A serious security vulnerability has emerged in the gift card industry following a demonstration by Australian YouTuber Simon Dean. He successfully hacked into a popular gift card in under 15 minutes, raising concerns about the potential for widespread fraud among consumers. The incident has prompted an investigation by The Card Network, the operator behind the affected gift card.
Dean’s experience began after he was unable to redeem a $500 ‘TEEN’ gift card, which he purchased to earn points through a reward scheme at Woolworths. Upon attempting to use the card, he learned it had already been redeemed by an unidentified individual. “I was really confused because the PIN code on the back of the card was still intact,” Dean explained to SBS News. His frustration led him to investigate the security measures in place for gift cards.
According to a consumer survey conducted by financial comparison site Finder in January 2024, Australians hold approximately $1.4 billion in unused gift cards. Dean’s situation highlights the risks associated with these cards, especially when consumers may unknowingly purchase already redeemed ones.
After contacting customer service regarding his unusable card, Dean learned that it had been redeemed shortly after his purchase. Determined to uncover the issue, he bought another gift card, this time valued at $20, to test his hypothesis. Within minutes, he discovered the PIN associated with the card, which he described as “astonishingly simple.”
SBS News has opted not to disclose the specific method Dean used to exploit the security flaw for safety reasons. In response, The Card Network stated, “We leverage a range of security tools and technologies to monitor suspicious activity.” The company declined to comment on Dean’s individual case but confirmed they had resolved his concerns after a thorough investigation.
Dean reported it took around six weeks to receive a full refund for the stolen card, during which time he was asked to submit a statutory declaration and a police report. “Hopefully they fix their systems, and hopefully people won’t have to go through what I went through in order to get their money back,” he stated.
The Card Network indicated that its verification process for gift cards is more complex but acknowledged challenges exist since gift cards do not have registered users. Angus Kidman, international editor-at-large at Finder, criticized the reliance on “simplistic” four-digit security PINs, asserting that more sophisticated methods should be adopted. “A four-digit PIN is just not very secure,” he emphasized.
Dean’s findings have illuminated the vulnerabilities within the gift card system, sparking discussions on the responsibility of companies to protect consumers from fraud. According to Kidman, businesses must act swiftly when evidence of a breach arises to safeguard both their customers and their reputations.
As the digital economy continues to grow, ensuring robust security measures for transaction systems, such as gift cards, remains critical. The recent incident serves as a cautionary tale for consumers and businesses alike in the ever-evolving landscape of digital finance.
