Bad News: Gift Card Fraud Rising. Good News: CUs Usually Not Liable

ARLINGTON, Va. — Yet another piece of bad news coming out of the 2008 holiday season was increased incidents of fraud involving gift cards. The good news, for CUs at least, is that in most instances CUs are not liable for fraud losses on third-party gift cards they sell. In November it was disclosed that computer systems used by RBS WorldPay-a subsidiary of the Royal Bank of Scotland, which is a leading processor of prepaid and gift cards including some sold by CUs-were hacked. The thieves compromised about 100 prepaid card accounts and may have gained access to over a million Social Security numbers, leading the bank to recall and destroy the gift cards involved and offer free credit report monitoring to the people whose Social Security numbers were potentially compromised. Later, the season saw at least one instance of an organized ring of thieves using gift cards to manufacture fake debit and credit cards with stolen debit and credit card numbers. At least one major issuer, American Express, acknowledged having sold some gift cards this holiday season that had been compromised and used somewhere along the firm’s gift card distribution chain before they reached the consumer. Prior to this holiday season, gift card fraud had been confined mostly to the actual theft of active gift cards or the use of stolen credit or debit card numbers to purchase gift cards. But while gift card fraud has started to rise, most CUs selling the cards do not face losses from the compromises, a major CU insurer said. CUNA Mutual Insurance, the insurer for the majority of credit unions in the U.S., said that gift cards are generally covered by their policies, but in most instances where credit unions sell cards issued by another firm, the other firm retains liability. –[email protected]