Brian Krebs has issued his annual warning about gift card fraud – i.e. that fraudsters peel, snap & replace the number on the back of the card, that’s covered with a sticker, and then just lurk and spend once value is loaded. Lisa Baergen, Director at NuData Security commented below.
Lisa Baergen, Director at NuData Security:
In addition to the ‘peel and replace sticker’ approach noted by Krebs, the techniques criminals use to exploit gift cards are as numerous as they are lucrative. The password/username model is now easily compromised. Social engineering, credential reuse, and malware have all been found capable of bypassing it. For more technical-minded bad actors, the cloning of gift cards can be just as lucrative as the cloning of credit cards. Fraudsters could use a credit card magnetic stripe reader (readily available to purchase online legally) to gain access to the account numbers of gift cards.
We need to look at a multi-layered solution that includes technology that focuses on a user’s unique physical relationship with a device, such as passive biometrics. By factoring in a myriad of variables, ranging from patterns of behaviour (where you access your accounts) right through to science fiction-esque analysis of how hard you press buttons and how you hold your device, this technology can create a unique user impression that can’t be replicated by a cyber criminal.
These techniques represent the cutting edge in fraud prevention. By combining them with the traditional two-factor authentication model, companies can pinpoint with near-certain accuracy whether a user is who they say they are.
In an age where even the most innocent of Christmas presents can be defrauded, adopting this new technology is a step forward in the fight against fraud. Other measures retailers can take in protecting customers from gift card fraud include adding PIN verification to their cards and keeping them in a secure location – away from the shop floor, to stop the card numbers being accessed fraudulently. Gift card fraud isn’t the present anyone asked for, but a combination of retailer diligence, consumer awareness, and appropriate anti-fraud measures means it is easily returnable.”