Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can be given as a gift to a friend or relative.  Alternatively the card can be provided as part of a corporate promotion or reward scheme.  There will also be some value to the buyer in having their initial cash or card transaction hidden from the Apple or Google servers.  The cards themselves, however, have no intrinsic value.  The customer is buying a future agreement to provide some service.  Any 3rd party seller will have received a commission when they activate a card on sale but neither they nor Google nor Apple are under any obligation to refund the original purchase price.  Indeed the nature of the card’s value is linked to a code that is only verified when that card is redeemed.

Stolen but not activated cards will be useless but any underlying value of an activated card is transferred with the card code rather than the physical card itself.  It should be impossible to convert a code to cash but this can be overcome by using the balance to buy something that in itself is transferrable.  For example high value Apple products such as an iPad.  A Google Play card might be used to buy crypto that in turn could be cashed out.   If the scammer has their own App on the relevant store front they could purchase it and receive any funds in cash less the store commission.  There are also secondary market services such as Gameflip which allow buying and selling of Apple and Google gift cards albeit at a percentage of their stated value.  These legal resellers will be offering financial protection to the buyer and seller so are less likely to attract the wholesale scammer.

Scams run with the victim buying cards and transferring their codes to parties who will run off with the cash.  A simple example would involve the impersonation of a friend or relative in immediate need of funds that must be provided as a gift card code.  Another approach is to ask for payment of a service through a gift card.  The ‘service’ will take the code and swiftly re-use it for a valid purchase on their own behalf.  Apple identified scams  involving requests to pay taxes utility bills, bail and hospital bills.  The latter 2 cases being a particular case for the USA.  The obvious counter to such a scam is to never use Apple or Google cards for payments outside their approved stores.  Any of these card scams could be followed up by an approach to ‘refund’ the funds lost.  This is just a means to step up the fraud.  The target will be encouraged to pay a retrieval fee, bank account and personal details being harvested and used for further attempts to steal funds.  It is relatively hard to get Apple or Google to refund even genuine errors in card redemption.  Details of obvious fraud should be passed to the police and any services offering to help with recovering lost funds should not be trusted.

Recent legal actions show that Apple and Google have a vested interest in not blocking card code theft.  They are under no obligation to refund but can earn interest on funds while they investigate allegations.  They will also be taking a commission from any services such as Apps or Tunes bought through the stolen codes.  A California class complaint filed in March 2024 alleges that Google kept its share of commission from millions of dollars of fraudulent card purchase, made card theft too easy to implement and failed to adequately warn buyers of the risk at the point of sale.  A USA Federal ruling from June 2022 also agreed that Apple had benefitted from scams of its own gift cards.  In January 2024 Apple agreed a mediated settlement with the complainants.

More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Biometric Security Hacks

Biometric security may not be the bulletproof security system that it appears to be.  The theory is that information such as fingerprints or facial …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus