How Criminals Steal Gift Card Funds from Retailer Websites

August 28, 2017 Anna Westelius

The GiftGhostBot, tests potential account numbers, requesting each balance. When its successful, hackers can resell this information on the dark web or use it to purchase goods.

Since its invention by Blockbuster in 1994, the gift card has grown into a $100 billion industry. Today, 93 percent of US consumers buy or receive a gift card annually to spend on almost anything on the market, according to GiftCards.com.

While most familiarly a gift item, prepaid cards are used by companies for employee incentives and by the government to administer benefits and tax refunds. Millions of people also use prepaid cards as an alternative to a traditional bank account.

Thus, the target is rich and the stakes high as gift cards become the latest victim of bad bots—the automated programs used by hackers, fraudsters and competitors to conduct a variety of nefarious activities like price and product data scraping, click fraud and account hijacking.

"Until now, retailers haven’t needed special security around gift cards. But they certainly do now."

This illustrates larger concerns with the security around online systems—a point applicable to organizations in all sectors as well as the general public. As more types of personal information such as health, financial and other data is being digitized and kept online, we are entering a reality where it is also subject to potential hacking.

Read the Article

About the Author

Anna Westelius

Anna leads the Distil Professional Services Security Analysts, a team of experts who helps companies manage their bot mitigation strategy. Her team works around the clock to identify emerging threats, creates complex blocking policies and researches bots. Prior to Distil she was heading the anti-scraping services at ScrapeSentry.

More Content by Anna Westelius
Previous Article
Instagram Fixes API Blamed for Celebrity Data Leaks
Instagram Fixes API Blamed for Celebrity Data Leaks

Instagram says it has fixed the API responsible for enabling hackers to access some personal details of hig...

Next Article
The future of your data could rest in the outcome of LinkedIn vs HiQ case
The future of your data could rest in the outcome of LinkedIn vs HiQ case