So, Jane gets scammed, buys an $100 iTunes gift card, reads it off to the scammers.
The scammers sell the card on eBay (or some other card reseller) for $0.75 on the dollar. Sam buys the gift card off of eBay and uses it at iTunes.
Is the proposal that iTunes should hold all card funds for, say, a month until they can be used? (That kind of kills the gift. “Happy Birthday! Here’s a gift card! You can use it in a month or so if you deposit it right away”)
How would that work for restaurant or experience gift cards? Would you pre-register it at a restaurant, have them hold it for a period of time, and then go have a lovely dinner, so long as no one claimed it as a scam? That’s a less than trivial amount of bookkeeping.
Then back to the original scenario, iTunes has held the gift card and is notified by (legitimate) authorities that the money is Janes and they return it. Jane is where she was pre-scam. iTunes has aforementioned bookkeeping expenses, but they haven’t given away free product. Sam, however, is out $75 and the scammers have still won.
Is this how it is playing out in general? That goes against what everyone else in the thread was saying, do you have other information? If it is, then ebay and other sites that resell gift cards should have some level of responsibility in preventing stolen goods from being sold on their platform.
If Sam buys your stolen television, then if it is found to be stolen, he is out what he paid for it, and the thieves have won. Lesson of the day: don’t buy stolen property.
No, that’s pretty close to the exact opposite of what I said. Not sure where you are getting your alternative scenario here.
The rest of your post continues to use your misunderstanding to flesh out the scenario, so I’m not sure if there is anything worth responding to.
Not sure - I think some places have restrictions preventing the purchase of gift cards funded by other gift cards, perhaps to prevent this sort of laundering of stolen cards
That’s the picture I get from a quick reading of a few sites (here). The scammers don’t use the cards themselves, they resell them.
That’s what I understood “Maybe hold funds in escrow for some time before they can be cashed out.” to mean. To me, that’s what escrow is… the money doesn’t go anywhere, but no goods or services do, either.
So, could you flesh out the scenario that you were envisioning? Jane gets scammed. The scammers now have the iTunes card. What happens next?
A very insidious trick I’ve seen - scammers who hack into an employee’s email and learn the company hierarchy, (or maybe just read the website) then send a fake/spoof email to an employee that says: “I need to get a collection of gift cards to hand out - but these are surprise gifts, so please keep this quiet; just go and buy $X in $50 gift cards and I’ll reimburse you. When you’re done, send me photos of the backs so I know that you got them.” Remarkably plausible and legit-sounding to the unaware. One employee I heard of did this - even though the Best Buy guy kept saying “Are you sure?? It’s probably a scam!” However, she happened to run into the boss and told her before she sent any pics.
(Also heard of someone who won a contest, got a gift card - mentioned it on facebook complete with pic of the card. Someone else said “can you also show us a picture of the back?” so she did. When she went to use it, there was no money on it.)
The Force can have a strong influence on the weak-minded.
My proposal would be that given a legitimate report of a fraud or scam within a certain time period, that the damaged party has a claim against the gift card issuer, and let them figure out how to limit their liability.
In your iTunes/eBay example, assuming Jane reports the scam within the time limit, what would likely happen is that Apple would claw back the money from whatever muscian/appmaker received it from the app store, notify Sam that the payment he used was fraudulent and tell him that he needs to pay with another payment source and to go complain to where he got the gift card. He’d go complain to eBay and eBay would refund him and go after the scammers.
None of this is crazy or impossible to implement: banks and credit cards do it all the time. When someone fraudulently uses my credit card, the card company usually notices before I do and calls me to confirm. The reason they do this is that there are strong consumer protection laws that protect people from credit card fraud and make the card issuer foot the bill, so they have an incentive to stop fraud before it goes very far and they’re very good at it!
I don’t have to preregister my credit card at a restaurant a month in advance, yet if someone steals it and uses it, I’m not on the hook. The fraud protection is covered by the profit margin on the credit card and could also easily be covered by the profit margin on gift cards (which is way higher than that of credit cards), if we simply made the gift-card issuers give a shit.
Thanks for answering.
I think that has possibilities for somewhere like iTunes, where Sam has to register to use the card. iTunes knows who he is, and can freeze his account until he pays the money back some other way.
I think it fails with something like a restaurant or Target gift card, where they don’t know who the hell Sam is. If he uses the card before it’s reported as a scam and they have to pay back Jane, they’re out $100 and there’s nothing they can do about it.
The difference between gift cards and credit cards is that the former are prepaid, the latter are postpaid. With a fraudulent credit card transaction, the legitimate cardholder typically hasn’t been paid yet, and the payee hasn’t received the funds yet. So blocking the transaction is a matter of not carrying it out. With gift cards, however, the card has been paid for before it was even used, so your scenario would require undoing an entire chain of transactions that have already taken place.
I’ve dealt a little, in my past, with interbank payment systems, and one feature which is usually considered to be desirable for a payment system is finality: That once a transaction has been concluded, it’s final and written in stone. Of course you can still claim your money back if you were defrauded, and you might win - if necessary, in litigation. But that’s a process that would take place outside the payment system. As far as the payment system with finality is concerned, once a transfer has been done, it’s done. It cannot be challenged and undone again within the payment systems itself. Not all payment systems adhere to this principle of finality, but usually the participants prefer systems that do, because it relieves them of the uncertainty whether money that shows up in their account is really there.
US law gives credit card holders 60 days from when they receive their bill to dispute a charge as fraudulent. Whatever process that goes through, it doesn’t appear to meaningfully impact the finality of credit card payments. Merchants aren’t holding goods for 60 days to make sure the payment wasn’t fraudulent. I believe the reason for that is that the merchant gets paid (assuming that they follow the normal procedures for payment and weren’t a part of the fraud itself) and the credit card company eats the loss. Which gives the credit card company a big incentive to root out fraud.
In the case of gift cards, it’s arguably much easier. Both the issuer and the merchant are the same party, which means that it’s even easier for them to stop the fraud if only they had an incentive to do so.
The relevant difference between credit cards and gift cards is that there is law forcing credit card issuers to take liability for fraud and not just let individual customers take the hit, and there isn’t for gift cards.
I think that makes it harder, but I’m not convinced that it’s impossible. For one, I don’t think that restaurant cards are a big source of fraud because it’s pretty hard to efficiently launder fraud gains through Applebees. Target is a harder problem, but I believe they have plenty of data that they could use to get it down to an acceptable number.
But let’s assume for a moment that I’m wrong about that, that there really is no way for Target (or some class of business) to profitably sell gift cards because their losses due to fraud are too large. Think about what that means for the gift card system as a whole. It means that the net utility of gift cards is negative even in the hypothetical case where the analytics of massive corporations are brought to bear on them, which means they’re even more negative right now. Whatever utility and profit that buyers and sellers of gift cards gain from them is less, overall, than the losses due to fraud. The difference between the world today and the world with the regulations I’m suggesting is that those losses are spread out among individuals who got tricked (largely the elderly), while the gains are concentrated in profitable corporations. Oh, and also the losses are even bigger because the profitable party has no incentive to fix things.
Maybe that’s not a good thing? Maybe we should fix it? And if the fix means fewer Applebees gift cards I’m kind of ok with that loss.
Also notice how well-correlated “businesses that would have a harder time detecting fraud” are with “businesses that are not good targets for fraud”.
The best targets for fraud are goods that are entirely digital. It takes very little effort to spin up a new “app” that will just be a slush fund target for fraudulent Google Play or iTunes gift cards, and the risk of getting caught is also low because you can do it from anywhere on the internet and it’s hard to coordinate law enforcement across countries. But Apple and Google are the most capable of fighting this kind of fraud both because they control the relationship and because they have absurd amounts of smart people and computing power they could devote to stopping it if it affected the bottom line.
Big retail like Target have more marginal fraud risk, and mostly because you can buy stuff online and have it shipped. But the website and shipping department also have a high capability to detect fraud because they have lots of data. Any fraud that involves physically going to a store is necessarily higher risk and pretty small time. There are cameras all over those stores and the employees are going to notice that someone comes in with $2000 in gift cards every few days.
Restaurants have the hardest time detecting fraud because they generally don’t have things like a name or address to track. But they are also terrible targets for it. What are you going to buy with a restaurant gift card that you can fence and turn into actual money? Nobody’s running an international phone bank of scam callers to get free wings.