An Oregon man named Sealtiel Chacon Zepeda recently pled guilty to five counts of computer crime after he was caught stealing more than $6,000 in gift card money. What made Zepeda’s crime potentially worrisome to consumers is that he didn’t just steal gift cards off the rack and run, which wouldn’t work since the cards would need to be activated first. Instead, he cloned gift cards, leaving many people who bought gift cards for legitimate use wiped out.
Zepeda stole some gift cards from stores, scanned others with a magnetic card reader to get their codes, and waited for legitimate customers to buy and activate cards of this latter group; then, once they were activated and loaded with money, he changed the stolen cards’ code to match the code from the legitimate cards.
Police linked Zepeda to the crime through his computer’s Internet protocol address and store video surveillance. They caught him cashing in a cloned Fred Meyer gift card in February 2009, and he told them the details of the scam, Hanada said.
After researching how gift cards work, Zepeda purchased a magnetic card reader online, began stealing blank gift cards, on display for purchase, from Fred Meyer and scanning them with his reader. He would then return some of the scanned cards to the store and wait for a computer program to alert him when the cards were activated and loaded with money.
Using a magnetic card writer, Zepeda then rewrote one of the leftover stolen gift card’s magnetic strip with the activated card’s information, thus creating a cloned card.
The most worrying part of the story is that apart from Fred Meyer, a regional grocery store chain with only 129 locations in a total of four states, the bigger name retailers — “including Abercrombie & Fitch, American Eagle, Apple, Best Buy, Macy’s and Spencer Gifts, according to police reports” —Â refused to cooperate with the police investigation, perhaps for fear that the benefits of nabbing one fraudster would be outweighed by the bad press about their gift cards being unsecure. As this case makes pretty clear, all magnetic strip gift cards are in some degree vulnerable, although some measures like scratch-off codes can tamp down that vulnerability.
(OregonLive via Schneier. title image via CNBC)
Published: Aug 13, 2010 09:57 am