card with an envelope of sorts. Another idea would be to have an activation code in order to access the serial number on the card. Finally, another idea would be instituting identity checks when using the card. Signatures and photo identification could be useful with in store purchases while social security numbers and other personal information be required for online purchases. All these minor mitigation techniques might seem small in the overall picture but if enough hurdles are presented to hackers, the risk of the gift card will be lessened.
Source: http://www.schneier.com/blog/archives/2006/12/gift_card_hack.html
Thursday, December 10, 2009
Subscribe to:
Post Comments (Atom)
Posts
This article reminded me of another gift card scam that I have heard of. Sometimes when a person purchases a gift card with cash, the employee checking them out will take the cash, swipe the gift card to activate it, give the purchaser a receipt, and then as soon as they leave, go back in the computer and deactivate the card and simply pocket the cash. The purchaser obviously gives the gift card as a gift and when the receiver tries to use the gift card, it says that it was not activated and there is no money on it. This happens a lot in restaurants because the employee has to go in the back to complete the purchase of the card, so the purchaser never sees the cash go into the register. I agree that the security of gift cards is very difficult to keep track of because it is basically cash in the purchaser's hands, but all you need is a code to use it.
ReplyDeleteWow this is something totally new for me. I purchase gift cards all the time, especially for birthdays and around Christmas time. However, I never thought the person that I was giving the card to could potentially not have access to it. I know when I use them in stores, they swipe with no problem, but if I make online purchases, I must register the card before I can use it. Maybe if manufacturers placed a special code on the receipt that would require the purchaser to activate the card before usage, it would stop some of the issues with hacking.
ReplyDeleteGift cards have some great potential for hackers. When using a credit card, numbers are sent to the bank for approval. This is why creating fake credit cards are soo difficult. When you consider how a gift card works, it is ran into a computer system and the computer system alone grants spending approval. Through all that we have learned in this class, the first thing we should immediately assume is that a stores computers can be easily hacked into. The ability to hack into computers and add gift card approval numbers to the database is so easy that even a student in this class could do it with a little help. With my family in the "gift card" business, we had to take many precautions. Gift cards will need to be much more advanced as the years continue.
ReplyDelete