Gift Cards—A Tool to Avoid Security Risks?

Every holiday season, retail giant Target looks forward to the seasonal cheer spurring on massive amounts of consumer demand for their various products. As soon as Black Friday mania hits consumer markets in the US every fall, Target is there to serve as a one-stop shop for all of your holiday needs. So when Gregg Steinhafel woke up on December 15, 2013, he expected to carry out his typical duties as CEO of this American pillar of retail. Within a few days, he was fighting for his corporate life.

Target Security Breach

Starting on November 27, 2013 and continuing all the way through December 15, hackers had unfettered access to as many as 40 million credit card and debit card accounts housed at Target. The hackers had reached Target customer names, credit or debit card numbers, card expiration dates, and card verification values (CVV)—in other words, everything they’d need to carry on with fraudulent activity. And worst of all, the breach went unnoticed for nearly an entire month during the busiest retail season of the year. Target took a significant financial hit as the news continued to worsen for the public, and Steinhafel was unceremoniously fired after 35 years with the company.

Lingering Effects

When the dust settled, the final numbers on the Target breach were grim: 40 million cards hacked, 70 million consumer records stolen, 1 to 3 million cards actually sold on the deep web and used in fraudulent transactions, $200 million doled out by banks and credit unions to replace compromised cards, and a potential $57.3 million pocketed by the original perpetrators of the attack. The fact that the hackers were able to gain access through something as simple as the heating, ventilation, and air conditioning company that contracted for Target just served as salt in the wound for their shareholders and customers.

The outsized impact—40 million cards is a number that catches the eyes of any American who otherwise may not care a significant amount about information security—prompted reform at nearly every level of the payment network. Some of the changes introduced after the Target breach are all too familiar with American consumers in 2017, such as:

EMV

The EMV acronym stands for “Europay, Mastercard, and Visa,” the three organizations that spearheaded the new effort into improving card-based information security. EMV represents a technical standard for credit and debit cards as well as the machines in retail and commercial settings that read them. EMV cards are referred to as “smart cards” because they store their sensitive information on integrated circuits as well as the typical magnetic strip on the back of the card. Sometimes consumers and retailers also refer to EMV as “chip” or “PIN” cards, but the information security improvements remain the same regardless of the jargon.
EMV represents an improvement over the antiquated magnetic strip system due to its introduction of cryptographic algorithms like Triple DES, RSA, and SHA. In fact, this improvement is so robust that it has resulted in the shift of liability for fraud away from the card issuing entities, such as banks, and towards the retailers who now have broad access to the more secure chip reading card processors.

Liability shifts

Starting in October 2015, US merchants became far more liable for credit and debit card fraud than they had previously been leading up to the Target breach. With the introduction of the more secure chip reading machines that utilized EMV technology, retailers were expected to protect their customers to an even greater extent by installing the readily available tech in all their point-of-sale areas.

Tokenization

Rather than focusing exclusively on trying to prevent hackers from entering the system, some looked to stop the hackers from being able to use what was accessed after the fact. From this point of view, it’s seen as inevitable that hackers will eventually get past a firewall or protection, so this strategy looks to attach a unique data string—or, as many refer to it, a “token”—that holds all the significant information about the data. It essentially controls the route of data after a breach, and as such would have been critically useful after the Target breach of 2013.

Blockchain Technology

To most folks, the term “blockchain” is synonymous with “Bitcoin,” the cryptocurrency favored by consumers ranging from dark web participants to Sacramento Kings basketball fans. While the Bitcoin currency has a bit of a reputation problem due to massive hacks of platforms like Sheep Marketplace, the underlying blockchain technology is gaining massive acceptance in more polished corporate settings. According to a new Deloitte report, blockchain promises 9 new benefits for early adopters:

Disintermediation and trustless exchange
Empowered users
High quality data
Durability, reliability, and longevity
Process integrity
Transparency and immutability
Ecosystem simplification
Faster transactions
Lower transaction costs

Birth of cybersecurity threat-sharing initiatives
- After the massive breach in 2013, Target also joined two cybersecurity threat-sharing initiatives: The Financial Services Information Sharing Analysis Center (ISAC) and the Retail Cyber Intelligence Sharing Center (RCISC). While the consumer may be less familiar with these types of entities, stakeholders within information security understand their gravity. According to Trey Ford, global security strategist at Rapid7, “Companies are not effectively sharing the right information about attacks to enable defenders throughout the industry to improve. If companies were to share meaningful information from post-mortem incident analysis, we would be in a far better place in detecting and deterring attacks.”
Sell Your Gift Card Now

But How Did Consumers Respond?

Target and other retailers of all sizes went through a significant series of reforms after the infamous breach in 2013. Some of them dealt with security, such as the EMV integration and tokenization efforts led by credit card companies, while others focused on cultural reform through increased amounts of risk discussion and post-mortem dissemination. With all of that in mind, how did consumers respond to the Target breach?

Beyond the initial anger—and boy, there was some anger—the uproar settled down a bit. This is to be largely expected. According to a study by Retail Perceptions, consumers have become a bit calloused to credit card theft (particularly millennials, as 60% of 18-24-year-olds stated they had their information stolen before). A retail-specific breach may impact their affinity for said retailer, but it also has one additional impact: moving customers away from using their credit cards and towards cash, gift cards, and prepaid cards.

Exponential Growth in Prepaid Card Use

The prepaid card concept is pretty simple to grasp. Whereas a debit card is linked to a foundational checking account, a prepaid card is only linked to the funds deposited within it. While it may seem like a hassle for some to continuously load value onto a prepaid card instead of pulling out a debit or credit card, this mode of payment is rapidly growing in popularity.

According to a recent Pew survey, general purpose reloadable (GPR) prepaid cards are exploding in popularity. The use of these cards increased more than 50% between 2012 and 2014. While prepaid cards have typically been utilized by the underbanked without bank accounts, a majority of this recent growth was driven by consumers with bank accounts who recently adopted the service.

The motivations run the gambit from helping consumers budget more tightly by not allowing overdrafting to giving consumers without more traditional checking accounts, access to the convenience of card usage. But regardless of the motivation, the recent growth of prepaid cards is likely to continue moving forward as the bulk of adoption has been seen with the younger generation.

Gift Cards: The Other Side of the Prepaid Discussion

Alongside general purpose reloadable cards, gift cards comprise the second half of the prepaid card discussion. And according to a recent report by the National Retail Federation, it’s not particularly difficult to see why. When asked what types of gifts they would like to receive, consumers responded as follows.

Personal care, beauty items: 20%
Jewelry, precious metal accessories: 23%
Home improvement items, tools: 17%
Home décor, home furnishings: 22%
Sporting goods, leisure items: 19%
Consumer electronics, computer accessories: 30%
Books, CDs, DVDs, video games: 40%
Clothing, clothing accessories: 52%
Gift cards: 60%

Far and away, gift cards are the preferred present for any gift-giving purpose, and the recent concern with information security tied to our checking accounts has driven this demand even further. Gift-givers themselves have plenty of reasons to opt for handing out a gift card; the rationale is vast, from allowing recipients to select their own gifts (50%) to convenience on their end (25%), gift-givers love the simplicity and flexibility gift cards have to offer.

Spillage

If the average consumer hears the term “spillage,” they may think we’re talking about a dope way of referring to that mess you just left on the floor. But with the rapid growth in gift cards, spillage is a concept every consumer should become familiar with.

In this context, spillage refers to unused balances on gift card accounts. From 2005 to 2011, spillage topped $41 billion as consumers consistently left balances on gift cards, unused. While retailers may have enjoyed this giveaway, the government was none too pleased to witness what they considered to be a fleecing of the average consumer. As such, Congress passed the Card Accountability, Responsibility and Disclosure (CARD) Act back in 2009.

Since the CARD Act passed, spillage has decreased to around 1% of total gift card balances. Though this may seem like a small amount, consider the fact that the gift card market is now well over $100 billion. Therefore, over $1 billion of unused gift card balances gets wasted every single year!

Sop Up That Spillage

EJ Gift Cards is here with a solution for all that spillage. Rather than continue to let these unused balances waste away in your wallet, sell us your old gift cards for top dollar! Think about it, what’s really better here: seeing that Olive Garden gift card and remembering that you really aren’t going to get out there anytime soon to use it, or selling it to us and pocketing the cash in your bank account for anything else that you need?

Our model is very straightforward. Simply log onto EJ Gift Cards and click on “Sell Gift Card Now!” Make sure to gather up all of your unused gift cards—you can sell as many as you’d like to us. You’ll be directed to an easy 3-step process:

Tell us who your card merchant is and how much is left on the available balance.
Allow us to generate an instantaneous offer on the spot for that unused gift card.
Decide whether you want to accept our offer, and verify a couple pieces of information if so.

It’s really that easy. No loopholes, no fine print, and no pressure at any step of the way. If you want to hold onto that Olive Garden card and splurge on a couple of breadsticks next time you’re out there, have at it. If you think that gift card should be saved for some pasta carbonara and red wine down the road, by all means, keep it in your wallet. But if you don’t think you’ll be able to use that balance, or maybe you’d rather get some cash to go to the movies than spend an evening carbo-loading, then think about selling us that card instead. You’ll be able to use the cash you receive for any of your more immediately pressing needs, and we’ll be able to redirect it to someone who’s getting in the car now to enjoy some of those breadsticks right now. I mean, do you really want to stop them from those breadsticks?

So give us a shot! Our website is easy, the process is straightforward, and you can decide within a minute or two whether you’d like to exchange those hypothetical appetizers for some very real cash right in your paypal account.