I’ve paid enough attention to know that, while open-loop gift cards (Visa, MasterCard, etc.) may be a rip off, you shouldn’t be too concerned about the cards being hacked, which is actually a big problem with store-specific gift cards. With close-loop/store specific cards, hackers often scan the cards in-store to get the numbers, wait for them to be activated, and then create a phony card with the just activated information to drain the cards value (i.e. purchase things) before the customer knows anything is wrong. Because open-loop cards are so well packaged, they aren’t prone to this type of hacking.

However, as a merchant, I would be VERY worried about accepting open-loop cards. Hardly a week goes by without one or two stories about scams involving gift cards that are hacked to contain stolen credit card information. Thieves then use then use them as gift cards while the charges come from a stolen credit card. It is not too hard to imagine that the stories in the news represent just a fraction of the cases of this kind of fraud.

Often times, banks and credit card processors hold merchants responsible for any fraud that passes through their credit card machines, which can be a huge liability.

From experience, I know that it is incredibly hard to distinguish between gift cards and credit cards just from the card numbers. If Visa and MasterCard and the likes have a way to tell the difference between gift cards and credit cards, they aren’t giving merchants the benefit of this information. I suspect the only way to tell is through the merchant network, meaning that the issuing banks database can identify which numbers represent gift cards and which represent credit cards. The current merchant processing interfaces do not include any information which might help. It is quite possible that providing such information might not be possible without redesigning the merchant processing system, which might break much of the existing hardware and software.

There have been major class-action lawsuits by merchants against the card networks for making merchants swallow the fraud. As gift card/credit card fraud becomes more prevalent, the Visas and MasterCards of the world may be forced to address this by altering their systems to distinguish between gift cards and credit cards, lest they be forced to swallow the fraud themselves.

Update 8/26/09: If you are a merchant, you can protect yourself against this kind of fraud by checking the last 4 digits on the card against those printed on the receipt. If they don’t match up, you’ve got an altered gift card.