Anybody who’s spent time keeping up with blogs and forums in the points & miles world eventually reads about somebody being defrauded by a legitimate gift card purchase. Blogger Mike over at igobyplane.com has the most extensive account I’ve seen yet of being ripped off–and what’s more, he’s found evidence that links the thief to someone in the IT department at InComm.
It’s a lengthy piece and I encourage you to read it as there is a lot more detail than I’m going to share here, but Mikes’s first point is that PayPal My Cash cards have a security flaw:
I speculated that a possible problem was the sensitive PIN numbers – the only thing required to load money – may be easy to get by clever employees. As it turns out however, even stupid employees can get to them. They are stored in a database in plaintext – meaning they are there to just read off. They are not encrypted or encoded. They are not even shielded from mass user access – anyone who can poke around in the database can see them.
Mike also was able to track down an email address associated with the theft. The email address’s owner is connected to an InComm IT guy on LinkedIn. Which is circumstantial evidence, of course, but it still makes you wonder.
Apparently a number of people have had funds go missing and been told that they’re out of luck and they have to eat the $500 or whatever amount they have loaded on the card. Mike found a lawyer and got in on a class action lawsuit, which InComm eventually settled for an undisclosed amount. Even if InComm employees aren’t actually stealing, it would be nice to see InComm making more of an effort to compensate innocent customers defrauded by its product.
- If you buy use these cards, you should use them as soon as possible. (This is already the usage pattern for most.)
- If you have one of these that has been sitting around for a couple weeks – it’s worth calling up customer service first to verify with the 16 digit number that the money is still there. If you don’t do this step, I would recommend at least taking a video of you scratching off the PIN and trying to load the card, just in case.
- If your card has been sitting around a couple months – or longer – the likelihood of your money being gone grows exponentially!
Again, I encourage you to read the full article and see what you think.