Stored value cards, which may also be known as gift cards, debit cards, loyalty or reward cards, identification cards, prepaid cards, refund or return cards, shopping cards or fare cards, prepaid MasterCard™ and Visa™ cards (instant issue) among other names, are very popular with both consumers and retailers. The wide appeal of stored value cards, as a result, has attracted the unwelcome attention of criminals seeking to exploit the conveniences and automated processes afforded by such cards. In particular, such criminals misappropriate and manipulate stored value cards and associated account information to perform fraudulent transactions. Stored value card fraud is typically perpetrated in the form of either at the physical point of sale (POS) or “card present” fraud, or for virtual POS purchases or “card not present” (CNP) fraud. The latter includes transactions, such as in e-commerce or internet purchases, which cannot be authenticated using “standard” processes used at the physical POS.
A stored value card is typically the size and shape of a conventional credit card (CR80 Card), but it may be other shapes and sizes as well, and includes a magnetic stripe, bar code, alpha/numeric, or other similar activation method, account identifying element, or means for using the card. The stripe, code, account identifying element, etc. on the card is encoded with data, which includes a unique account number. The account identifying element, for example, may be visible while the card is secured in or secured to packaging, such that the account identifying element may be used during the purchase and activation of the card.
Commonly, stored value cards are displayed by retailers for purchase by customers. Another use of stored value cards is as refund or return cards used to give customers value or store credit when they are returning merchandise without a receipt, after expiration of the return date, or for other reasons. In these circumstances, instead of giving the customer cash, the customer gets a debit card or stored value card with the corresponding value of the return loaded onto the card.
The cards are stored in an active or inactive state. In the inactive state, the card cannot be used to purchase goods or services until the card has been activated. For example, one or more cards may be contained in a carrier, in which the card(s) and/or carrier includes an activation code associated with the card(s). The carrier and/or packaging or other security elements obscures other card information, such as the card identification number, account identification number, and/or PIN until the carrier is opened and the card is removed.
A customer may have a card activated by bringing a card to a cashier and having the cashier then, for example, swipe the card through a point of sale terminal, which may add value to the card in exchange for payment, or activate value already on the card. In this context, the “swipe” action could involve passing a card (or its packaging) though a magnetic strip reader/writer; or passing the card or package over a barcode scanner; or putting the card or package in the vicinity of a proximity reader/writer (such as, for example, an RFID reader/writer or NFC reader), or any other equivalent activation technique. A balance on the card may be maintained within a computer system located at the point of sale or at a remote location. A holder of the stored value card may then use the card to purchase goods and/or services immediately or over time up to the value of the card. These current procedures relating to stored value cards, although providing convenience to consumers, leave the cards vulnerable to criminals. If the card is stored in an active state, the card does not need to be activated, and is ready for use upon extracting the card from the package. If the card is stored in the active state, however, the card, data, and value on the account may be even more vulnerable.
One particular fraud that is perpetuated by criminals with regard to stored value cards is called “skimming.” Skimming is a serious problem resulting in significant loss to both retailers and consumers, and applies to both card present and CNP fraud. To skim a card having a magnetic stripe holding account information, for example, a criminal will purchase or otherwise obtain a stored value card from a retailer, thereby causing an account associated with the card to become activated. The criminal will then remove additional cards from the store that have not yet been activated, and will then alter magnetically stored information on the inactivated cards to match that of the activated card. As such, all of the altered, inactivated cards will have the magnetic information that identifies the account of the originally purchased card. The criminal will then return the altered cards to the store shelf where unsuspecting customers seeking to purchase a stored value card will unknowingly place money into the account of the criminal holding the originally purchased card. The unsuspecting customer may attempt to use their card and will be told that it has no associated value or has a smaller value than thought.
Alternatively, a criminal will remove at least two cards from the location or store of a retailer unbeknownst to the retailer. The magnetically stored information of the first card is altered to match the magnetically stored information of the second card. The first card is returned to the store, again unbeknownst to the retailer. When the first card is subsequently purchased and activated, it also activates the second card which is in the possession of the criminal.
This fraud may also be perpetrated by swapping activation indicia, such as a barcode. For example, the criminal removes two cards from the location or store of a retailer. The activation indicia of the second card is copied and placed on the first card. The first card is then returned to the store. When the first card is subsequently purchased and activated, it also activates the second card which is in the possession of the criminal.
In either case, the retailer may be able to verify that the customer did not use the value associated with the stored value card, and in the interest of customer service, may restore the value to the customer. In that case, the retailer loses the money. However, in some cases, there may be no way to prove fraud and the customer may lose up to the entire value.
Another fraud perpetuated by criminals is carried out by the criminal viewing stored value cards in the store. The criminal writes down the code associated with the particular stored value card (such as a credit card type number) while it is still in the store. In such situations the code is in plain view of the criminal or may be easily viewed without altering the card packaging. Once the criminal has recorded the code, the criminal waits for a period of time, assuming that an unsuspecting customer will purchase and have the card activated during that time. The criminal then periodically checks to see if they are able to make purchases, such as online purchases (CNP fraud), by attempting to use the card code. If the card has been activated by the true purchaser, the criminal will be able to purchase goods online using the activated code, thereby stealing the balance on the card from the true purchaser.
Criminals may perpetuate the above-described frauds or other frauds with regard to stored value cards as they sit on store shelves today. Thus, there is a need for a way to protect such cards and insure that they have not been tampered with or duplicated prior to purchase or activation by an innocent consumer.
There have been proposals and attempts to reduce the occurrence of fraud associated with stored value cards. For example, modifications to card readers or other parts of the activation process have been proposed, but changing existing systems and/or activation methods in such ways involves significant cost and inconvenience to the retailer. Additional steps have been added to the activation process for some cards, such as steps involving pin numbers and web access. However, additional steps reduce the level of convenience that such cards provide to consumers. Overall, there is a need for a way to prevent fraud relating to stored value cards that is effective, and inexpensive to implement, while at the same time not negating the convenience of stored value cards.