Got Scammed and lost $1500 on Gumtree -_-"

I thought I was being careful, but sadly not careful enough to account for the failures in lose implementation of JB Hifi's gift card policies.

  1. Had 3 x $500 gift cards from JB Hifi, from the promo in Dec last year
  2. Listed it here for a couple of weeks, no takers.
  3. So then I listed it on Gumtree.
  4. "James" contacts me, from ACT.
  5. Asks me "Do you have proof of balance picture? or receipts?"
  6. Not knowing any better, and assuming that a hidden "PIN" code is required to actually redeem these cards.
  7. I provided the card numbers, to allow him to check the balance on the cards.
  8. James says he'll pay at the end of the day.
  9. I get messaged here on Ozbargain, snowymatthew, so I decide to allow them to pay instead.
  10. I receive payment, via PayId.
  11. I send copies of the unscratched cards, and then again with the card numbers and PIN codes revealed.
  12. Following day, snowymatthew tells me there's issues with the card.
  13. Since the PIN codes are all revealed now, I confirm the balance on the cards.
  14. Discover they've been redeemed in ACT.
  15. Blah blah … I'm %^&*
  16. Returned the money back to snowymatthew.

So, it looks like James has been able to convince someone at JB HiFi to redeem the cards, with the PIN codes, and without the physical cards. I checked the terms and conditions: https://www.jbhifi.com.au/pages/how-do-i-use-a-gift-card-to-.... "Redeeming in-store at JB Hi-Fi … The actual gift card MUST be presented.". From responses from various stores, staff are not "meant to" accept anything by the physical cards … there lies the issue.

The presence of the PIN code in this instance gives a false sense of security.

Even retracing all the steps taken, I don't think I could have foreseen this - other than "don't use Gumtree". So, I guess this is a warning to others, that the card numbers only are enough to redeem a gift card. Meaning there's no real way for a buyer to validate available credit, or for sellers to have any form of security over the gift cards. This to me, is easier than counterfeiting money and JB accepting it, at another customer's expense.

Expensive lesson, and usually careful with these things. But, aw well, not expecting such a positive outcome. If anything, it just ruined my day.

Since then;

  1. Left my details with the store to follow up
  2. Filed a report with ACSC
  3. Emailed JB Hifi, asking how and why cards can be redeemed by the card number only, without the physical card which is contrary to their terms.
  4. Contacted Gumtree seeking assistance.
  5. I asked James to pay, as agreed and I would cease the police report.

So yeah, great first day back at work. -_-" And now have to deal with the missus.

And not that it means much, but this is the lovely guy that benefited from this all. https://www.gumtree.com.au/s-seller/1170622367193

I really didn't like the idea of having $1.5K in gift cards lying around, just didn't feel secure. And it really had to happen.

Update: So, it would seem kinda useless at this point. But because of the way that I shared the photo with James, it shows an account of his.

(Mod: removed personal information - please see commenting guideline)

Key updates:
* By RNDM on 07/01/2020 - 14:35
https://www.ozbargain.com.au/comment/8208345/redir
* By snowymatthew on 08/01/2020 - 16:47
https://www.ozbargain.com.au/comment/8213127/redir
* By RNDM on 14/01/2020 - 13:30
https://www.ozbargain.com.au/comment/8235494/redir
* By RNDM latest
https://www.ozbargain.com.au/comment/8239312/redir

Related Stores

Gumtree
Gumtree
JB Hi-Fi
JB Hi-Fi

Comments

  •  

    Wow, what a story, and a great lesson for many to be learned here, hope things will turn out okay, please give us updates what is going to happen, can't wait!

  •  

    LOL you can see he has already sold the gift cards to others.

    • +1 vote

      I think he has done this multiple times, as he has sold a few JBHIFI cards, and it looks like he purchases nintendo switches and sells them.

  •  

    Did you get the gift cards from redeeming the plans then cancelling them? If so good luck getting the money back if it’s linked to that as your proof of purchase…

  • +2 votes

    I really do hope @RNDM keeps this thread alive for all of us. One of the few threads that makes it to the front page and I'm intrigued for the end outcome.

    With my magic online detective skills I can deduce Snowymatthew is innocent (sorry for the earlier accusation) and James from gumtree is a scumbag. Prove me wrong.

    So from what I gathered from this thread alone is that physical gift cards using the numbers can be loaded up on apps such as Stocard or other barcode generator tools to bypass the requirements of the pin as they are then deemed as a digital e-voucher by the system when scanned which are treated differently?

    YMMV as some users claim you don't need the pin and some users claim you need the pin. Also from this thread this is true for other stores besides Coles/Woolworths which do require the pin?

    Purely evil scenario. What is stopping someone camping a week before Christmas/boxing period and keeping track of the gift cards stacked on the shelf knowing that these gift cards most likely won't be received by their loved ones by that time. That window of opportunity would allow scammers to load up the card numbers and trying their luck?

    • +13 votes

      I don’t have an update for today - just yet, but I do have a few thoughts on how to take this further if nothing progresses. So I’ll keep it alive.

      •  

        Why did you give the card numbers to the Scumtree guy if you are like me and believe like me it can't be checked without a pin ?

  •  

    So from what I gathered from this thread alone is that physical gift cards using the numbers can be loaded up on apps such as Stocard or other barcode generator tools to bypass the requirements of the pin as they are then deemed as a digital e-voucher by the system when scanned which are treated differently?

    If that is the case JB need to implement immediately a Amazon gift card system of scratching off the card number !

    Anyone can get some card numbers , wait for them to be activated and abuse it meantime .

  •  

    Can u confirm whether the balance was redeemed before or after you gave the pin to snowy?

      • +2 votes

        Gift cards are only activated when you purchase them though?

        • +3 votes

          That's not to stop someone storing them and using them after activation if it really was as simple as generating pin numbers based on the barcode.

          The Melbourne Cup ticket that was stolen only needed the barcode to be scanned to redeem it from the ATM. There was no need for a pin (based on a quick google of the story).

            • +6 votes

              @ratoloko: Credit card's pin is personal, so it is definitely not related to credit card number.

              Also the difference is, you can actually buy stuff with credit card numbers, site like amazon does not even ask for cvc.

              Gift cards on the other hand rely on store's policy which dictates whether pins are require. JB doesn't, that's why we have this thread. Don't try to act like you are smarter than everyone in the room.

  • +1 vote

    Hopefully JB helps out the OP and fixes their system so it cannot happen again.

    Good thread - OP is realistic and not here just to whinge. Raising awareness that there may be a flaw in redeeming gift cards helps the whole OZB community.

    What's the best way of a large transaction? Guessing cash only and meet up in a JB store so thibgs can be confirmed? And maybe for large purchases, both parties swap license information?

    I have heard of escrow type services, with trusted third parties, but have seen examples (albeit in online trading for digital game items) where fake escrow accounts have popped up (doing several small transactions honestly, to gain a good rating, then scam a large transaction).

    • +3 votes

      This is more than JB's system and policy though. Anecdotally, the whole gift card system needs a rework as users are reporting similar NO pin needed for other stores and their gift cards. (So what's the point of the pins if you can just generate a barcode???)

      Any malicious individuals can in theory compromise a crap ton of gift cards across Australia wide by simply noting the card number at the back of the cards and waiting for them to be bought and activated.

      I believe this thread alone and as a community we should make enough noise to raise awareness to the flawed the gift card system.

  • +1 vote

    Was personally surprised on the weekend when i went to Supercheap to use my $300 gift card to only swipe it and the transaction was done.
    No need to even take the pin number sticker off the back of the card.

    • +1 vote

      That is quite common with physical card when redeemed in store. The same thing with DJ's gift cards.

      The issue is when they allow redeeming gift card without the physical card and without PIN.

      • +1 vote

        Not exactly hard though to make a fake card by printing to a blank, or putting a sticker over the back of an old gift card for example. So it is pretty slack that they aren't requiring the PIN….

        Personally OP's plight has made me hesitant to buy gift cards. Easier to just give cash in the future.

    • +2 votes

      Bunnings giftcards have no pin at all lol

      •  

        They also give you cash back for change if you have less than $10 remaining

      •  

        I once did a refund at Bunnings without receipt so they said can only give credit on returns card. However, on using the returns card not in full, I got cash back on the change which I thought was strange. Had I known, would have brought $1 item instead.

  • +34 votes

    Hey OP - if you don’t have an update soon, can you please make one up? I’m too invested in this for it to just fizzle.
    Cheers.

  • +1 vote

    Does anyone know or have friends that work at news.com - they have journalist that can investigate this and shed light to scams with giftcards perhaps? Would be an interesting article for that type of website.

    • +23 votes

      News.com.au has actual journalists?

      • +1 vote

        That's what I mean, 'journalists' that will cover this story :D

        •  

          if someone writes it for them and mentions a company willing to make a contribution…. yea ofcourse.

      • +5 votes

        Why not? This story is far more interesting than the sensationalist garbage they usually publish.

  • +2 votes

    Not sure if this article has been posted before but it mentions that JB has $253m is unclaimed giftcards

    https://www.smh.com.au/business/companies/gift-card-sales-so...

    • +3 votes

      And that is why stores love selling gift cards and happy to give 5% discount on them.

      •  

        That's right. A $253 million interest free loan. It is in their best interest (and all businesses who offer gift cards) for people to have confidence in their systems, policies and security.

        All they do is protect themselves from theft and fraud and not the gift card holders. Luckily I don't think this is a major issue just yet.

        Once JB and other stores start seeing a decline in interest free loans because of threads like this they might improve their processes for taking gift card payments.

      •  

        To be fair sometimes you can buy e gift cards on the spot and use them. I actually do that with JB cards a fair bit through Suncorp app. The beauty with JB cards on this app is that you can buy them to the nearest dollar.

        I didn’t even realise the cards had a pin until this thread as JB staff just scan the barcode on my phone screen.

        •  

          That's with egift cards. If you have a physical card you need to swipe it through the eftpos machine and enter a pin.

    • +1 vote

      If and only if you had read the above thread!

  • -2 votes

    Lucky I never bought on Scamtree

  •  

    For my local JB even the serial number and PIN isn't enough. They request physical print out of the digital gift cards.

    •  

      You can use it online with the pin.

      Also, making a physical copy is also very easy. The barcode is a standard one which is generated from the number. If you have the template (from an existing gift card), you can print as many as you want.

      •  

        Yeah, I argued that with them and they still rejected. I should've placed the order with click and collect paid via gift cards lol.

  • +5 votes

    The scammer clearly works at JB HIFI.

    •  

      His scumtree history is selling alot JB HIFI giftcards so its likely

      •  

        It also explains how he manages to use the card without the pin.

    •  

      Or he has a friend that works at JB.

    • +7 votes

      You can redeem online and it takes just a few seconds to write a curl script that tests every pin

      Yeah nah, the back end blocks you after a few failed attempts.

      Its not like you're the first one to think of doing that.

      I have never actually done it

      and yet here you are telling us how easy it is to do….

      • -1 vote

        Doesn't mean it isn't possible, just not obvious. There are usually multiple APIs to do the same thing. I have brute forced pins before where the frontend locks you out.

        If they suspend the card, I won't bother testing it though.

        It's obvious there is a flaw somewhere if the guy redeemed it without a pin (not necessarily online).

  • +1 vote

    This sounds like a JB hi-fi security issue. They can find out which staff member, and also would have camera vision of the customer. I wouldn't let this go.

  • +1 vote
    1. I provided the card numbers, to allow him to check the balance on the cards.

    How could he check the balance without a PIN?
    You need a PIN to check balance on website

  • +1 vote

    may have been mentioned already, but JB Hi fi will be able to track the transaction. THe time of it and details of it.
    They will(should) have CCTV from the registers when it was paid, and surroundings of the store.

    • -1 vote

      but this is alot of work and back tracking, quoting privacy law and not being allowed to release this info will be much easier for the manager/IT guy

      • +1 vote

        I don't know why people keep quoting privacy law. When you walk into a shop there is a reasonable expectation that your movements and your transaction will be recorded. The only way the cctv footage is private is the fact that it belongs to JB.

      • +1 vote

        Why would JB HIFI want to incriminate themselves?

        If OP isn't lying, which I believe he isn't, this is a scam which involves an employee granting a new pin based off a photo alone which incompetence or gross negligence.

        •  

          an employee granting a new pin.

          No, JB Hi Fi in-store payment system doesn't require a PIN.

      •  

        It won't take that long, they will know the time easily enough and should have access at office to all recordings and slept to the time frame

    • +3 votes

      You've been watching too many CSI type shows.

      The local store manager might take the time to investigate if it was JB's own money that was lost, but since it was only the customer's money they will "make a note of it" and forget about it.

      15 years ago when I worked in a retail store, I remember a specific instance when a shoplifter went in, picked up a 5CD changer stereo box off the shelf and walked out the front door with it. I questioned him for a receipt but wasn't allowed to physically stop him. The centre security guards chased him, but managed to lose a him (they lost a guy who was carrying a box three times the size of a carton of beer.

      •  

        Only in Australia!

  • +3 votes

    OP, what's the latest in this one? It's like a thriller episode that I can't wait to know the climax of.

  •  

    I asked James to pay, as agreed and I would cease the police report.

    Police will have no interest in this unfortunately.

    JB is your best to follow up.

  •  

    What if James was innocent the whole time ???

    •  

      The who is real culprit.

      • +1 vote

        Beyond the 2 current suspects, I only see 2 options in this alternate reality:

        Option 1: OPs partner
        "Honey, I took a trip down to Canberra and used those cards you had lying around. Surprise!"

        Option 2: OPs split personality, like in that Secret Window movie with Johnny Depp that I just ruined for everyone. But hopefully less stabby-stabby.

        •  

          Or a 3rd party has access to the email accounts - sender or recipient. But what's the likelihood that their just waiting for an email with gift card photos.

  • +2 votes

    FWIW, I commonly put my gift cards onto an app such as stocard or Google pay and use it in store. I put the pin in the notes and take photos of the card, but all the cashier ever does is scan and it goes though "pin is only needed for online purchases"

    However, I remember when using ~$250 of gift cards in a purchase, the store required me to provide id.

    Probably already mentioned, but might be worth contacting the store it was used it, or even head office to ask about the Id of the person who used the card

    •  

      Do the apps create a barcode for physical cards since there isn't a barcode on them and the need to be put through an eftpos machine which then requires a pin to be input.

      • +1 vote

        It creates a barcode from the gift card number.

        I did the same with Bunnings GC - Bunnings don't even have pins on their physical cards.

  •  

    What's a decent price to pay for a $500 gift card for JB Hi Fi taking into account the risks? There must be plenty of $400 or $500 gift cards out there from all the JB deals of late.

    • +1 vote

      Easy sell at 92 - 93 % . Last time I got some did some stacking at around 80% , left them around for 2 mths traded out of them a week ago .

      Wouldn't advice not using them immediately though :)

    •  

      ~5-10% discount seems to be the going rate. Not sure if the savings are worth the risk.

    • +4 votes

      Would have to be well over 5% since you can get 5% off with no risk through membership with Entertainment Book, automobile clubs, some health insurance co etc.

  •  

    Fascinating read and I agree that JB is ethically responsible to refund this. Whether they're legally liable is a different question - this is a loophole which should be closed by ACCC.

    I'm curious - is there any safe way for either a buyer or seller to do this transaction, if in different locations, without risk?

  • +3 votes

    Apologies if someone else has already raised this but you quoted JBs policy:

    "Redeeming in-store at JB Hi-Fi … The actual gift card MUST be presented."

    So how is it that you expect Snowy to be able to claim the gift card without the physical card? (He alleged he tried and was only stopped because there was no value).

    It's a bit moot at this point but the reason why I raise it is because you're using failure to adhere to the policy as a defence but at the same time expecting it to work in your favour when onselling to someone else? (All due respect to your loss)

    •  

      Online with the pin

    •  

      The terms and conditions outlined are the terms in which JB will execute. These are terms which define what JB hifi can and will not do, these do not limit my actions. My criteria have already been met once I have either paid for the gift card, or in my case, simply signed up for a 12-month Telstra plan. Once these criteria have been met, then the gift card is due, and my actions following have no impact on this agreement.

    •  

      I was stopped by the cashier at JB MQ because I couldn't present the physical cards not because there were no value on the cards

  • +21 votes

    Thank you all for your support, and I can fully appreciate the amount of interest this story has built up. I haven't been providing updates, simply because there hasn't been much to tell.

    I too wanted to know the progress of JB's findings and reached out to them today. All I know is, "inquiry is in hand and has been handed over to the Woden and Chadstone store managers for investigation".

    For now, I can't expect much more. At least they haven't simply dismissed the matter.

    • -1 vote

      If you call them at least once a day, or possibly more often if really dedicated, I imagine they'll get onto it more quickly.

    •  

      Still sounds like you've exposed a known deficiency in the system. Maybe it's time to reach out to ACA?

      •  

        "Maybe it's time to reach out to ACA?"

        I think this is a good story for ACA, because who would think that a PIN is just an option when making a purchase.

        • +1 vote

          If Op needs a contact at ACA, I’ve got the details of one of their reporters handy. She reached out after the baby toddler town collapse.