And yet they continue to sell these cards. Why?
It's simple: they're essentially free money. The worst case for them is that the recipient of the card uses the full amount of the card. In that case, the issuer "only" makes the full profit on those sales. Often they do better: the card is used partially or not at all, then lost or forgotten about.
You can see how lucrative they are by looking at promotions. You can often find deals where you can buy a $100 card for $90, or similar. Why would you sell a dollar for 90 cents? Because you know that on average you're selling quite a bit less than a dollar.
As for the fraud risk... do they even care? When gift cards are used for crime, the issuer doesn't suffer. Maybe they have to deal with upset customers, but that's hardly new. Most of the time, the gift card is bought legitimately, given to criminals, resold, used by the secondary buyer, and the only one who suffers is the unfortunate scam victim who bought it.
It would be so easy to make gift cards more secure. Modern technology can do a lot better than an alphanumeric code under a sticky cover. The fact that they don't bother should tell you everything you need to know about how important fraud is for them.
Your math is wrong.
The merchant wants you to use the card, in all cases, always. Because statistically, you are likely to spend 30-40% more than the card face value, when you do.
The unused portion of the card sits on the merchant's balance sheet as a liability, for years, until they decide to recognize it as revenue ("breakage"). They prefer this over NOT selling a GC, of course, and some merchants (e.g. Starbucks, high volume, low ticket) make a ton of money on breakage. But in all cases, merchants greatly prefer their cards to be used.
You're also wrong about how the fraud works. Usually, the card is not purchased but sniffed prior to legitimate sale. The mechanisms for this vary, but a common method is to literally pull armloads of cards off of display shelves, open and repackage the carriers, then surreptitiously return to shelves for legitimate sale. This is purportedly the process for large organized crime rings based in Asia, mostly China.
And you're wrong about how easy it would be to fix. Packaging costs money, retailers have to be on board for activation, this has to be integrated into POS systems, and it all has to be very easy for consumers.
This is a hard problem at scale, and smart and motivated people on the merchant side, the program manager side, the bank side, and the law enforcement side, would love a simple solution.
...
What is not a hard problem, though, is that Apple should separate "AML investigation in process" from the user's ability to access their own data. This would turn a very large problem (for all involved) into an annoying inconvenience (for the customer).
Packaging costs money. Gift cards make money. Easy fix.
Stopping the theft you describe is very easy. Don't have actual gift cards just sitting around. Require customers to get them from the cashier at the time of purchase. Have dummy cards on display if you want them to have something to hold, or make them ask.
Of course these solutions aren't free. Adding friction to the purchase process will reduce sales. Retails have clearly concluded, I assume correctly, that it's not worth the cost. Nothing wrong with that.
Don't confuse something being difficult to fix with something not being worth the cost of fixing. We can put a solid upper limit on the impact of fraud by looking at what it would cost to stop it, and conclude that the impact of this sniffing fraud is less than the impact of having cashiers exchange dummy cards for real ones at the time of purchase.
Note that this isn't a "this is easy, they must be idiots not to do this" sort of thing. The current approach is probably the smartest one, given how things currently work. If the incentives changed to make retailers bear more of the cost of fraud (say, legally putting the burden of proof on the retailer to show the card was used legitimately, otherwise they have to refund it if the customer alleges fraud), things would change quickly.
There's some truth to the incentives angle.
The program manager is responsible for retail placement and packaging. Their share of the revenue is small, but their liability for fraud is high.
Retailers (POS card sellers e.g. Safeway, as opposed to the card-branded merchant e.g. Apple), bear zero risk for fraud. Safeway can't police card validity -- if a customer brings the card to the cashier, they will scan it and the POS will attempt to activate it according to the program manager's backend rules. If it's a new unactivated card, it will get activated. The PM knows which serial numbers were distributed to each retailer, so they will not activate a card at a different retailer (and in some cases, a different location of the same retailer).
Moving the 100+ square feet of unactivated card displays to a retail cashier would destroy sales and impose a burden on retail staff that many can't handle, and none are incentivized to create a process for handling.
FWIW, program managers have gone through a few rounds of tamper-proof packaging upgrades. Obviously, their work is not done. But it is legitimately difficult to mass produce a tamper-proof package that is also consumer-friendly and not exorbitantly expensive.
If cost of packaging were no issue, or if customer friction could be disregarded, then the problem becomes more soluble. But we do not live in that world. And, in the extreme case, the criminals could just produce identical packaging including holograms etc. This is obviously within their capabilities, and if the cost of packaging can be absorbed in the multi-party legitimate sale chain, it will also be low enough for a counterfeiter.
...
More importantly, I agree that _some_ regulation or law should prevent Apple|Google|Amazon|etc from parlaying a minor financial dispute into total lockdown of customer data! But the approach for that is not to inject the requirement into the problem of closed loop prepaid debit card management.
I think this is the only interesting problem here. The card management stuff is well-known and evolving, but also mature and ultimately just some accounting math of risk against cost.
Screwing up a customer's digital life should not be a consequence of the imperfect-by-design card management schemes. FinCEN should regulate the latter. CFPB should regulate the former. The agency doesn't matter of course, but those two groups have very different mandates, and right now merchants are letting the stronger FinCEN regulations dictate their consumer policies in ways they should not.
> Why would you sell a dollar for 90 cents? Because you know that on average you're selling quite a bit less than a dollar.
There's more to it than covering the risk of fraud. It's more about optionality. The gift card only allows for buying things at one place — so you're restricted in what you can buy, can't deposit it at a bank, can't comparison shop etc.
I don't get the sense that money being left on the card is a serious issue for the sort of person who goes hunting for deals like this. They'll eventually spend more than the card's value and have the last of it apply partially to some purchase.
Also the discount rates I've seen have been more like buying the $100 card for $95 or $97. Except perhaps where the gift card retailer is offering it directly as part of a cross-promotion deal with the target retailer.
You usually save at least 10% on giftcards at Costco, and often 20%.
Breakage is between 10-20% on average, which is just insane.
However, a significant amount of the spending in gift card promotions is from the marketing budget of these companies. They use gift cards to keep you "engaged". They are used the way companies used to give out coupons basically.
Promotions rarely cost much. Keep in mind that even if breakage was zero, every dollar you spend at a company already has a profit margin baked in. Even if you only pay $9 for that $10 of spend at CompanyPlace, they are likely still making a profit. Promotions also have strong limits, so you can't really profit off of them as a consumer.
Except for one time. Once, IKEA ran a promotion that was "Spend $1000, get $100", and chose to set NO LIMITS. People were banking $10k worth of IKEA giftcards "for my future kitchen renovation" and IKEA found out their gift card fulfillment process was.... antiquated. Did you know old versions of Excel only allow for 65k rows of data?
>As for the fraud risk... do they even care?
We care. The brick and mortar store and Apple themselves don't really care, because they pay our company to take that risk, and our entire business is about preventing credit card fraud to reduce how much that risk costs.
>It would be so easy to make gift cards more secure. Modern technology can do a lot better than an alphanumeric code under a sticky cover.
What? What is your idea for better securing these cards? What "Tech" would help?
Note that I have no clue what apple is doing banning this account. We don't tend to ban victims of fraud or crime or scams, especially not for physical cards bought in a store because who knows what actually happened.