So I've been wanting to buy gift cards in bulk lately for various stores (from an actual store such as a supermarket or gas station) to take advantage of some promos. I've never personally been exposed to scam or fraud involving gift cards as I seldom use them but I've been reading a lot about it recently. Most of them are due to buying from third party sources but my questions are more specific to buying them through first party means.

Are unscratched PINs actually secure? How is fraud involving cards with unscratched PINs usually performed? I've read stories about people who buy cards from a store and even upon first scratch, they find out the balance has been used up.

So I've been wanting to buy gift cards in bulk lately for various stores (from an actual store such as a supermarket or gas station) to take advantage of some promos. I've never personally been exposed to scam or fraud involving gift cards as I seldom use them but I've been reading a lot about it recently. Most of them are due to buying from third party sources but my questions are more specific to buying them through first party means.

Are unscratched PINs actually secure? How is fraud involving cards with unscratched PINs usually performed? I've read stories about people who buy cards from a store and even upon first scratch, they find out the balance has been used up.

Even though the Gift Card's number is covered by an unscratched area, there's nothing stopping fraudsters from taking cards home and skimming the card into a machine to read the Gift Card's number.

Once they have the number, they can just go back to the store and place it back on the Gift Card rack, hoping someone buys it soon.

Then create a duplicate of the Gift Card and use it.

At least I think this is what would happen. lolo Im not a fraudster so I wouldnt know.

Even though the Gift Card's number is covered by an unscratched area, there's nothing stopping fraudsters from taking cards home and skimming the card into a machine to read the Gift Card's number.

Once they have the number, they can just go back to the store and place it back on the Gift Card rack, hoping someone buys it soon.

Then create a duplicate of the Gift Card and use it.

At least I think this is what would happen. lolo Im not a fraudster so I wouldnt know.

Yup I understand that scanning the card's magnetic stripe to retrieve the number is trivial. It's the PIN part I don't understand. I'm assuming that you need both the card + PIN to complete a transaction. I'm also assuming recycling card numbers and PINs hasn't been reached yet.

Unless somehow the PIN is on the magnetic strip unencrypted and it's all a local check. That would be horrible.

Yup I understand that scanning the card's magnetic stripe to retrieve the number is trivial. It's the PIN part I don't understand. I'm assuming that you need both the card + PIN to complete a transaction. I'm also assuming recycling card numbers and PINs hasn't been reached yet.

Unless somehow the PIN is on the magnetic strip unencrypted and it's all a local check. That would be horrible.

Not at all, all that's needed to process a transaction with a gift card is a simple swipe of the card. Therefore, all that's needed is the gift card's number, not the PIN number.

So all a fraudster needs is the GC number, make a counterfeit GC with that number, somehow buy something and swipe that counterfeit GC. Voila.

From what I understand, the PIN might be for online purchases? Not sure.

correct, at least thats what they do @ superstore, just swipe the card.

at bestbuy, they need to enter the pin plus swipe.

so it depends on the store.

There is no way in hell that the data on the card is unencrypted. When a card is activated if there is no encryption key exchanged during activation that is the dumbest thing ever. It doesn't take a rocket scientist to implement client side encryption on cards with a public key with the data decrypted with a private key on the receiving end.

correct, at least thats what they do @ superstore, just swipe the card.

at bestbuy, they need to enter the pin plus swipe.

so it depends on the store.

I've noticed this at Futureshop too for entering the PIN. So do Superstore gift cards just not have the PIN on gift cards or do they choose not to require it on the transaction?

What I'm trying to gauge: If a store bought gift card has an intact, unscratched PIN area, is it guaranteed that you will not become a victim of scam/fraud given the store requires a PIN to be entered for its use?

I've noticed this at Futureshop too for entering the PIN. So do Superstore gift cards just not have the PIN on gift cards or do they choose not to require it on the transaction?

What I'm trying to gauge: If a store bought gift card has an intact, unscratched PIN area, is it guaranteed that you will not become a victim of scam/fraud given the store requires a PIN to be entered for its use?

I think your second question is 'it depends' on the store.

About superstore, they probably have the last secure one out there. It's a simple barcode, there is NO magnetic strip even. Anyone could copy the barcode (or generate a newly printed one based on the numbers) and scan it at self checkout (or replace the barcode on a card to use at a regular checkout). There is nothing secure about it, anymore than a barcode on a box of cereal is secure.