GIft card scam - how does this work?

[widebody911]

My wife bought her mother a Safeway gift card and mailed it to her in San Diego. When the MIL went to use it, the balance was zero. The wife calls Safeway customer service, but to file any sort of complaint, you have to have the card in-hand, so the MIL mails the card back.

Wife gets the card today and checks the balance: yup, it's zero. However, you can query the most recent transactions. The very next day, while the card was in the mail, it got used at a Safeway in South Sac at 4:00-something in the morning for gas and then at the adjoining mini-mart.

I'm trying to figure out how they pulled this off. Was this some cashier sleight-of-hand? Someone getting the number and using it with a different physical card? That's what they did the last time my credit card was compromised - they captured the mag stripe details and dummied up a card. The scam fell apart because the chip wouldn't read, although they let a couple of high-dollar sales go through before slamming the door shut.

So how did they pull this off?

[Arizona_928]

that would be my guess; the cashier swapped out cards.
don't see that it was compromised in the mail, as usually the mail carrier steals the physical card.

[Por_sha911]

Does you MIL have a rap sheet?
Never use a card when the numbers on the back have been revealed under the scratched off. Scam artists write down the number and then put the card back on the shelf and they then check online every day until it is loaded and then empty it out.
Or
Cashier swapped the card. Always check the balance of the card after it is paid for "to see that it loaded correctly". Just before you leave ask to see the balance and get a receipt showing the amount. Watch to make sure you get the card you paid for back into your hands.

[masraum]

https://www.consumerreports.org/scams-fraud/gift-card-scam-thieves-can-drain-money-off-cards/

Quote:

A Simple Scam

The process of stealing the money off gift cards can vary. With the simplest method, a hacker takes cards off the rack, writes down the gift cards' numbers, and scratches off the strip on the back of the cards to get the security codes.

Once he has that information, he puts replacement strips—easily available online—over the codes and exits the store.

Later, after you buy one of those cards and load money onto it, the hacker gets an alert that tells him that the funds have been loaded onto the card.

"The crooks can see as soon as someone activates the card, because they've automated all this with software that periodically checks the card balance via the internet," says David Farquhar, a unit chief within the FBI's Criminal Investigative Division who explained the crime techniques to Consumer Reports last year.

But some gift card providers have safeguards. "If a card has not yet been sold and the number has been pinged online multiple times, the retailer will shut that card down," says Teri Llach, chief marketing officer for Blackhawk Network, a major provider of gift cards in-store and online. "The system identifies cards that may be compromised."
Laundering The Money

Because gift cards generally can't be redeemed for cash, after the crook finds cards with funds on them, he then starts a roundabout process of laundering the money.

For example, he might place an ad on a consumer-to-consumer online marketplace or auction website for an item that he doesn't actually own, say, a video game console that sells for $600 in a retail store but that he is selling for $500. When a buyer quickly snaps up that deal, the buyer sends his clean money to the fraudster.

The criminal, meanwhile, uses the dirty money loaded onto the stolen gift card to purchase the console from an online retailer, which ships the game player right to the buyer.
Botnet Attack

More sophisticated hackers skip the physical gift cards on racks in stores and go directly to the websites where consumers access their gift card balances. There, the hackers attack using botnets, networks of thousands of hijacked individual personal computers and Internet of Things (IoT) devices, which carry out automated actions.

The botnets test millions of combinations of gift card account numbers (which may follow discoverable sequencing patterns) and stolen PIN passwords to try to log into online gift card accounts that have money loaded onto them. The botnets try to avoid detection by mimicking individual human browsing behavior and blending in with a website’s genuine visitor traffic.

In one such “brute force” attack on a gift card website earlier this year, a botnet dubbed GiftGhostBot logged up to 4 million gift card balance requests per hour by testing a rolling list of potential account numbers and PINs, says Rami Essaid, CEO of Distil Networks, a company which detects and defends businesses against botnets. When the botnet finds a money balance, the hackers can sell the account number on the criminal dark web or use it to purchase goods directly.

“More than 90 percent of the login activity for online accounts set up to manage gift cards is coming from botnet attackers who want to take over accounts,” says Shuman Ghosemajumder, chief technical officer for Shape Security, another firm that defends company web and mobile applications from automated cyberattacks. Not all gift card companies use botnet defense services.

[LakeCleElum]

For Christmas and Birthdays, I have quit sending gift cards.....Either scams like this or they get put aside and never used......Now, I just send a check. One sent to grand daughter for Christmas was just cashed last week.

[Bill Douglas]

Quote:

Originally Posted by widebody911

Safeway in South Sac at 4:00-something in the morning for gas and then at the adjoining mini-mart.

The police may want to know this as the scammer (thief!) will be on security cameras.

[john70t]

Who cares? That is Safeway's internal problem.

They owe the elderly lady payer an apology for making their entire company credit system so vulnerable to outside theft by design.
And their review system so complicated.
And then they owe her equal compensation plus the next time she shops.

[Tidybuoy]

I purchase many $$ thousands of gift cards every month for our plant bonuses. I get cards from Walmart and they come to me with a zero balance until I activate them with a special code I got when I made the purchase. This is what all retailers should do now days.

One time, I got a random shipment from Walmart that included $27k of giftcards. Unfortunately for me, they did not work. When I reported this to Walmart, they told me to just distroy the cards. Although I didn't do this, I thought it might be fun to just sprinkle them in a Walmart parking lot I eventually ran them all thru the shredder (all 10 boxes of cards).