The wide appeal of stored value cards has attracted the unwelcome attention of criminals seeking to exploit the conveniences and automated processes afforded by such cards. A stored value card, which may also be known as a gift card, a prepaid card, a shopping card and fare card, among other names, typically comprises a plastic card having identifying information that is associated with an account. In many cases, the identifying information is stored on a magnetic stripe. The account has a monetary balance against which purchases of store items may be made. This balance is generally maintained for security and accountability considerations within a computer system located at the point of sale or at a remote location.
Each stored value card is by design associated with a unique account, which becomes activated when a processing center enables the account. During a transaction, a customer will present a stored value card to a cashier, and account information from the card is read off of the card at the point of sale register. For instance, the cashier may swipe the card through a magnetic stripe reader. Software at the point of sale terminal dials a stored telephone number via a modem to call a processing center, which may check the appropriateness of the account number and/or requested funds. Should the processing center recognize the card data as belonging to a valid account, the processing center will authorize the transaction. For instance, the processing center may activate an account associated with the card, or may allow a purchase to be credited against a monetary balance associated with an already activated stored value card. From the perspective of the processing center, the account number read from the card may or may not be the rightful account number originally applied to the card.
While stored value cards have become very popular with both consumers and retailers, they have been accompanied by certain vulnerabilities that criminals routinely exploit, costing consumers and retailers significant amounts of money and anxiety. One such vulnerability includes the absence of an independent, point of sale system for determining whether the stored value card is actually associated with the correct account. More particularly, conventional electronic credit transactions presume for the sake of practical convenience and expense that the account information conveyed on a stored value card accurately identifies the unique account originally associated with the card. As such, criminals routinely misappropriate and manipulate stored value cards and associated account information to perpetrate unauthorized transactions.
In one scenario, a criminal will purchase a stored value card from a merchant, thereby causing an account associated with identifying information on the stored value card to become activated. The criminal will then remove from the store additional cards that have not yet been activated, and then alter the magnetically stored information on the inactivated value cards to match that of the activated card. As such, all of the altered, inactivated cards will have magnetic stripe information that identifies the account of the originally purchased card. The criminal will then return the altered cards to the store shelf where unsuspecting customers seeking to purchase a stored value card will unwittingly place money into the account of the criminal. Although the merchant and legitimate buyer believe they are adding tendered money to a new account uniquely associated with their card, the tendered money is actually added to the account of the criminal. The criminal may thus succeed in having legitimate buyers put funds into their account on their behalf, which they may access using their originally purchased card.
In another scenario, criminals rely on a delay that conventionally occurs when activating an account associated with a stored value card. Prior to card activation, a purchaser typically selects a stored value card off of a store rack or shelf and hands it to a cashier. The cashier will scan or otherwise activate the card, and will place the card in a shopping bag or in the hand of the purchaser. A short time thereafter, payment for the stored value card is tendered by the purchaser when the bill is paid for the card and any other items bought at the store.
Criminals have exploited this delay between when the card is activated and when payment is actually tendered by using funds activated in the account before the would-be purchaser tenders payment. For instance, a criminal may feign that they have forgotten their wallet in their car, or may come up with some other excuse to leave the store with the activated stored value card, having no intention of returning to pay for the card. The criminal may thus return to the store at a later time to use the balance of the stored value card for which they did not pay.
In another scenario, a stored value card is activated as described above, but this time the criminal presenting the card works with a partner at another store register. To perpetrate this fraud, both criminals use cards having the same account number. That is, the magnetic stripe information of one of the cards has been previously altered to match that of the other card. The first criminal presents the card for activation as described above. The partner will wait for this activation and will otherwise time their purchase using the card having the same account information so that they can access the balance of the newly created account. For instance, the first criminal presenting the card for activation may call on a cellular phone his or her partner who is waiting at another store with a card that has been altered to have the same account information that was just activated by the first criminal. The partner receiving the call will present the stored value card to pay for store goods, and because an account has been established for the duplicate account information on the card, neither the merchant nor the processing center is aware of the fraud until it is too late. The criminal who originally presented the card for purchase will again prematurely end the purchase transaction, and as a result, the criminals will have succeeded in purchasing items using the second stored value card before payment can ever be collected for the stored value card.
In the common scenarios described above, the transactions will likely be approved if the account data received by the processing center is determined to be valid, irrespective of whether the account data was originally intended for the actual card. The result will be a loss to the store credit issuer, the business involved, and/or the rightful owner of the card.
Efforts to battle fraud are themselves costly, and often fail. Most proposals involve modifications to the card readers or other infrastructure changes that are difficult and costly to deploy, especially given that the necessary infrastructure may be distributed over hundreds or thousands of locations. Some of these proposals are impractical, while others are inconvenient and annoying. As a consequence, there exists a need for an improved manner of verifying that a transaction involving a stored value card should proceed.