PSA: Potential Compromised Myers/Coles Group Gift Card from Myer Sydney City

glassyan on 03/10/2023 - 09:52
Last edited 03/10/2023 - 09:55

Check that the security PIN has not been scratched if you have purchased Myer/Coles Group gift card from Myer Sydney City. Seems like someone has scratched off the security PIN for at least some of the cards there and could be attempting to drain the balance once the card is activated.

I purchased them over the long weekend and just noticed today that someone has lightly scratched the security PIN area, just enough to reveal the PIN but not enough to arouse suspicion at time of purchase. Thankfully when I called in they told me the cards haven't been used, so they have suspended those cards and will send me new ones to my address and have alerted Myer about this also.

Financial

Related Stores

MYER
MYER

Comments

  • MS Paint on 03/10/2023 - 10:07
    +3

    @mapax

    Here's a new one for you.

    • mapax on 03/10/2023 - 10:24

      I’ve got nothing for this one. But you’ve got to wonder at what point gift cards become too much risk if the paranoia is so high that a slightly damaged scratch panel leads to instant thoughts of compromised cards.

      • Trance N Dance on 03/10/2023 - 10:32
        +6

        Whether it's intentional or not, that's the sole purpose of tamper evident seals. It means the security of the information it's hiding has been compromised and should not be used/accepted.

      • glassyan on 03/10/2023 - 10:38
        +11

        There is a simple solution to all this: Just put out mock gift cards for customers to bring to the checkout counter and leave the actual gift cards behind a secure box that the employee will activate and hand over once the purchase is done.

        They said gift cards are supposed to be treated like cash, except it apparently doesn't apply to the shop themselves, as I doubt Myer would leave cash just sitting there in a publicly accessible area.

        • Protractor on 03/10/2023 - 10:45
          +1

          Surely access is a physical process?

          Maybe some of these orgs could / should employ more ethical staff?

          ISPs and telcos are a classic. Unknown faceless offshore staff accessing peoples ID docs and email accounts. (are they police checked and accountable at law to Australian law and penalty if they do the wrong thing??)

          What could possibly go wrong?

        • Jimothy Wongingtons on 03/10/2023 - 11:41
          +1

          the employee will activate and hand over once the purchase is done.

          What if the crims got someone undercover on the insideeeeee?

        • outlander on 03/10/2023 - 16:29

          There's an easier way than that. Given the cards don't hold any value until activated, you could have secret details (like ccv or pin) printed on the receipt when you buy them

          • John Kimble on 03/10/2023 - 22:24
            +1

            @outlander: Yeah, nah

            • outlander on 04/10/2023 - 00:03

              @John Kimble: Nah nah Yeah

              • Heaps for Cheaps on 04/10/2023 - 05:30

                @outlander: Advanced Hair, Yeah Yeah

              • John Kimble on 04/10/2023 - 10:58

                @outlander: Sorry, let me elaborate on my previous comment.

                Your solution in theory sounds good, but I can think of a few issues:
                1) The current setup of generating a physical card and printing the PIN on it at the gift card "factory" has been in place for a long time. The chances of those PINs being compromised on a large scale is relatively small
                2) For your idea to work, the gift card company would have to create from scratch a system that could generate a PIN and link it to an existing card and send it out live to all the different merchants that sell gift cards (bear in mind they all probably use different POS systems). I'm not aware of anybody that does this currently for physical cards?
                3) The gift card company would need to test it and each merchant would need to test it also. This would probably cost millions.
                4) They would also need to redesign all the cards without the PIN on it and decommission the old system (also a cost here)
                5) Your system would probably cost a lot more to maintain, there is a higher chance of mass compromise given it's online/live and there is also the possibility of outages

                I'm no expert, so happy to be corrected

                • outlander on 04/10/2023 - 14:16
                  +1

                  @John Kimble: I think your assessment is about accurate. Thing is, the security of the cards has been an issue for a while now, and it's just a disaster waiting to happen, so it needs to be fixed sooner or later as the potential for damage is easily in the millions.

                  I wouldn't suggest modifying existing cards, because that would take a lot of work, but by applying changes to the new batches. There's already a back and forth transfer of data that happens when you buy the card, so the system exists, and I can't think of any encryption scheme that would work without some back and forth communication.

                  However, the assumption is that they want to fix it. They may not want to. I think the major source of profit for these companies is the money that gets left on the cards and never used. If that's the case, you want to make it as easy as possible to buy the cards, and secret codes on receipts are just potential problems that might drive a person to say 'its too complicated!' and not buy them.

                • Trance N Dance on 05/10/2023 - 11:14
                  +1

                  @John Kimble: It's doesn't have to be that sophisticated, it'll just use a modified method to how recharge PINs are distributed and certain information would need to be relayed through the processing system via each card's unique barcode. This however will open up the possibility of that data being hacked as the PINs/CVV/etc will have to be stored in a central location.

                  The issue with printing these details onto the receipt is the customer will most likely lose that piece of paper and thus the details required to use the card.

  • burningrage on 03/10/2023 - 12:17
    +1

    Thanks for the notification. I will check my cards carefully from now before bringing it to the counter for activation.

  • ihbh on 03/10/2023 - 14:37

    Thanks for sharing.

  • Heaps for Cheaps on 03/10/2023 - 17:09

    Thanks for the announcement. Always a good reminder.

  • GourmetFoodie on 03/10/2023 - 20:59

    Thanks. I always found it bizarre gift cards are just left exposed like that…

    • Protractor on 03/10/2023 - 22:04

      It's all about abusing personal data to launder money . Free Gift Card is a hint for intellectuals

Login or Join to leave a comment
Login Join