The Verified Wal-Mart Giftcard That Wasn’t

Written by Evan Schuman
December 12th, 2006

Earlier this month, giftcard exchange site Plastic Jungle was approached by a giftcard seller, offering two $200 Wal-Mart giftcards. Site CEO Tina Henson declined to buy the cards directly and instead suggested the seller use the site’s auction area. The seller did and posted the cards for $125 and $135.

But when the site’s authentication team checked on the cards, the Wal-Mart computer reported that the cards were valid and their value was intact, but they had just been purchased the day before. Thinking it was odd that someone would pay $400 for cards and then the next day be willing to sell them for $260, the CEO was contacted, but she shrugged and approved the sale anyway. The cards quickly sold.

On Monday, the site member who purchased the cards called to report a problem. Two days after the buyer purchased the giftcards, Wal-Mart nullified them. That left Henson with a big mess to clean up and some mysteries to unravel.

The fraud has all the markings of a new scam making the rounds where a thief steals a credit card and quickly purchases giftcards and then just as quickly sells them. Even with law enforcement in cyber pursuit, the thief knows that he’ll have a few days before the giftcards are made invalid, which is a much longer life expectancy than the stolen credit card.

PlasticJungle’s Henson, who had literally boasted to a reporter earlier Monday afternoon that her site had never been hit by a fraudster, issued a new rule for the site: no card will be sold unless it’s at least 10 days old, making the site a much less attractive place to fence giftcards.

As giftcards soar in popularity, so too are the number of criminals looking to take advantage of them. The Web’s giftcard auction sites?including,, and going to have to change tactics repeatedly as fraudsters adapt to the latest defenses. The National Retail Federation recently issued guidelines on how consumers should protect themselves from giftcard fraud and it specifically cautioned consumers against using Web giftcard auction sites.

The problem with such auction sites is that it’s often a way for consumers to buy and sell from other consumers, with little oversight. Fraudsters who are afraid of getting caught by a bank or large E-Commerce site might think their chances are better selling to a lone consumer.

PlasticJungle’s Henson defends the integrity of her site and say that their site?which is currently free to use?doesn’t accept credit cards, debit cards, checks or any form of payment other than eBay’s PayPal. Her rationale? PayPal verifies the members more carefully than other systems?theoretically verifying that a legitimate E-mail address and snailmail address exists?and that eBay has a $1,000 insurance policy on transactions, she said.

Using the Wal-Mart $200 giftcards incident as an example, Henson said that the eBay rules wouldn’t permit PlasticJungle to represent their victimized customer?as they were officially not a party to the transaction. She said she contacted the victim and asked him to file a dispute with PayPal directly. “But I assured him that we would cover any of his losses that PayPal doesn’t pay,” Henson said.

Watching from the sidelines, retailers have to be ultra-careful. Any scams involving their cards is bad news for the retailer, not so much for the lost money (although that is a factor) as for the lost confidence in the integrity of their card even if the retailer did absolutely nothing wrong.

On the flipside, these discount auction sites?which often sell retailer giftcards for less than facevalue and, as such, as very attractive to consumers?represent a potentially substantial amount of revenue to the retailers and an even larger number of potential new customers to enter their doors (virtual or brick-and-mortar). PlasticJungle, for example, has said that it wants to work with retailers to have a direct presence in physical stores, reselling their cards at a discount.

Len Gilbert is VP of giftcards (as well as a VP of marketing) for Barnes & Noble and he is very careful when addressing this issue. “We don’t give advice about buying from auction sites,” he said, quickly adding “You’re best off buying directly from us to make sure that the giftcard you get is the giftcard you intended to get.”

One popular safety tool of auction sites is community policing, where a member that rips off another member is quickly given a very low reliability rating and is often then shunned. A Carnegie Mellon University project recently detailed efforts by fraudsters to work in groups to get around the community policing and how they have crafted a data analysis tool to identify such efforts.


4 Comments | Read The Verified Wal-Mart Giftcard That Wasn’t

  1. Del bailey Says:

    You say the retailer wasn’t at fault, but why didn’t they check the person’s ID who was purchasing the gift cards with a credit card. Thsi should be the proper procedure for every retail outlet.

  2. Evan Schuman Says:

    That was absolutely one of the questions we asked for that story. Most retail security people …. for the moment …. are against requiring ID to purchase with a credit card, as it slows the process too much. The rationale was twofold: First, that’s it’s almost unheard of to seek secondary identification when a customer is using a credit card in general. Secondly, giftcards in particular are sold on convenience. The more that slows it down, the less attractive they are. Not saying I agree, but that’s what was being said.

  3. F Fowler Says:

    Thank you for your article on gift cards and fraud. However, more than the scammers out there, the industry itself needs to be checked. Here’s what happened to us.

    A friend gave us a gift card from > earlier this year. It had an expiration date that read “good thru 12/06”. Having our first baby, moving into a new house, dealing with major surgery put this on the back burner since we had months before we had to use this. When I called this evening to activate it, the $25 is now reduced to $7.50. Apparently after six months they levy a $2.50 service fee (because we all know a company can’t keep our money without taking more of it, right). Nowhere on the card is it mentioned that such a fee, or any fee, would be levied.And even if they did deduct $2.50 a month after the six month…how does that equal a balance of $7.50 in the twelfth month? Yet customer service (which is it definitely not!) wouldn’t budge. Apparently when our friend bought the card there was a link in fine print that explained this.

    It amazes me! We are now required to give a disclaimer to recipients of our gifts. Because if we don’t, they will lose out on the gift…and the company that has already got paid for the service now gets to keep the money intended for other people.

    In my travels overseas I’ve often told vendors that they should learn customer service from America. Apparently we’ve learned it from the rest of world and have lost it (in so many ways)!

    Once again thanks for your article. We need to be aware of the fraud that is viral today, however we need to also be aware that there are companies that are willing to swindle customers through as many means as possible.

  4. randy hayes Says:

    Nothing surprises me anymore involving retailing. The safe way is to go in a store and put whatever it is in your hands. Online is risky at best and fradulent at worst. The eBay thing doesn’t surprise me at all. I just spent two months slinging arrows with eBay, Paypal and a seller over a purchase that I never received 60 days after I bought it. Everybody tried to run and hide and claim it wasn’t their responsibility. After awhile, I just got nasty and finally got what I wanted. I still think they all suck, but life goes on.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.