Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gift Card Hacking

CmdrTaco posted more than 12 years ago | from the where-do-I-swipe-it dept.

News 264

TheSauce writes "MSNBC has this discussion of how easy it is to hack and jack the contents of those lovely Plastic Gift Cards one sees at most Mass Merchants and Consumer Electronics stores. One retailer notes that the odds of this occuring are about at the level of being pickpocketed."

cancel ×

264 comments

Sorry! There are no comments related to the filter you selected.

Theft isn't new. (1, Insightful)

ThroughYourEyes (189368) | more than 12 years ago | (#2762187)

Theft happens all the time. Why is this news?

If security was doing their job, it wouldn't be such a problem.

Re:Theft isn't new. (1)

Phosphor3k (542747) | more than 12 years ago | (#2762192)

Read the article buddy. Its about stealing the numbers off of cards in the stores and reprogramming legit cards to use them as they are activated by consumers.

Re:Theft isn't new. (2, Funny)

Angry White Guy (521337) | more than 12 years ago | (#2762214)

Why didn't I think of that?

Now I can get everything on my christmas list and screw over a horde of people during the holiday season! Isn't technology great, even when it's old technology...

Re:Theft isn't new. (1)

ThroughYourEyes (189368) | more than 12 years ago | (#2762250)

Oh, I read the article.
When I said security, I meant the people programming the cards in the first place. Not the rent-a-cop types you see at the mall store.
Sorry for the misconception.

Re:Theft isn't new. (1)

Vodak (119225) | more than 12 years ago | (#2762194)

Because now little billy can get much more outta that bestbuy card his Mommy put in his stocking.
=]

Re:Theft isn't new. (0, Flamebait)

Anonymous Coward | more than 12 years ago | (#2762202)

Ya know, I bet the cards are built on Windows technology -- that's why they were so easy to break.

Re:Theft isn't new. (0)

Anonymous Coward | more than 12 years ago | (#2762423)

Penalty! Non-sequitur kneejerk Microsoft bashing! Go stand in the corner!

Re:Theft isn't new. (0)

Lughlamfainne (266496) | more than 12 years ago | (#2762213)

and anyone wants to do this why?? that would be my question... or are we *that* bored?
:)

Re:Theft isn't new. (2)

nomadic (141991) | more than 12 years ago | (#2762296)

If security was doing their job, it wouldn't be such a problem.

No, if people had some sense of ethics this wouldn't be a problem. Why does every security lapse mentioned on /. blamed on the victims? Yes, they made a mistake. Yes, there are ways to counteract it. But the way blame is constantly shifted away from the actual criminals here is sickening.

Re:Theft isn't new. (1)

dfn5 (524972) | more than 12 years ago | (#2762322)

You have to realize that we don't live in a utopian society. Everyone in the world isn't an honest person. If that was the case we wouldn't need security at airports. Therefore if a store is going to use a technology such that it is easy for a person to misuse it, they might as well put a sign in their front window saying steal from me. Microsoft is another prime example. Are you going to blame hackers for writing viruses, or are you going to blame Microsoft for making it so easy for one to write viruses. Microsoft would have you believe that the hackers are to blame. I am going to blame Microsft, and I am going to blame the retail store.

Re:Theft isn't new. (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2762340)

Are you going to blame the terrorists for WTC, or the country that is making it so easy with their freedom and openess?

Re:Theft isn't new. (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2762458)

And the US, with more citizens in jail per capita than any other country knows ALL ABOUT freedom.

but its true that (1, Funny)

Anonymous Coward | more than 12 years ago | (#2762188)

gift cards want to be free!

Big Deal (1, Funny)

mlknowle (175506) | more than 12 years ago | (#2762190)

Big deal - this is theft. Why does it get featured on ./ ? Because it involves something remotly technology related. Guess what - it's still stealing - this is no different than rummaging through an open cash register drawer.

Re:Big Deal (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2762200)

Why does it get featured on ./ ? Because it involves something remotly technology related.

Your question provides its own answer, mlknowle.

Guess what - it's still stealing - this is no different than rummaging through an open cash register drawer.

Again, you provide valuable insight. Thank you for countering an article that what was clearly intended to encourage mass-fraud.

Re:Big Deal (1)

Vodak (119225) | more than 12 years ago | (#2762205)

Of course it's stealing, but that's not to say it shouldn't be on slashdot. assholes using technology to do stupid things like this is normal and should be reported.


Would you rather be in the dark to such activities? If so then why why the hell are you even coming to this website to begin with.

Re:Big Deal (0)

Anonymous Coward | more than 12 years ago | (#2762223)

No it isn't stealing anymore than trading mp3s is stealing. It's just information on a card. Nobody gets hurt or loses anything real. It's all numbers.

Re:Big Deal (0)

Anonymous Coward | more than 12 years ago | (#2762401)

Yes, they do. The people's card who was duplicated lose their money.

Re:Big Deal (1)

Lunastorm (471804) | more than 12 years ago | (#2762277)

Big deal - this is theft. Why does it get featured on ./ ? Because it involves something remotly technology related. Guess what - it's still stealing - this is no different than rummaging through an open cash register drawer.

I disagree. Although I'm probably alone in this opinion, I believe that hacking a gift card is not stealing, as nothing is taken out of the store. I am merely exagerating the value of the gift card, which isn't that bad considering how often corporations exagerate the value of their merchandise, thereby inflating inflating the prices to unreasonable numbers. Besides, the store will still receive the money that is used with the gift card. Nobody is hurt.

Re:Big Deal (3, Informative)

Brian Kendig (1959) | more than 12 years ago | (#2762410)

Let's hear you say that next time your girlfriend gives you a $50 gift card for your favorite electronics store, and when you go to use it, the store clerk tells you there's no balance left on the card. He also points to the small print on the card which says (as quoted from the article) "We cannot be responsible for funds used without your knowledge."

The hackers aren't just inflating the value of the card -- they're re-encoding the card so that it represents a card that someone else bought. Sure, they're "exaggerating the value of the gift card," but by lowering the value of someone else's card.

fist pr0st (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2762191)

? fdafsd dsfassda dfs

Strange..."Gift Cards"... (2, Interesting)

Maiko (534130) | more than 12 years ago | (#2762197)

Being in the UK, and in a countryside area at that, I haven't heard of Gift Cards before. Here we stick to paper-based vouchers, or indeed, just to send cheques to people in christmas cards. At least if they are posted and stolen before they are delivered, then it becomes "interfereing with her majesty's post" (Seeing as it belongs to the crown etc etc etc) and can carry up to 10 years in prison. Mmm...handy that...

Re:Strange..."Gift Cards"... (1)

Vodak (119225) | more than 12 years ago | (#2762215)

Personally I see gift cards as a very selfish gift. "I couldn't think of a real present to get you, so I'm giving you this gift of pseudo cash. btw you can only use it at XXX"


Damn if your gonna be so impersonal as to give a gift of money then give something that can be used anywhere.

Re:Strange..."Gift Cards"... (0)

Anonymous Coward | more than 12 years ago | (#2762233)

Selfish? I'd much rather have a gift card to Best Buy or Blockbuster than get some pink sweater from my relatives. If it makes it easier for them to shop, so be it. It's the ultimate in gifting.. give them the cash and they can buy what they want rather than having to guess. I can't tell you how many times I've gotten things I really would rather not have but I've felt too guilty to return because someone went out of their way to buy it for me. I'd rather just have cash or a gift card and I'll get exactly what I want. Maybe you think that's selfish of me but hey, that's what Xmas is about. presents. Lots and lots of presents.

Re:Strange..."Gift Cards"... (0)

Lunastorm (471804) | more than 12 years ago | (#2762286)

Personally I see gift cards as a very selfish gift. "I couldn't think of a real present to get you, so I'm giving you this gift of pseudo cash. btw you can only use it at XXX"

Asking computer illiterate relatives for specific hardware items or software always results in hassles for me. They tend to purchase the wrong versions of items for which I ask, such as the Mac version of Quake 3 when I wanted the Windows version, and the ordinary Microsoft Intellimouse when I wanted the Intellimouse Explorer. Gift certificates and money are much better gifts. That way I won't be busy taking everything back for the right products.

Re:Strange..."Gift Cards"... (1)

Malc (1751) | more than 12 years ago | (#2762355)

Rubbish! I acknowledge that I'm a difficult person to shop for. People's feelings can get hurt as I'm not too good at hiding my reactions... it's hard to hide your reaction when you get something you're not bothered by or even dislike. Some people are very good in this situation, but really, hiding it will do the giver no favours. In fact, a gift certificate for a good independent music shop would be good for me... I really like going and browsing the racks of discs - I can spend hours doing that looking for a rare treasure.

In another situation, consider buying lingerie for a woman... if you buy it too big, she could be upset because she'll think you think she's that big; if you buy it too small, she'll be upset because she'll feel too big. IMHO, it's much better to go shopping together and have some fun, and pick out something you both like that fits the first time ;)

Re:Strange..."Gift Cards"... (3, Interesting)

Jacco de Leeuw (4646) | more than 12 years ago | (#2762218)

We have those vouchers here on the continent too. Of course they are generally protected through security measures and they are made by the same companies which print money, bank cards etc.

It seems the merchants tried to reinvent the wheel with these gift cards. They could have used scratchcards such as for prepaid GSM phones, for instance. These contain a unique random number.

Re:Strange..."Gift Cards"... (1)

jeffy124 (453342) | more than 12 years ago | (#2762240)

gift cards are basically a replacement for gift certificates. whomever came up with them was probably trying to solve a problem with paper certs fraud. the idea is you go to the store, ask for a card with N amount on it, pay, and you're given a card that can be used later. you give that card to the person you wish to. when making a purchase with the card, the amount is deducted from the balance on the card.

the gift cards double for the store as store credit. return an item w/o a receipt? get the amount of your refund on a gift card.

Re:Strange..."Gift Cards"... (1)

Malc (1751) | more than 12 years ago | (#2762334)

They also hope to suck more sales by re-use. I'm sure some people in a hurry will just call the 800 number, put more funds on to the card and then pass it on. That saves them having to even go shopping!

Re:Strange..."Gift Cards"... (1)

DNS-and-BIND (461968) | more than 12 years ago | (#2762345)

Her Majesty owns all of Britain's mail? Jeez, no wonder she's so rich...she must really rake in big piles of gift certificates around this time of year.

Nondisclosure (3, Insightful)

FauxPasIII (75900) | more than 12 years ago | (#2762208)

Interesting... after describing a company who is particularly lax in their security practices wrt the gift cards:


The company's name isn't being published to avoid giving criminals a too-easy target.


Swell. So there's no significant economic reason for that company to change their policies yet. -sigh-
At least Microsoft is internally consistant in their views on disclosure of security concerns... albeit consistantly wrong.

Re:Nondisclosure (4, Insightful)

swb (14022) | more than 12 years ago | (#2762231)

Swell. So there's no significant economic reason for that company to change their policies yet.

Sure there is, its the internal economic justification of the manager in charge of the gift card program. The boss is likely to hear about this, and when (s)he does (s)he will either change the program or get canned.

No one wants an easy-to-rip-off gift card system. It invites attack from other fraud artists (if this system is lax, then others likely are too), pisses off customers and ruins loyalty.

The larger problem is that there's little financial incentive for stores to fix the problem generally (other than being seen as generally lax), since the losses aren't their own, they're someone else's, and even hijacked cards are money made for the store.

Re:Nondisclosure (2, Interesting)

FauxPasIII (75900) | more than 12 years ago | (#2762243)

>> pisses off customers and ruins loyalty.

In a nondisclosure situation, nobody's going to get pissed or be at risk of losing their job until a significant amount of money is already ripped off.
If, on the other hand, MSNBC ran a list of 'top ten shittiest gift card security offenders', this would impel an immediate change be made by those ten offenders, lest they incur huge losses in reputation .

Re:Nondisclosure (2)

swb (14022) | more than 12 years ago | (#2762263)

Most smart managers want to fix a problem before it bites them. The fact that the name of the company ain't in the news has little to do with the amount of internal heat people are facing. You can bet your ass that the MSNBC called a lot of the company's management asking "Did you know how easy your gift cards are to rip off????" and the person in charge of the gift card program, who had probably touted its security previously, will be sitting in the boss' office on Jan 2 answering some hard questions.

At least that's how it'd work where I work.

Re:Nondisclosure (2, Interesting)

FauxPasIII (75900) | more than 12 years ago | (#2762267)

>> Most smart managers want to fix a problem before it bites them.
>> At least that's how it'd work where I work.

In my experience, most companies operate on some variation of the Fight Club 'formula'. In this case, if the cost of closing the security hole is more than the estimated value of the loss of customer loyalty plus the value of any out of court settlements, then it won't get fixed.

Re:Nondisclosure (1)

anthony_dipierro (543308) | more than 12 years ago | (#2762287)

In this case, if the cost of closing the security hole is more than the estimated value of the loss of customer loyalty plus the value of any out of court settlements, then it won't get fixed.

Isn't this the way it should work? Why spend money to fix a problem that virtually no one cares about?

In the case of fight club it's completely different, because we're talking about the loss of lives, not the loss of money. In this case we're talking about whether or not to spend money to stop losing money. A simple greater than or less than approach seems perfectly reasonable.

Re:Nondisclosure (1)

FauxPasIII (75900) | more than 12 years ago | (#2762302)

>> In this case we're talking about whether or not to spend money to stop losing money.

No, we're talking about spending money to prevent your customers from being robbed due to deficiencies in your product. For an obvious (to slashdotters) analog, compare the total number of damages in billions of dollars caused by security deficiencies in Microsoft products, to the amount of actual financial liability incurred by Microsoft itself.
Suppose the company in question is Circuit City. How many hundreds of thousands of customer dollars have to be stolen before the amount of dollars that the thefts cost Circuit City corporate warrants them doing something about it ?

Re:Nondisclosure (1)

anthony_dipierro (543308) | more than 12 years ago | (#2762442)

In this case we're talking about whether or not to spend money to stop losing money.
No, we're talking about spending money to prevent your customers from being robbed due to deficiencies in your product.

Same thing.

For an obvious (to slashdotters) analog, compare the total number of damages in billions of dollars caused by security deficiencies in Microsoft products, to the amount of actual financial liability incurred by Microsoft itself.

Here in the United States we live in something called a free country, where we allow individuals to make stupid decisions. As a result, for better or worse, we tend to have a system when the stupid get poorer and the smart get richer. Compare the total number of dollars lost by idiots who play the lottery to the actual financial liability incurred by the state governments which run those lotteries. When you buy a lottery ticket you take a risk that you're going to lose your money. When you buy software from Microsoft you take a risk that it's not going to work perfectly. When you buy a gift card, you take a risk that it's going to get stolen. As long as these risks are presented upfront, there shouldn't be any lawsuits involved in the first place.

Suppose the company in question is Circuit City. How many hundreds of thousands of customer dollars have to be stolen before the amount of dollars that the thefts cost Circuit City corporate warrants them doing something about it?

The money does not have to be stolen to warrant them doing anything about it, only the potential for the money to be stolen needs to be made aware to the person in charge of making the decision. How much in potential losses are needed depends too much on the specifics such as how hard the system is to fix, how much additional protection the fixes will protect, whether or not there is already a sufficient warning on the product, how much benefit the consumers receive from using the gift cards, what percentage of consumers use the gift cards, whether or not there are laws against charging service fees for the gift cards, how long the average float time is for the gift cards, etc, etc, etc, etc. The "Fight Club formula" is a good summary of these factors.

If you don't like capitalism you shouldn't be in Circuit City anyway.

Re:Nondisclosure (1)

arkanes (521690) | more than 12 years ago | (#2762285)

Well, at the retail joints where I worked, nobody would have the guts to bring this up formally. The managers I've worked with are just putting in thier time like the rest of us, and are more interested in problems that stay under the bed where they belong than in seeking out more work.

Re:Nondisclosure (2)

alen (225700) | more than 12 years ago | (#2762236)

And then there are plenty of dishonest people around who aren't inventive enough to think this up and would jump on the bandwagon if the retailer's name was mentioned. Banks keep stuff like this quiet all the time and just improve internal security.

Re:Nondisclosure (1)

FauxPasIII (75900) | more than 12 years ago | (#2762248)

>> And then there are plenty of dishonest people around who aren't inventive enough to think this up and would
>> jump on the bandwagon if the retailer's name was mentioned.

No doubt. And what do you think would give these companies a reason to change their policies and fix the problem faster than a thundering bandwagon of thieves armed with this groovy new idea to make easy money ?

Re:Nondisclosure (2)

novarese (24280) | more than 12 years ago | (#2762245)

Even worse, they act like they are doing consumers a favor by not spreading the information. The bad guys already know who the target is - they certainly don't get their info from MSNBC. Meanwhile, consumers who have cards from this retailer are oblivious to the fact that they are potentially vulnerable.

Whee (3, Funny)

ErikZ (55491) | more than 12 years ago | (#2762212)


So, after spending hundreds of dollars in equipment, casing the store and memorizing the numbers, your reward is:

Books!
Cans of Paint!
Socks!

The risk/reward here is pathetic. They would be better off stuffing things into their oversized coats during the holiday rush.

Re:Whee (1)

FauxPasIII (75900) | more than 12 years ago | (#2762216)

>> Books!
>> Cans of Paint!
>> Socks!

Easily pawnable goods !
Books, DVDs, CDs, video games can practically be spent like cash money if you have a pawn shop closeby.

Re:Whee (2)

andy@petdance.com (114827) | more than 12 years ago | (#2762316)

Easily pawnable goods ! Books, DVDs, CDs, video games can practically be spent like cash money if you have a pawn shop closeby.

It's always amazed me the lack of ethics that one apparently needs to run a pawn shop: trafficking in stolen goods, and encouraging theft from others.

Re:Whee (1)

FauxPasIII (75900) | more than 12 years ago | (#2762337)

Yeah, I've always wondered why there's not a lot more effort expended to fight petty theft from this direction. If law enforcement is able to crack down on pawn shops dealing in stolen goods, then in one fell swoop they've cut most of the profitability out from under bike theft, car breakins, home invasions, baggage theft (at airports, etc)...

My girlfriend's house was broken into last year. They didn't take ANY cash, but they took a laptop computer, some DVDs, and a whole lot of jewelry. That's where the money is in theft...

Re:Whee (0)

Anonymous Coward | more than 12 years ago | (#2762230)

Or you can use the Best Buy gift cards and use it to buy computer games, computer equipment, blank cd-rs... oh the list is limitless the only thing that matters is the value of the card!

Re:Whee (1)

polter (149311) | more than 12 years ago | (#2762234)

Well, if I were an evil &trade person doing this, I'd target someplace with good stuff like HomeDepot. Snag the numbers and walk out with a laser-guided compound power miter box. (Course H.D's IT group consistently has a clue so it's unlikely that they're vulnerable.). I'm also not evil :)

Home Depot IT no longer cluefull... (1)

george bush (471793) | more than 12 years ago | (#2762445)

well some noteworthy news... Ron Griffiths, the CIO of Home Depot who despised Microsoft quit. a new CEO came in, and the CIO up and quit cuz he didnt wanna stick around under the new CEO. dont be surprised to see all the wonderful Linux POS and non Microsoft Home Depot stuff get chucked out in favor of Microsoft deals and software.

Rumor is that there already was a deal with Microsoft to kill off those Linux POS registers.

at which point, you could just hack the register and not need to bother hacking the gift cards...

Re:Whee (3, Informative)

Col. Klink (retired) (11632) | more than 12 years ago | (#2762363)

I guess you missed the part where they returned the goods for cash...

Re:Whee (2)

Robotech_Master (14247) | more than 12 years ago | (#2762454)

At the K-mart where I work, gift carded goods cannot be redeemed for cash--just for the same sum on another gift card. (It's the same way with goods brought in without a receipt--the customer gets the value of the lowest sale price, which usually isn't much, on a gift card--or else an even exchange.)

On the bright side, one does have to have the actual card, not just the number--at least so far as I know.

Re:Whee (1)

sparkyz (256676) | more than 12 years ago | (#2762372)

I spend all my damn money in the boook store anyway. for me, it would be as good as cash.

Wonder which LARGE retailer it could be? (0)

Anonymous Coward | more than 12 years ago | (#2762220)

Ten to one says it's Walmart. The cards the article describe sound exactly like Walmart's. Another thing that makes me think it's Walmart is that although they are HUGE retailer, they aren't mentioned in the article.

posted anonymously for obvious reasons.

Re:Wonder which LARGE retailer it could be? (1)

Medieval (41719) | more than 12 years ago | (#2762225)

To get gift cards at Wal-Mart, you have to go to customer service and they take one out of a locked cabinet, charge it, and give it to you when you pay. At least, that's how it works at Wal-Marts in the southeast.

Minnesota Walmarts have them at the checkout (1)

swb (14022) | more than 12 years ago | (#2762239)

Which is a good thing, because at the Walmart in my area "Customer Service" more closely resembles the customs area of an east-African country than a place where you go to get helped.

Re:Wonder which LARGE retailer it could be? (5, Funny)

Angry White Guy (521337) | more than 12 years ago | (#2762246)

They sit right out in the open at the Wal-mart in Windsor, Ontario. Just hanging there in the checkout aisle begging to be taken.

Tells you something about:
A) Honesty of Canadians.
B) Trusting nature of Canadians.
or C) Intelligence of Canadians.

I'll let you pick

AWG

Re:Wonder which LARGE retailer it could be? (1)

AgTiger (458268) | more than 12 years ago | (#2762327)

Got news for you: I'm in the Midwest U.S., and Sam's Club (the wholesale side of WalMart) does the same thing.

No country has a hammerlock on stupidity - it's so plentiful!

Re:Wonder which LARGE retailer it could be? (1)

Angry White Guy (521337) | more than 12 years ago | (#2762348)

Damn, I thought that we held the record. Wanna count again, on a per capita basis this time?

AWG

4 out of 5 dentists think that the fifth one is a real jackass!

Re:Wonder which LARGE retailer it could be? (1)

johnmc (66535) | more than 12 years ago | (#2762237)

> Ten to one says it's Walmart

sounds about right, making them the microshaft of the retail world in security circles as well as business practices.

> they aren't mentioned in the article.

umm, not totally true. They are mentioned but only because of the $1/mo. charge on unused cards after a year

Re:Wonder which LARGE retailer it could be? (1)

druiid (109068) | more than 12 years ago | (#2762264)

Sounds to me more like target. I'd have to go look at the gift cards, but from everything they're stating in the article, it sounds like target. If it's not target, walmart would be my next guess.

Barnes and Noble. (5, Insightful)

saintlupus (227599) | more than 12 years ago | (#2762222)

I worked at Barnes and Noble for a while a couple Christmases ago, and here's how their gift card system worked:

When you got the card, it was preauthorized with a certain amount of money in a certain account number, like any other debit card. The account number was on the magstrip of the card, was printed on the card, but was _also_ printed on the gift receipt that came with the card.

Now, all that was necessary to redeem the gift card was that number. But most people just tossed the second receipt. Which meant that a quick swipe through the trash outside the store doors could probably yield a few hundred dollars worth of gift card credit as yet unredeemed.

Nice, eh? Even when we told people expressly not to do it, they still did. Wonder how many got burned.

--saint

Re:Barnes and Noble. (5, Informative)

Grimmtooth (187628) | more than 12 years ago | (#2762282)

The account number was on the magstrip of the card, was printed on the card, but was _also_ printed on the gift receipt that came with the card.


Which is EXACTLY why several states, California foremost among them, have begun to implement consumer protection laws that require that the receipt NOT display the account number and/or the expiry date (depending on the state). I believe in the case of California, it goes into effect on Jan 1 2002.

My company's ready. I wonder how many other POS vendors aren't? :-)

At any rate, it is the store's responsibility to comply, by using compliant POS software. Since it is easier to implement across the board than on a state by state basis, I presume that if a vendor has fixed it for CA, they will be prepared for the other states, too.

Outside the US is not something I'm familiar with.

Re:Barnes and Noble. (5, Insightful)

JordanH (75307) | more than 12 years ago | (#2762307)

Sheesh... Why, oh why, do we need a law to protect people from doing stupid things?

I could see a law where the vendor had to inform you to protect the numbers, but not allow them to give you a slip of paper with the number on it? That's pretty paternal, don't you think?

A lot of receipts have credit card numbers on them, too, which is why you should always dispose of receipts carefully. It's a real convenience to have this reference information on a receipt, and I imagine there's a good business case for having the gift card number on the receipt as well. Makes it easier to bring the card back and get it worked out if the magstrip goes bad, for example.

What we need is a less paternalistic government to train people to be smarter and more responsible for themselves.

Oh, never mind, most people with a public school education have been trained not to think for so long now that any arguments are useless. OK, I give up... What we NEED is for these gift cards to be implanted in a chip in your wrist so you don't accidentally throw them away. That's the law we REALLY need.

Re:Barnes and Noble. (3, Funny)

jeffy124 (453342) | more than 12 years ago | (#2762343)

most places already do this. looking through a bunch of receipts from christmas, Texaco, ShopRite (a PA-area food store), Kmart, Walmart, and Bed Bath & Beyond print the last 4 digits, Levi's Outlet at Franklin Mills Mall prints the whole number.

That's ok for me though, as I know how to protect myself. Dont trash the receipt at the store. At home, carefully cut up each digit individually using a pair of scissors, separate the piles into several seperate trash bins somewhere downtown, the more blocks apart the better.

Re:Barnes and Noble. (1)

jeffy124 (453342) | more than 12 years ago | (#2762309)

a lot of stores are like that. I used to work for KMart back when their cards were intro'd, and it worked the exact same way. The plus for KMart is that (according to the article) is that there is a conf number in the stripe not found on the card and not given to the customer. The only loophole would be a card that had it's stripe damaged, as the clerk would have to punch in the card number printed on the front, nothing else. But this article talks about re-programming the the stripe on the card, which is made difficult by the conf code.

Value and cost of cards (1)

Shant3030 (414048) | more than 12 years ago | (#2762224)

I have worked in retail for many years and stores do not pay as much attention to gift cards as they should because they have no real value. They are like coins at amusement parks, they are only good at the respective stores. To put more money into safeguarding them, would destroy the supposed cost effeciency of these cards. Another point to consider is the switch from paper gift certificates. I believe that this was a much safer way to do business, but stores needed to "get with the times" and have a more electronic certificate. I guess this is one of those instances where advanced technology does not benefit us more than we think...

fear mongering? (3, Insightful)

filtersweep (415712) | more than 12 years ago | (#2762227)

OK, OK... it holds the *potential* to be a problem- big deal. They cited NO actual examples of theft other than the money laundering example, and there are many easier ways of laundering money if you use your imagination.

There have been several local stories about people stealing money order machines, or printing MOs on their PCs... this stuff actually happens all the time, but a nice "holiday piece" about gift cards without even anedotal "evidence" that this is a widespread problem? Gimme a break!

There are no named sources to the story, the internet site they reference is not given, and they only list retailers viewed as less problematic (and give us a nice caveat to explain why). Not only is the problem a "scenario"- the news story itself is a scenario. Boring journalism... might as well be an op-ed piece.

I'm more concerned about issues such as identity theft, etc... at least your gift card leaves no personal identification about you.

HA! (5, Funny)

BiggestPOS (139071) | more than 12 years ago | (#2762235)

According to the Tyler Morning Telegraph, teen-agers used a similar method for using gift cards to steal money from an electronics retailer in Tyler, Texas last December.

I fucking live in this town. I had no idea a vast conspiracy to defraud Best Buy was happening all around me this whole time. I figured this town had the collective IQ of a walnut. The whole time I lived here I could of been hanging out with sk1pt k1dd13z.

What are the odds (1, Troll)

Alien54 (180860) | more than 12 years ago | (#2762238)

What are the odds of something like this actually hapening? How many thieves are there out there with the technical know how to pull this off, compared to the public at large? one hundred? one million?

Most places I know of keep the gift cards at least out of sight, but if they were to keep them out in the open, well that would be sort of stupid, given the scenario.

heck, I even wonder about the telphone cards, which I never use. I would have to go to a store to look at one to see if they have visible numbers on them.

Re:What are the odds (1)

ellem (147712) | more than 12 years ago | (#2762318)

How many thieves are there out there with the technical know how to pull this off, compared to the public at large?

7

Re:What are the odds (3, Informative)

Chanc_Gorkon (94133) | more than 12 years ago | (#2762336)

Around here, the gift cards are just sitting by the register back by the candy (Meijer's and Walmart both did this). They were easy to get, even easier to swipe because they were just glued to the back of a bigger card. To swipe one, one would just have to drop a bunch of cards, and then while bent over, peel the card off the bigger card. Also, I don't know about Walmart, but Meijer's were all precharged. The UPC's on the bigger card were even all the same (probably something like 41250 *****, I used to work at Meijer and all Meijer Branded stuff including the gift cards start with the same 5 numbers.). Thing is most stores don't have the storage or available UPC's to give each card a separate UPC code (only way they could keep the cards as they have them and keep them deactivated until they are scanned). The only way I think they could make these things more safe is if you had to do what you used to do and go to Guest Services and buy the card and have the guest services folks charge a denomination on them by swiping the card. Most of the cards I have seen as of late all had how much money each card held printed right on the card! This was at every place I have been this season including even some of the nicer stores! Meijer did not even have cashier's type in a code or anything to activate them. They just swiped it and the appropriate figure was added to the total along with your groceries. This may have changed, but I agree with the article that it is easy. I doubt many would even have to have the card programmers to steal lots of cash.

Re:What are the odds (1)

AsylumWraith (458952) | more than 12 years ago | (#2762383)

The telephone cards I used to buy when I was poor worked like this:

Buy the card, no authorization procedure. Now, when you dial the 800 number on the back, you're asked for a card number. The card has to be scratched off to reveal the card number. Now, scratching the card off in the store would be pretty conspicuous, (sp?) but also, if you were buying the cards, you would at least be able to know if a card had been compromised (ie, it's on the shelf, but scratched off.)

Seems like a pretty simple, and secure, system to me. Don't know if this is the case with all the phone cards on the market though.

Why not just assign PINs at purchase? (2)

swb (14022) | more than 12 years ago | (#2762253)

Why not just assign a PIN number, stored in the store computer, not on the card, when the card is bought and charged?

Sure some yokels would write the number on the card and get it lifted or lose it, but the same could happen to cash.

Requiring extra information not available on the card would be ideal and would make the type of counterfeiting described in the article very difficult, as long as there was no simple way of resetting PINs. It wouldn't prevent inside jobs or people laundering stolen credit cards, but those types will always be hard to stop.

Re:Why not just assign PINs at purchase? (1)

Nonac (132029) | more than 12 years ago | (#2762300)

PINs won't go over with gift givers. The benefit of a gift card is you can buy it, mail it to the nephew you never see and forget about it. Having to call your snot-nosed nephew to tell him the PIN would defeat the purpose.

Re:Why not just assign PINs at purchase? (1)

Grimmtooth (187628) | more than 12 years ago | (#2762301)

Why not just assign a PIN number, stored in the store computer, not on the card, when the card is bought and charged?


Because a secure PIN requires encryption devices on one end and decruption devices on another.

But, good point on the PIN, if you HAVE a debit card, take the Gift Card and 'cash it out' immediately, then deposit the cash into your bank account. Viola, your money is as secure as your paycheck :-)

Re:Why not just assign PINs at purchase? (1)

Angry White Guy (521337) | more than 12 years ago | (#2762342)

The big thing going for the criminal is speed. A majority of these cards would have been cashed out by the time that they were received. If I were to pull this stunt, I would grab a bunch of cards in November, and then the last two weeks before Christmas, I would copy the numbers of the cards hanging there. Then Christmas eve and Boxing Day, I would cash in on a whole bunch of virtually untraceable consumer goods and electronics. Video games and stereo equipment would be the best bet, as it can be quickly pawned, or sold off, whereas the larger consumer goods are not as easy to dispose of.
Shopping during the christmas rush is the best way to avoid being caught, gives you plenty of time beforehand to watch if the cards you copied have been sold, and get the most value for your ill-gotten dollar.

AWG

But this is only theory, please don't accredit the author when you get busted.

Re:Why not just assign PINs at purchase? (0)

Lunastorm (471804) | more than 12 years ago | (#2762310)

That sounds to me like that would be a huge hassle, such as dealing with activation schemes and serial numbers with commercial software.

Too cute (0)

Anonymous Coward | more than 12 years ago | (#2762259)

Magnetic stripe security expert "Tom Trusty"?? Awww...

Reading comprehension (3, Insightful)

anthony_dipierro (543308) | more than 12 years ago | (#2762265)

?In theory, I think there might be potential for what you?re concerned about here, but there?s concerns for peoples? pockets getting picked, too,? said the spokesperson.
does not mean anything remotely close to
One retailer notes that the odds of this occuring are about at the level of being pickpocketed.

Why not two numbers? (1)

VertigoAce (257771) | more than 12 years ago | (#2762276)

An easy way out would be to put two account numbers with every card. One is printed on the card and is used for the 1-800 number to check the balance. The other number could be on the magnetic strip and be used to redeem the card. All that's left is to watch for shoplifters.

Re:Why not two numbers? (1)

Grimmtooth (187628) | more than 12 years ago | (#2762305)

An easy way out would be to put two account numbers with every card

Do you realize how difficult this would be to implement? We're not talking about a cottage industry here, we're talking about dozens of companys for processing, dozens for the POS systems used, hundreds of actual merchants ... sure, if we were redesigning our financial infrastructure from scratch I would be all in favor of cards with NO real account on the face, smart chips, and encrypted PINs for ALL transactions. but it ain't gonna happen this decade.

Cash out policies with Walmart (0)

Anonymous Coward | more than 12 years ago | (#2762280)

I got one of these at Christmas, and called the helpdesk hotline published on the card - Walmarts' official policy on "cashing out" the card is that it is up to the local store management.

You might want to get there before the run on cashing in the cards...

Why they don't care (5, Insightful)

Col. Klink (retired) (11632) | more than 12 years ago | (#2762291)

I can see why the retailers don't really care. If someone forges a paper gift certificate and redeems it, the store is out the money. The thieves are just printing money.

But when someone forges a stored-value card, they're stealing from other customers. The "value" has already been paid for, so the store doesn't lose anything.

the perfect crime? (3, Insightful)

bo0push3r (456800) | more than 12 years ago | (#2762294)

this had occurred to me some time ago when i saw the ramping-up of these things. i think it kinda started with best buy and spread from there. now every major retailer has them.

one previous respondent had said something to the effect of, "..this is just like digging in a cash drawer.." this isn't just any kind of theft.. it's the ultimate kind! a better imperfect analogy would be: "..the store leaves $20, $50, and $100 dollar bills hanging from displays at the counter.."

if you walk into a store with the intention of stealing, what's the best thing to steal? small, high-cost items. and these items, while never as good as cash, are virtually untraceable if you use the common sense method described in the article.

also, i'm sure you'd be hassled by security if they noticed you jotting gift card numbers in your daytimer, but you don't technically have to shoplift to do this.

the shrink numbers on these things must be fantastic!

Re:the perfect crime? (2, Informative)

tswinzig (210999) | more than 12 years ago | (#2762317)

one previous respondent had said something to the effect of, "..this is just like digging in a cash drawer.." this isn't just any kind of theft.. it's the ultimate kind! a better imperfect analogy would be: "..the store leaves $20, $50, and $100 dollar bills hanging from displays at the counter.."

No, that's a terrible analogy, since you're stealing from the customer that paid for the card, not the store, as you would be if they left money hanging around.

Re:the perfect crime? (0)

Anonymous Coward | more than 12 years ago | (#2762373)

Just so I can clear up a couple points on this (and maybe defunct the article as well to a certain degree) For starters those little pieces of plastic hanging all over most stores, despite the fact them saying they are "worth" $20, $50, $100 if you don't pay for them they are actually worth all of $0.00, that's because they must be swipped at the cash register and activated similar to a prepaid phone card. So the shrink numbers on these are nearly non-exsistant. Also the card itself doesn't hold the value of the card, that's stored off in a database in kilimenjaro, so the only thing you could really do to those cards is change the number that the card has, but then again your not neccisarily changing it to an account that has money and is really a big waste of time in the end.

Is this a joke? (0)

Anonymous Coward | more than 12 years ago | (#2762297)

So the security expert here is named Tom Trusty?

old news (1, Insightful)

Anonymous Coward | more than 12 years ago | (#2762312)

yeah. i've been preaching this for a while. but some of the same problems go for credit cards. the credit card companies have yet to fix their system (to one using cards with little displays and public key encryption), for something like

user's card has a secret. the user also has a secret. then the merchant gives the user a transaction time (or number, or something that changes periodically), the balance, and the merchant identifier. then these are hashed together to give an "authorization number" which the user then uses as a signature. you've got the same physical theft problem (if the user writes down their secret), but you always have that.

why don't the companies implement this? too much of a pain in the ass to change all of their infrastructure. if my card is used fraudulently, i will never pay the first $50 or whatever because of these reasons. it is their negligence.

this would be harder to do with gift cards, but would still be feasible using assymetric cryptography, and some sort of electronic 'gift card wallet'. or you just dont allow consumers to play with the cards until they actually buy one, instead of the stores thinking it's "cool" to just have them sitting there, because they're not activated until you buy them!

What about re-programming the mag strip? (1)

seigniory (89942) | more than 12 years ago | (#2762315)

You still need to reprogram the magnetic strip of a similar card for everything to work (assuming magnetic and not bar code cards).

The stereotypical "pickpocket" they mention ain't likely to have tools like that.

Can we fit all of this in a gift card? (-1)

The WIPO Troll (267426) | more than 12 years ago | (#2762320)

By J. Wipo Troll, Esq. [slashdot.org] , $Revision: 1.16 $
[This article attempts to document a vile, ungodly practice that runs rampant through the homosexual geek and hacker community, a practice known as Taco-snotting, or simply snotting. Taco-snotting is something that few geeks dare talk about in free or open conversation, but it is nonetheless a widely-practiced and dangerous form of homosexuality. If you or anyone you know has ever engaged in Taco-snotting, please get professional help [adequacy.org] before it is too late. ed.]

Why do I keep receiving emails from an individual calling himself CmdrTaco?

You have been receiving unsolicited mailings from a certain
Robert CmdrTaco Malda [cmdrtaco.net] , owner of the popular technology website slashdot.org [slashdot.org] . Actually, its not a very popular site in the common sense of the word; the site is rife with pimply, antisocial geeks and hackers, zit-faced nerds, communists, dirty GNU hippies [yahoo.com] , and other societal rejects and outcasts. Its also home to one of the worlds largest suspected pædophile rings, the infamous Slashdot crew.
Whenever Mr. Malda gets bored (and who wouldnt, running a site like
Slashdot all day), he roams through the user database, penis in hand, looking for people who might enjoy engaging in homosexual activities with him. How he determines this is anyones guess; but if you have a homosexual-sounding nickname, or a nick with a letter of the English alphabet in it, youre a potential candidate.
This time, he found
you. Lucky you.

Mr. Malda seems to be speaking in some sort of code. Do you know what it means?

CmdrTacos code language is relatively easy to decipher. This pervert prefers to speak in thinly-veiled sexual innuendo (yes, thats right: he wants you) to evade the watchful eye of Slashdots parent corporation,
VA Software [yahoo.com] . Mr. Maldas Commander is, of course, his penis: a small, withered little thing that lives in his pants and only comes out in the presence of other male geeks or at the beck and call of Maldas own lubed-up right hand. His Taco bells [sonymusic.com] are the shriveled testicles that droop beneath his Commander, and his Taco sauce is his thin, runny semen. It should be more than obvious to you now what he means if he asked you to ring his Taco bells or taste his gourmet Taco sauce.
I would also guess CmdrTaco asked you to engage in a practice known as Taco-snotting and, if he was in a particularly depraved mood at the time, a circle-snot.

Good Lord. And, yes, he did. What is Taco-snotting?

Taco-snotting is the term used by Robert Malda to refer to the depraved act of fellating another man (homo- or heterosexual; CmdrTaco is rumoured to prefer raping unwilling victims), then blowing the semen out his nose and back onto the face and body of his victim. Naturally, a long, bubbly stream of milky-white semen is
left on CmdrTacos face [go.com] , dribbling out of his nose and down his cheek: hence the term, Taco-snotting.
And if thats not bad enough
A circle-snot is a Taco-snotting
circle-jerk, another practice common among the Slashdot crew [bastardgenres.com] . CmdrTaco, CowboiKneel [aol.com] , and Homos get together and snot each other with their gooey, sticky cum spooging their jizz-snot all over each others faces and pasty, white bodies, until theyre covered head to toe with their own and each others man juice. This vile, ungodly ritual can go on for hours. For the homosexual penetration that follows this lengthy foreplay, Roblowme is usually there to provide plenty of anal lubricant; he owns a limousine service and has ample supplies of motor oil and axle grease ready to go.
To complete this perverted orgy, fellow faggots Michael, Timothy, and Jamie will usually join in, dressed in tight leather mock-S.S. uniforms, jack boots, and leather gloves. The homosexual shenanigans that follow are nearly beyond description. The whole group begins to snot each others spunk and whip each others pudgy asses with riding crops and chains until their pale, white geek bodies are exhausted and soaked in stinking sweat from the hours of passionate, homosexual revelry.

Ewwwwww. So, can I stop receiving these emails?

Hopefully, but I wouldnt count on it.
To begin with, you most likely forgot to uncheck the Willing to Snot checkbox in your account preferences. CmdrTaco has probably already got the hots for your wad (do you have a homosexual-sounding nick?), and hes probably already been lurking outside your bathroom window for weeks with a camera, some tissues and lube, just waiting to pounce and declare you his new bitch. Theres no escaping a geek in heat (trust me), so its probably too late for you, but you can possibly rectify this situation. To remove yourself from CmdrTacos sights, log into your Slashdot account, go to your user page, click on
Messages, and uncheck the box next to Willing to Snot. Maybe hell ignore you. Probably not.

I cant stop receiving these emails from CmdrTaco!?

If you indulge him in a Taco-snot or two, he
might leave you alone. You might also want to look into mail filtering, restraining orders, or purchasing a heavy, blunt object capable of warding off rampaging homosexual geeks in heat. Trust me, when they charge oh, the humanity. If he gets you, and you let him Taco-snot all over you, you will most likely end up tied up in his basement to be used as his sex slave for the rest of your life (or until he accidentally drowns you in spunk in a circle-snot).

Have you ever been Taco-snotted?

Unfortunately, yes. I first met Mr. Malda at an
Open Source Convention [amazon.com] . He invited me back to his room for a game of Quake and some gourmet Tacos, but when I got there, the perverted geek jumped me and handcuffed me to his bed, stripping me. After taking his Commander out of his pants, Mr. Taco made me suck the withered thing six times, virtually nonstop. He then performed his vile Taco-snotting ritual on me three times over the next two hours, bringing me to orgasm after orgasm after sweaty, mind-numbing orgasm then he snotted my own thick, gooey jizz back onto my face out of his nostrils! He snotted me two more times, first into my mouth, then again on my exposed belly.
CmdrTaco invited several of his Open Source (or rather, Open Sauce man sauce) buddies over to continue their ungodly snotfest. European hacker and known überfaggot Linux Torvalds
raped my ass [yahoo.com] with his monolithic kernel [yahoo.com] ; his partner-in-crime Anal Cox used their network stack in a multitude of unspeakable ways on and in every orifice of my defenseless, tender, young body. Michael Sims was there in his leather Nazi uniform, caning my previously-virginal ass with a bamboo pole and ranting about all those Censorware [spectacle.org] freaks out to get him.

That is so disgusting! How did you finally escape?

After about 16 hours of countless unholy, homosexual atrocities perpetrated against my restrained body, they all finally went to sleep on top of me, sweat-soaked and exhausted. I was left there, completely covered in bubbly, translucent jizz-snot, chained to the bed, with half a dozen fat, pasty-white fags lying around and on top of me. Fortunately the spooge coating my flesh worked wonderfully as a lubricant I was able to squirm my way out of the handcuffs and slip out the back door (of the apartment, not their back doors). Im just glad I survived the awful ordeal. These sexually-repressed hackers had a
lot of built-up spunk in their wads I couldve easily been drowned!

Thats horrible. Does Taco-snotting have anything to do with CmdrTacos special taco?

No, thats a different disgusting perversion CmdrTaco indulges himself in. Mr. Malda is usually not satisfied with merely snotting your own jizz back onto your face, he most often enjoys involving his own bodily fluids in his twisted games.
WeatherTroll [slashdot.org] has spent some time trying to educate the Slashdot readership [slashdot.org] about this vile practice (emphasis added):
You may be wondering what CmdrTacos special taco is. You will be wishing that you hadnt been wondering after you finish reading this post. To make his special taco, CmdrTaco takes a taco shell and
shits on it. He then adds lettuce, takes out his tiny withered dick (otherwise known as his Commander), puts his special taco sauce on it which means he jacks off on the taco, and adds a compound to make the person who eats the taco unconscious. Of course, the compound does not make the person unconscious until the taco is fully eaten. Thus CmdrTaco force-feeds the taco to the unsuspecting victim. After all, who would knowingly eat shit and CmdrTacos jizz?
After the victim is unconscious, he is held against his will and used for CmdrTacos nefarious homosexual purposes. This includes shoving taco shells up the victims ass, Taco-snotting, and getting Jon Katz involved. Trust me, you do not want Jon Katz anywhere near your unconscious body. Also, rumor has it CmdrTaco is looking for a new
goatse.cx guy [goatse.cx] . Dont let it be you!
Different ungodly perversion, yet no less revolting. It should be clear to you now that Robert CmdrTaco Malda is a very, very sick individual, as are most of the Slashdot editors.

Does Jon Katz get involved in any of this? I thought he was a pædophile, not a homosexual.

Actually, Jon Katz is a
homosexual pædophile. Hes also a coprophiliac, and, many suspect, a zoophile.
Mr. Katz is somewhat of a loner and doesnt involve himself in the circle-snots, but that doest mean hes any less of a freak than the rest of the Slashdot crew. Katz often engages in a game called
juicy-douching [aol.com] with a harem of little-boy slaves that he has collected over the years: yet another vile practice which involves administering an enema to himself of the little boys urine (forced out of them with a pair of pincers), spooging the vile muck from his ass back into the enema bag, then dribbling and slathering the goo all over himself and the boys chained, naked bodies. If hes in the mood, he will sometimes skip refilling the enema bag from his distended anus and just squirt it from his ass [microsoft.com] onto the crying, terrified boys. Unwilling boys are further tortured with the pincers until they comply and allow Mr. Katz to juicy-douche them at will. A boy will usually last about two years before Mr. Katz either accidentally drowns them in diarrhea or kills them once they get too old, usually around 13 or 14.
Not content with being a pædophilic coprophile, Mr. Katz is
also quite the zoophile. As if the sexual escapades with the helpless little boys arent enough, Jon usually enjoys his juicy-douches best when his penis is firmly planted in a female goats anus [yahoo.com] . He is also rumoured to get off on watching his little boys eat the goats small, bean-like turds, and he often kills his older boys by letting his goats trample them.

Are you getting hard writing this?

Why, yes. :) Join me in a WIPO-snot?

No, thanks. Im already CmdrTacos boi toi.

________________________________________
$Id: tacosnotting.html,v 1.16 2001/12/28 21:20:03 wipo Exp $
Copyright © 2001
J. Wipo Troll, Esq. [slashdot.org] Verbatim crapflooding of this document is permitted in any medium, provided this copyright notice is preserved, and next time you take a dump, you think of the WIPO Troll and all hes done to make Slashdot a better place.

What the hell is wrong with legal tender? (2, Flamebait)

Robber Baron (112304) | more than 12 years ago | (#2762321)

Remember what we did before all these plastic cards and shit came out? That's right...we went to the bank and took out pieces of paper with numbers printed on them and the words: this note is legal tender printed across the bottom...and we got along just fine. Wanna give someone an impersonal gift because you can't think of what to give them or can't be bothered shopping...put a couple of these pieces of paper in an envelope and give it to them! Need to send it through the mail? Write cheque or get a money order! I don't even like using my ATM card for purchases...I prefer withdrawing the cash and paying with that and nothing pisses me off more than having some dingbat in line in fromt of me trying card after card and none of them seem to work (especially the express lane at the grocery store, which is supposed to be cash only!). I especially love it when once in a while I encounter a merchant that's flirting with the idea of no longer accepting cash payments..."Uh, what part of this note is legal tender don't you understand?
No...those pre-loaded "gift cards" are a sucky idea that needs to go away. (I guess they're great if you're the merchant and it's your "policy" not to give out the balance left over on the card in cash...)

Re:What the hell is wrong with legal tender? (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#2762362)

The whole "legal tender" thing is ancient 1800s law, merchants can accept whatever they want. You don't like it, do business elsewhere. Cash is on the way out, anyone who deals in large amounts is extremely likely to be a criminal (the Sept. 11 hijackers purchased first-class tickets with cash).

Re:What the hell is wrong with legal tender? (0)

Anonymous Coward | more than 12 years ago | (#2762379)

How can you read this website, and still be so backwards? I'm sure when the switch from a barter economy to a cash economy was happening, there was a guy just like you, rambling on about how if he wants a cow, he'll just carry 15 bushels of wheat to the market and get one. I suppose you dont' use calculators either, since a pencil and paper works.

Skimming by employees (0)

Anonymous Coward | more than 12 years ago | (#2762324)

Whats to stop an employee from inputting half the money you give them into the card and pocketing the rest? There's no inventory the store could keep track off on these things, and no way for you to see what they are typing into the terminal. A barely supervised employee at a reatiler could easily pull this off. This is the much bigger risk than mass fraud by customers IMO.

This kind of thing is trivial, unfortunately ... (1)

JoeGee (85189) | more than 12 years ago | (#2762325)

I knew someone (who has now gone into hiding, imagine that) who used the equipment he had purchased for making "test" DSS cards to alter dollar values of BP gas cards. He could alter any "smart" card with a DSS-like interface, and in this case he wasn't hijacking money, he was actually creating it.

These people are getting the ID numbers from gift cards and re-using them. That's really no different from the old dumpster-diving-for-credit-card-carbons scheme, it just uses a new medium. I suspect if you could figure out how these numbers are generated it would be easy to create a program that spared you the effort of opening up trash bags full of store receipts and old Starbucks coffee cups.

You can't get ahead of the bad guys, you can only hope to keep up with them. The thing is, if you're not constantly working to keep up with them, you've already fallen behind.

solution is MSN shopping (1)

stefaanh (189270) | more than 12 years ago | (#2762335)

As such a gift card is as vulnerable to theft as anything else in your wallet, this isn't even an subject to write about. Unless...
Didn't you notice that MSNBC wants you to go to the safest shopping mall around: MSN shopping online! Pretty assimilated with the rest of the page is this clear message. Now we know the reason of the fud. I wonder how much of this poison goes unnoticed.

One reason stores like these (1)

Fifth of Five (451664) | more than 12 years ago | (#2762357)

I generally get a gift card or two each year, usually to one of the major bookstore chains here in the US. One thing I notoce all the time is that if I have a $20 gift card and spend, say $17.45 I get the card back with $2.55 credit remaining. Care to speculate how many such cards are never fully redeemed? I buy alot of books, so I use them up, but I'd be willing to bet that a not-insignificant percentage of these cards are never fully spent. Back when I used to get Gift Certificates any small change was usually (though not always) returned as cash. Not any longer...

I hate nationally syndicated stupidity (4, Informative)

Grimmtooth (187628) | more than 12 years ago | (#2762361)

By way of boda fides, I work for a POS (point of sale) vendor that just happens to support the processing of said gift / stored value cards. As a result I have had to become very familiar with the mechanics of the whole thing.

So, a few comments:

  • Despite what MSNBC would tell you, Debit cards are not protected from theft by a lack of visible account number. Rather they are protected by encrypted PIN.
  • Despite what MSNBC would tell you, you can buy card writing equipment without going to the black market. They are perfectly legal. They just cost BIG bucks, and that's why most people don't have one :-)
  • The theft method described to lift account numbers is no different than what is done with credit cards, except in the case of the latter you have to work harder to get a valid account number. Anyone with a card writer WOULD know how to do that, trust me.
  • Credit cards are a far greater risk because they are unrestricted in where they may be used, unlike gift cards.
  • Be aware that most gift card processors allow for the process of 'cashing out' the card. Provided the store allows, there's no reason that there would be unclaimed cash left on the card. Of course, those merchants that do NOT allow cash-out are the ones to be concerned with.


Slow news day, plain and simple.

this isn't a huge deal (0)

Anonymous Coward | more than 12 years ago | (#2762446)

In order to alter these cards you need a magstripe reader. These are VERY expensive. And you also need to decode the gift card format. So this isn't a hude deal, maybe one or two gift cards will be forged in the whole world. So what.

did I say reader?? (0)

Anonymous Coward | more than 12 years ago | (#2762456)

Sorry, I meant writer. You can get a reader that hooks up to a PS2 port for about $10.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>