Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mrguyorama 4 days ago

Hello,

I work for a major gift card company. These views are my own and not that of my employer.

The credit card companies take zero risk in this transaction, because we, the company selling the gift card, take the risk.

To this end, my personal job is building systems to prevent and combat credit card fraud. It's not terribly complicated in fact. The team I originally started with a decade ago was like three people.

Every gift card purchased by a stolen credit card is a direct loss to our revenue. We strongly want to keep that amount small. We do a pretty good job of it.

We have a large department of REAL HUMANS you can call to get help with your gift card. In the past, they have had very upset grandmas calling in to ask about why they can't purchase iTunes gift cards because they need them to get their nephew out of prison. Those calls are very sad.

Physical gift cards have no value until you pay the cashier. Despite this, physical gift card security is tough. The plastic card has to be shipped out and sit on a shelf and be directly available to anyone to tamper with. We have made some efforts to reduce that threat, but there isn't much we can do.

If you are in the US you have absolutely used our company's products and if you have bought a gift card online there's a 90% chance your transaction details have run through my code.

Frankly, I do not understand why Apple would have banned an account for trying to redeem a scammed or tampered with card. That doesn't make any sense.

fencepost 4 days ago | parent | next [-]

Are you able to track balance checks made against card numbers not yet activated? That seems like it'd be a dead giveaway for physically tampered cards and if you could prevent activation of those it'd at least make tampered cards harder to use.

Presumably you could also take things back to the level of "store X, you have a serious problem."

mrguyorama 4 days ago | parent [-]

Again, speaking as myself, not for my company

>Are you able to track balance checks made against card numbers not yet activated?

Yes. Can't get into specifics. Not every card supports balance inquiry though. Not entirely sure how this applies to physical gift cards.

Usually what happens is that someone simply writes down the card number, and waits, and then tries to redeem it. They don't do a balance check.

>Presumably you could also take things back to the level of "store X, you have a serious problem."

We can get down to the register. Fraudsters are sometimes employees. But you can't treat customers like criminals so doing anything about it is hard. These same stores don't seem to mind customer info leaking and credit card data being stolen in the first place.

We sometimes have to replace these cards for consumers, because it's dumb to spend a hundred dollars for a giftcard and it was stolen previously, that's not their fault

quesera 4 days ago | parent | prev [-]

Thanks for the program management perspective.

Most consumers are blissfully unaware (as they should be!) of the complexities of ordinary payments transactions, never mind the even-weirder world of closed loop prepaid debit.