May 14, 2015
Fraud reports have been emerging around Starbucks’ gift cards, rewards accounts and mobile payment systems as reported by CNN Money. Cybercriminals are targeting consumers’ accounts, emptying the stored value in the cards and leveraging Starbucks’ auto-reload function to further target consumers’ debit and credit cards. A recent case emerged last week where a customer faced a theft of around $150 through the stored value in the mobile app and the gift card. Last year, another case took place in December where a customer witnessed the gift card being reloaded and used multiple times within minutes. That customers had lost $550.
Considering the recent case, a Starbucks spokesperson denied that the gift card could be linked to the mobile payment system. The spokesperson instead suggested about customers changing their passwords from time to time. The spokesperson assured that constant monitoring is done for fraudulent activity. However, the Starbucks app’s auto-reload feature is scrutinized as it is directly linked to credit card information and many customers might not be able to track the frauds that might take place.
The Starbucks case highlights the need to bring more effective measures to counter gift card frauds. Gift cards seem more vulnerable compared to credit cards. Depending on the kind of structure and how they are distributed, gift cards become easier targets for criminals. Some possible scenarios of gift card frauds could be:
The biggest disadvantage that gift cards have compared to credit cards is the backing of the manufacturers. Credit cards are developed by payments giants like Visa and MasterCard, and are issued by authenticated issuer banks. Banks and credit card processors themselves possess robust fraud detection and monitoring tools that bring a much higher level of protection to credit cards when compared to gift cards. Different gift cards are issued by different merchants and it’s not necessary that each gift card issuer would place a fraud-monitoring system. As one of its core operations, a bank would be more focused on maintaining a fraud detection system. This might not be the case for a merchant, especially for those of lower grade.
With gift cards becoming closer in nature to core payment cards, the ideal scenario should be to incorporate the security measures used by payment cards for gift cards as well: