In August, supermarket chain Lidl had to deal with hundreds of customers who contacted it to claim £45 print-at-home gift cards which they said the company was offering on Facebook to celebrate its anniversary.
Despite ruining businesses, gift card scams aren't receiving the attention they deserve just because they don't interfere with customer data.
Lidl had to write an official Facebook post to let its customers know that the gift card offer was a scam by cyber criminals and that all company offerings could be viewed on its website's competitions page.
Lidl should feel relieved that it escaped without a scratch after being targeted by another of hundreds of gift card scams emerging across the country. It did so because it wasn't offering any such gift cards.
However, a majority of gift card scams don't involve artistic interpretations by criminals. Instead, they involve cloning gift cards issued by businesses or merely stealing gift card numbers which doesn't involve much effort. Mag stripe numbers on gift cards can also be easily read by mag stripe readers that are easily available.
At the same time, a large number of gift cards do not come with security PINs and all a criminal needs to do is either steal a gift card from a store or clone it to take advantage of existing offerings. Criminals also transfer balances from one gift card to another on merchant websites and once enough balance is accumulated on a card, convert it into cash.
The success rate of gift card scams and the ability of cyber criminals to get away with it all the time has emboldened them further. Last week, the Australian Financial and Cyber Crime Group warned that scammers were trying to persuade citizens to use their iTunes gift cards to pay for services at certain stores. Hackers went to the extent of telling people on social media that the Australian Taxation Office was accepting iTunes gift cards as fines!
The ways in which hackers can gain access to gift cards issued by businesses are many. A large number of medium and small businesses store their gift card numbers in Excel files or other documents in unsecured systems which the hackers can gain access to relatively quickly.
At the same time, hackers can also use phishing tactics, social engineering, and SQL injections to get employees at businesses to divulge details on gift cards, including balance limits, validity, and numbers in circulation.
Even though a gift card scam may not land a business owner in jail or draw a rebuke from the Information Commissioner's Office, it severely damages a business' ability to carry on functioning while sustaining financial losses at the same time.
Businesses, however big or small they are, must take additional care to securely store their gift cards, secure them with PINs to prevent cloning and limit online balance lookups to ensure hackers cannot keep track of any change in balances. These steps would be more crucial during holiday seasons when the number of gift cards in circulation would be multiple times the number on an average day.
Customers can also prevent cyber criminals from duping them by accepting gift cards from authorised retail stores and genuine websites rather than from offerings posted on social media. At the same time, they must avoid filling up forms on the streets or online in exchange of gift cards as these are the most common ways for criminals to gain information on citizens.