Philomath resident Jackie Weiner wanted to do something nice for her daughter’s family this Christmas.
The daughter (who didn’t want her name used in this article) had quit her job as a nurse to take care of her 16-year-old son, who was battling an aggressive form of cancer. The treatment appears to have been successful, but the medical bills were steep and the family has struggled to pay them.
So when the holidays rolled around, Weiner decided the best present she could give was money. She stopped off at the Walgreens drugstore in Albany and purchased several Vanilla Visa gift cards — $450 worth, altogether — and gave them to her daughter on Christmas.
But when Weiner’s daughter tried to use a $200 gift card, it was declined. She checked the card issuer’s online portal and found a zero balance — according to the website, the card had been used several days earlier at an Albertsons supermarket in McMinnville.
The same thing happened with two $100 cards — the portal showed that both had already been drained of funds at other retail stores in other Oregon towns. Only a $50 gift card still had its original cash value.
Weiner was heartsick. Her daughter was out $400 her family desperately needed, and there was nothing she could do about it.
“We trusted that money would be there,” Weiner said. “I can’t afford to replace it.”
What’s going on?
Gift cards are big business in this country. According to a 2017 report from WalletHub, U.S. gift card sales have been growing steadily and were projected to reach $160 billion in 2018.
Walk into any chain supermarket, drugstore or department store these days and you’re liable to see a big display of gift cards for sale, from special-purpose cards for use at restaurants, coffee shops or movie theaters to use-anywhere cards such as the popular Vanilla Visa. They make a convenient gift option for many people, especially around the holidays, and experts say that also makes them a target for cybercriminals.
The most common variant of the gift card scam is a form of extortion. A criminal will contact someone by phone or email, often pretending to be a police officer or government official, and tell the unsuspecting victim he or she must pay money to avoid consequences such as a jail term or a fine. The victim is then instructed to purchase gift cards and give the redemption codes to the criminal.
These kinds of scams, which are frequently in the headlines, are widespread in Oregon and around the country, according to Ellen Klem, director of outreach and education for the Oregon Department of Justice. What happened in Weiner’s case appears to be a less common type of fraud that involves tampering with gift cards to obtain the redemption codes.
“What it looks like the scammers have done is they’ve pulled back the decals or stickers over those redemption codes, copied the codes and replaced (the stickers),” Klem said. “Then the scammer inputs the codes into the Visa system and drains the money.”
While not nearly as widely known as the extortion racket, gift card tampering has been a problem for some time, according to John Breyault, vice president of the National Consumers League.
“Gift cards are one of, if not the No. 1 gift that consumers spend money on at the holidays,” he said. “It’s one that’s been attracting scammers for many, many years.”
Gaming the system
The cards sold at major retail stores generally have some kind of protective packaging, and in many cases the redemption codes are covered with a protective decal or scratch-off film. The cards work like credit or debit cards, and there’s no money loaded into the accounts until the purchaser pays for them and the cards are activated.
But cybercriminals have developed a variety of high-tech ways to defeat those security measures and compromise the cards, siphoning funds from an account after a card has been activated but before it can be used by its rightful owner, Breyault said.
Some employ malicious software programs to hack into financial services networks so they can monitor the balance on accounts for which they have stolen codes and see immediately when a card goes live. Then it’s just a matter of cashing in their ill-gotten gains as quickly as possible.
“The systems these scammers use to track the balance on those cards are fairly sophisticated,” Breyault said.
“Chances are they’ve compromised dozens or hundreds of cards, and they have software that constantly monitors the portal. When one of the cards is activated, they get a ping.”
But how do the thieves get their hands on the money if they don’t have the physical gift card in their possession? Once again, the answer likely lies in technology.
You have free articles remaining.
According to Breyault, what frequently happens is that the criminals use the card number from the front of the gift card and the redemption codes from the back to access the funds directly from the card issuer’s online portal and transfer the funds onto an “electronic wallet” account such as Apple Pay or Google Pay. Then they can walk into a retail store and use a smartphone at an electronic card reader to make purchases and get cash back.
If they’re fast enough, the thieves get your money — and you get left holding the bag.
“They can siphon the money off online and transfer it to a different card,” Breyault said. “A consumer who thinks they have $100 on a card, for example, goes to use the card and finds out there’s nothing there.”
The problem is especially pernicious around the holidays, he added. Gift card sales spike in the weeks leading up to Christmas — and so does gift card fraud.
“Say it’s the day after Thanksgiving and I’m out shopping and I pick up a few gift cards,” Breyault said. “If I’m not going to give that card to the recipient until Christmas, there might be $400 sitting there unused on that card for almost a month – that’s plenty of time to access the money on that card before the recipient can use it.”
Getting a refund
So what recourse do consumers have when they become victims of gift card tampering?
On Jan. 2, Weiner said, she contacted the manager of the store where she bought the cards, but she didn’t get the refund she was hoping for.
“He said the cards were activated, Walgreens did their job … and there was nothing they could do,” Weiner said.
Store personnel did help her file a report and told her it would be sent up the chain to corporate headquarters, Weiner said, but after two weeks she still hadn’t heard anything back.
After attempting without success to interview the store manager, the Gazette-Times called Walgreens’ corporate media relations office and talked to company spokesperson Alex Brown, who acknowledged that gift card fraud was a significant concern and said she would look into Weiner’s situation.
“It’s certainly an issue that’s on our radar,” Brown said. “It’s something that’s impacting all retailers.”
On Jan. 29, Weiner got a letter in the mail from Walgreens with a gift card in the amount of $478, the value of the cards she had originally purchased from the store plus activation charges.
While she was glad to get a refund, it still wasn’t quite what she had been hoping for. Instead of a use-anywhere Vanilla Visa card like the ones she had originally purchased, this one could only be redeemed at a Walgreens store.
“I gave the Walgreens gift card to my daughter’s family,” Weiner said. “They can use it to buy shampoo or whatever.”
Although some gift card retailers may provide refunds to consumers who are victims of this sort of fraud, the ultimate liability lies with the financial institution that issued the card in the first place, according to Breyault.
“It’s the credit card company’s responsibility to make the consumer whole under federal regulations,” he said.
While security measures have improved, Breyault thinks both card issuers and retailers need to do more to protect the integrity of gift cards and crack down on this kind of scam.
“It happens far too often,” Breyault said.
“I wish so much of the responsibility of awareness and policing this kind of fraud didn’t fall on consumers, but unfortunately that’s the case.”
For her part, Weiner said she still feels rattled by the whole experience.
“It’s always a weird feeling when you are violated like that,” she said.
“It’s kind of worrisome. I’ve stopped doing online banking, which I did before. I just don’t trust it.”