- Hacking Retail Gift Cards Remains Scarily Easy by Wired. Wish there was some way to do it without the annoying captcha.
- Wells Fargo Boosts Fake-Account Estimate 67% to 3.5 Million by Bloomberg. Wow, it doesn’t stop.
- American Express Introduces Pay It Plan It: A Mobile Feature That Gives Card Members Two New Ways to Pay for Credit Card Purchases press release by Amex. They always get you with the fees. Best is not to carry a balance, but this is good news for those who do.
- Travel Insurance Showdown: Reserve vs Prestige vs Platinum by Frequentmiler.  A comparison of travel insurance benefits.
- Starbucks online store is going out of business after October 1st. Running big sales there.
- $50 Applebee’s e-gift for $40 on Jet.com (HT: @mordyny). That’s our affiliate link, you can try using a portal instead.
“Wish there was some way to do it without the annoying captcha”
Some way to hack or some way to prevent hacking?!
wow, that guide to travel insurance on the premium cards is super super helpful! knowing which benefits each card has is always the hardest part of using them, and summaries like this are excellent
Regarding the gift card brute forcing, the simpler solution is just to rate limit the check. If anybody tried to check the balance of a particular gift card number and the PIN is wrong say 5 times, then just block that gift card number from being checked for say 48 hours
Yep. I can’t stand how everyone’s solution is the implement Google Recaptcha. I don’t want to use Google products or support their business but I’m forced to when they use Recaptcha. Not to mention the challenges are super annoying!
Hacking retail gift cards that need 10,000 combinations? For shame, Will Caput.
Instead he should focus on prepaid gift cards (multiple vendors), where it only takes 1,000 combinations to brute force because you can predict the numbers of multiple other cards with near 100% accuracy and all you need is the CVC. That’s where it’s at!
The hacking of gift cards reminds me the game Watchdog
Oh, and the cards in the picture that they tried to blur out are from Chipotle. So.. don’t buy gift cards from them.
What?
Thanks re Applebees cards. Physical not egift btw.
Kohls, Nordstrom, and Ticketmaster were hit, and I suspect Dunkin Donuts is getting hammered right now. Just throwing it out there in case I’m right in the future.
Why don’t eBay gift cards have a PIN?
Poor implementation. They’re only 13 digits and if you buy enough of them you can find the pattern. Ebay gift cards have been stolen in the past. If you buy a card I recommend using it to make a small purchase so that it becomes locked to your ebay account. I usually buy a recipe for 1 cent or something like that.
Good idea, I found some cheap auctions. eBay must have changed the minimum buy-it-now listings to $0.99 a few years back. They used to have 1 cent buy-it-now listings.
You should be able to find some 1 cent auctions that are ending soon.
Complete negligence on eBay’s part. Any legal experts know what is eBay’s liability on hacked eBay gift card claim numbers?
I do exactly what Chris H does on large denomination eBay claim codes. Purchase some small domitation items on eBay to lock in the claim code to my account.
Again, complete negligence from eBay. Ebay really deserves a class action lawsuit on this issue that would wake up eBay management from their sleep.
I think we can defend eBay a bit that businesses who only sell online are more protected than physical businesses since they have your address and since it’s a longer process until the item is shipped out (not instant).
Regarding the Amex new payment plan…. They call it a fee to avoid interest, but doesn’t the Card Act require that it be treated as interest?