Brian Krebs has issued his annual warning about gift card fraud – i.e. that fraudsters peel, snap & replace the number on the back of the card, that’s covered with a sticker, and then just lurk and spend once value is loaded. Lisa Baergen, Director at NuData Security commented below.
Lisa Baergen, Director at NuData Security:
“Although it’s significantly less reported on than credit card fraud, the effects of these attacks have been known for years. Unfortunately, gift cards are yet another black hole for security professionals.
In addition to the ‘peel and replace sticker’ approach noted by Krebs, the techniques criminals use to exploit gift cards are as numerous as they are lucrative. The password/username model is now easily compromised. Social engineering, credential reuse, and malware have all been found capable of bypassing it. For more technical-minded bad actors, the cloning of gift cards can be just as lucrative as the cloning of credit cards. Fraudsters could use a credit card magnetic stripe reader (readily available to purchase online legally) to gain access to the account numbers of gift cards.
We need to look at a multi-layered solution that includes technology that focuses on a user’s unique physical relationship with a device, such as passive biometrics. By factoring in a myriad of variables, ranging from patterns of behaviour (where you access your accounts) right through to science fiction-esque analysis of how hard you press buttons and how you hold your device, this technology can create a unique user impression that can’t be replicated by a cyber criminal.
These techniques represent the cutting edge in fraud prevention. By combining them with the traditional two-factor authentication model, companies can pinpoint with near-certain accuracy whether a user is who they say they are.
In an age where even the most innocent of Christmas presents can be defrauded, adopting this new technology is a step forward in the fight against fraud. Other measures retailers can take in protecting customers from gift card fraud include adding PIN verification to their cards and keeping them in a secure location – away from the shop floor, to stop the card numbers being accessed fraudulently. Gift card fraud isn’t the present anyone asked for, but a combination of retailer diligence, consumer awareness, and appropriate anti-fraud measures means it is easily returnable.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.