Here's a link to an article on MSNBC that I found interesting --
http://www.msnbc.com/news/598102.asp?0dm=C216T&cp1=1
Many retailers are replacing paper gift certificates with small plastic
cards containing magnetic stripes, similar to credit cards. Ideally, the
purchase of a gift card would result in a database being updated to reflect
the balance associated with the card's unique account number.
Some retailers are using sequential account numbers and have no provisions
to protect against a thief using a mag-stripe reader/writer to re-program a
stolen card or small denomination card so that it matches the account number
of a larger valued card purchased by someone else. Many retailers even
provide a convenient 1-800 number so that the thief, knowing many valid
account numbers, can "shop" for a card of significantly greater value.
The RISK: A form of fraud, difficult to trace, involving a minimal
investment in equipment by the thief. Also note that the thief only
requires the ability to query the back-end database (through the toll-free
number), not the ability to manipulate the records. Perhaps more ominously,
the risk is angry family members who find a zero balance on their gift
cards!
Solutions: One retailer, mentioned in the article, uses optical bar-coding
which can't be re-encoded without defacing the card. Another follows a
technique used by many credit card companies -- extra check digits are
included in the mag-stripe that are not visible on the face of the card. It
seems astounding that this isn't being done by all. [Tim Christman via risks-digest Volume 21, Issue 86]
0:00
#
G!
