Susan Leibowitz figured she had found the ideal present for a retiring co-worker moving cross-country--a $615 gift card from Target (TGT ). Not only did her friend adore shopping at the retailer, but she was relocating to a city with a Target store (Roanoke, Va.) and could use the gift to decorate her new house when and how she liked. Plus, giving it was easy. Leibowitz, a Los Angeles-based network news producer, collected money from her colleagues and bought the card in a few minutes at a West Hollywood Target. But a week later, her satisfaction turned to horror when her friend called to report: "The money's gone!" She had tried to redeem the card and found it drained of value.
In the biggest year for gift cards ever, with annual sales rising 7%, to $53 billion, according to researchers Mercator Advisory Group, buyers and receivers are learning the pitfalls of the popular prepaid cards issued by retailers. Local police departments and Better Business Bureaus say crooks are adapting techniques used in identity theft and credit-card fraud to mine vulnerabilities in the gift-card system.
Schemes generally fall into three basic types: stealing data such as bar codes and magnetic strip information, planting data, and indulging in checkout scams (generally the work of employees with access to both the cards and the systems that activate or redeem them). Companies polled in the 2005 National Retail Security Survey, conducted by the University of Florida's Center for Studies in Criminology & Law, estimate that employees are responsible for 62% of gift-card fraud, while stolen and counterfeit cards account for 13% each.
One way to steal money from gift cards is to copy data off unsold cards, then use the store's Web site or 800 number to check their status. Once the cards are bought and loaded with dollars, crooks use the data to buy goods online or to create bogus cards. Other fraudsters clone cards they own and plant the copies in stores to be sold. When the cards are activated, the money goes onto the thieves' cards.
The easiest scams take insider knowledge or access and little else. Employees may pretend a card is empty or deactivated and persuade the customer to hand over the "worthless" card, hoping to use it later. They may just swap them, pocketing activated cards at the register while slipping customers look-alikes. Or they may clone cards using information off discarded receipts.
Gift cards also get tied up in other types of fraud. Some thieves steal credit cards, then quickly buy up prepaid gift cards and sell them on auction Web sites for money. PlasticJungle.com, a gift-card exchange site, was hit by this scam a few weeks ago, leading to a new rule: Customers can only sell cards that are at least 10 days old, says CEO Tina Henson.
Leibowitz suspects someone gained access to her friend's gift card using a duplicate receipt. (She recalls that the Target clerk printed a second receipt, saying the first one hadn't printed correctly. Receipts usually show a card's value and number in full.) After alerting a store manager, Target media relations, and its in-house "research team," Leibowitz found the card had been taken to an Inglewood (Calif.) store where it had been used to finance a stranger's shopping spree. Within a day, she had a replacement card. "Initially, people weren't that helpful, but we did get our money back quickly," she says. Target declined to comment on a particular case, but said in a statement: "We have extensive procedures in place to foil fraudulent activity of gift cards [and] are investigating this isolated incident and will take appropriate action."
Stories like Leibowitz' vex retailers even though they say the cost of investigating and refunding gift-card claims is minimal vs. the losses from merchandise theft and credit-card fraud. What scares them is customers perception of the risk. Retailers love gift cards, crediting them with everything from luring hard-to-reach first-time shoppers to building brand loyalty. Gift-card owners also tend to be less price-sensitive. According to Daniel R. Horne, a Providence College marketing professor, cardholders, buoyed by a sense of "found money," spend an average of 1.4 times the amount on their cards.
Retailers usually lump gift-card losses in with other kinds of fraud and theft, so its difficult to calculate the total amount of gift-card theft. In the latest National Retail Security Survey, 75 companies that track gift-card fraud say they lost an average of $72,000 in 2005.
Some cases never come to their attention because people are too embarrassed or busy to pursue claims. That's the situation with Kimberly Eberl, a 29-year-old public-relations consultant, who bought a $25 Quizno's gift card as a last-minute Christmas gift for her uncle in Cincinnati. When he tried to use it a day later, the card came up empty. Eberl, who lives in Chicago, says: "Im annoyed, but I'm not going to go all the way back to Ohio to prove or disprove what happened."
Scam stories are plentiful on the Internet, where they first popped up a few years ago. They were given new life in November, when the Jackson County (Ore.) sheriff's department issued an e-mail "fraud alert" about gift cards. Detective Sergeant Colin Fagan says he wrote the bulletin after a local woman confessed to stealing thousands of dollars in gift cards and trading the credits to a methamphetamine dealer for drugs. The notice became a viral sensation, prompting law enforcement and consumer protection agencies to issue their own warnings as retailers rushed to reassure customers.
Retailers say shoppers have ample safeguards. Bob Skiba, executive vice-president at Comdata (CEN ), which processes about half of all gift cards, estimates 95% have a security code that customers must type in when using the cards online or checking balances. This year, Macy's (FD ) and Bloomingdale's (FD ) added codes covered with scratch-off coatings. Sears (SHLD ), Kmart (SHLD ), CVS (CVS ), Circuit City (CC ), and others have similar features. Home Depot (HD ) customers can only check balances in person at the stores.
Manufacturers also are devising fraud-resistant designs and packaging. Bloomingdale's cards come in chic slide cases that double as gift boxes. Cards operated by major credit-card providers, like Visa International's "Vanilla" cards, have embossed account numbers and are enclosed in cardboard envelopes.
Technology can deter thieves, too. Comdata's system highlights particularly prolific users (say, 10 calls in 30 days or inquiries on five cards from the same computer) in "exception reports," which retailers can use to block access. Borders Books (BGP ) requires users to register credit cards when redeeming gift codes online, theorizing that fraudsters won't want to leave identifying information.
The real question for most retailers is whether all the hype surrounding gift-card scams dealt sales a blow during the crucial holiday season, when one-third of annual card sales typically occur. "It was still a really good year," says Providence Colleges Horne. (Holiday sales this year were up 34%, to $25 billion, estimates the National Retail Federation.) "But people in the industry are probably wondering how good a year it could have been."
By Elizabeth Woyke, with Sonja Ryst in New York