But for the short version, you'll need to ask your POS provider the following 3 questions: What info do I need to order encoded Magnetic stripe cards Please see our complete guide to magstripe encoding. The account in your POS database is where it gets reloaded, and when a gift card is swiped or scanned, the POS system then determines whether to load or redeem value for that account. The magnetic stripe or the barcode will always keep the same original encodedĭata. The card itself does not actually reload. Your POS system has the function of reloading value to your gift card's account number. So it's never the gift cards that holds actual value, but rather your POS database that manages it.Ĭan I reload my Gift Cards after it's been used up? Either a barcode gift card or a magstripe gift card are technically reloadable, it is important to understand that thisįunction has really nothing to do with the gift card itself, but with your POS system. it is then able to access the specific account info within the system's database, and load, reload or redeem value onto that account number.
#Gift card writer software
Think of this number/code as an account number, whenever you scan or swipe a card, your POS software refers to that account number within the POS database. Face-Value (works like a gift certificate, with a one-time use for $10, $25, $50, etc.)īoth, the barcode and the magnetic stripe hold an encoded number or alphanumeric code, this data is unique to each gift card you sell.Before you pick up that unguarded card from a retail counter, perhaps consider who might have picked one up first-and who else might know that slice of plastic's secrets.How to encode / load value on gift cards? Gift cards and Key Tags can "hold value" in one of three ways: "A lot of gift cards are numbered sequentially, and it appears he or she was just checking them like that," Rowley says.Īll of the gift card security issues Caput highlights have relatively simple fixes: Implement strong CAPTCHAs that bad actors can't circumvent on gift card value-checking sites, don't leave unactivated gift cards up for grabs at store counters, and use scratch-away coverings on cards to prevent them from being photographed and then replaced in stores.īut until retailers and restaurants make those fixes, consumers would be wise to think twice about buying gift cards that could potentially have their value siphoned away by hackers. When Flashpoint talked with one of the affected retailers, the company's researchers determined that the seller was indeed using an automated tool to bruteforce activated gift cards, just as Caput has shown. Flashpoint analyst Liv Rowley says one vendor on the dark web marketplace AlphaBay alone had made more than $400,000 in sales between November of 2016 and July of this year when AlphaBay was shut down by the FBI, largely by selling stolen gift cards for more than a dozen brands, including stores like OfficeMax and Whole Foods. In May security firm Flashpoint released a report in which the company found hundreds of discussions of "cracked" gift cards on criminal web forums, spiking in the summer of 2016 and again in early 2017, compared with virtually none before 2016. The vulnerabilities that Caput found aren't merely theoretical. When it is, he can spend whatever money has been added to it. Then he simply checks on those numbers periodically via the restaurant or retailer's website until the card's been activated. If gift cards are left accessible, he can simply grab the entire stack of cards, photograph the back of them, and later place them back in the tray. The person’s card says it has $50 on it, and then it’s gone.' -Security Researcher Will CaputĬaput points out that even restaurants and retailers that have added robust CAPTCHAs to their gift card value-checking pages can remain vulnerable. By the time he finished his burrito, he had a plan to defraud the system. While the final four digits of the cards seemed to vary randomly, the rest remained constant except one digit that appeared to increase by one with every card he examined, neatly ticking up like a poker straight. So he grabbed them all-the cashier didn’t mind, since customers can load them with a credit card from home via the web-and sat down at a table, examining the stack as he ate his vegetarian burrito.Īs he flipped through the gift cards, he noticed a pattern.
![gift card writer gift card writer](https://alarnarosegray.files.wordpress.com/2012/08/envelope-2-copy.jpg)
While there, still in the mindset of testing the restaurant’s security, he noticed a tray of unactivated gift cards sitting on the counter.
![gift card writer gift card writer](https://img.youtube.com/vi/r30eYdxB2iQ/hqdefault.jpg)
He decided to drive to the local branch of the restaurant in Chico, California. So when 40-year-old Caput took a lunch break, he had beans and guacamole on his mind. In November of 2015, Will Caput worked for a security firm assigned to a penetration test of a major Mexican restaurant chain, scouring its websites for hackable vulnerabilities.