10% off $50 TCN Him Gift Cards (In-Store Only) @ Shell Reddy Express & Shell Coles Express

213
10% off $50 TCN Him Gift Cards (In-Store Only) @ Shell Reddy Express & Shell Coles Express
Go to Deal
Traveller36 on 06/09/2025 - 14:40 reddyexpress.com.au (376 clicks)
Last edited 06/09/2025 - 15:29 by 2 other users

Saw this while fueling up at Shell Reddy Express in Wantirna South, VIC.

10% off HIM $50 gift cards purchased from 4/9/25 to 10/9/25 and subject to availability.

TCN Him Gift Cards are also 10% off at Woolworths for Everyday Rewards members this week.

Where is this gift card accepted?
99 Bikes, Academy Brand, adidas, Aquila, Archie Brothers, ASOS, Barbeques Galore, BCF, Bonds, Booktopia, Calibre, Calvin Klein, Champion, City Beach, Cotton On, Culture Kings, Decathlon, Dr. Martens, Drummond Golf, Dymocks, Edge Clothing, Elite Eleven, Factorie, Fine-Day, Foot Locker, Ghanda, Glue Store, H&M, Hallensteins, Holey Moley, Hype DC, INTERSPORT, Jay Jays, JB Hi-Fi, JD Sports, Just Jeans, Kingpin, Kogan, Macpac, Neverland, Nike, Platypus, PlayStation Store, rebel, Reebok, Scotch & Soda, Seed, Strike, Supercheap Auto, Surf Dive 'n Ski, The AFL Store, The Athlete's Foot, The Good Guys, Timberland, Timezone, TK Maxx, Tommy Hilfiger, Uber, Uber Eats, Unison, Universal Store, Van Heusen, Weber, Xbox, Zone Bowling.
This is part of Father's Day deals for 2025.
Other Father's Day Gift Card The Card Network

Related Stores

Shell Coles Express & Shell Reddy Express
Shell Coles Express & Shell Reddy Express

Comments

  • skwashd on 06/09/2025 - 14:52
    +13

    Buying TCN cards is risky.

    • HaydosK on 06/09/2025 - 14:54

      They patched it

      • skwashd on 06/09/2025 - 14:55
        +3

        The last thing I read, said they'd committed to fixing it but hadn't deployed the patch.

        • HaydosK on 06/09/2025 - 14:56
          +3

          Check the comments of the video. Also I knew how it was done and checked that page today and it has a captcha.

          • skwashd on 06/09/2025 - 15:01
            +11

            @HaydosK: Oh, they patched it yesterday. It took it blowing up in the media after he made a video for the company to act. They ignored the guy reporting the issue for over a month.

            This isn't the response of a competent financial services business.

            If this can make it live, it makes me wonder what other security issues their systems have.

            • HaydosK on 06/09/2025 - 15:02

              @skwashd: Yeah I'm going to be extremely careful when buying them in the future.

          • SarcasticEmu on 06/09/2025 - 22:19

            @HaydosK: Oh! Thank God! They put in a captcha the state of the art security. We're saved!!! So instead of taking 10 seconds to force the pin it takes 10 minutes.

      • cheaptech20 on 06/09/2025 - 19:55
        +5

        But if the card you buy today is already compromised, then the patch is worthless

        • HaydosK on 06/09/2025 - 22:04

          Do you even know what the problem was?

          • raperozbargain on 06/09/2025 - 22:20

            @HaydosK: He's correct. If the hacker already redeemed the card, it would be a fcking headache to ask for a refund. Is it worth risking over a 10% discount? Your call then :)

      • truetypezk on 06/09/2025 - 20:50

        Don't get too excited about the security flaw, because it doesn't matter at all in real life. Scammers don't actually use this exploit to bruteforce the PIN when they can simply remove and replace the PIN stickers, probably all under 10 seconds.
        Most of the time they will remove some cards numbers as well to increase their chance, so as long as those are intact you are pretty unlikely to get a targeted card.

        https://files.ozbargain.com.au/upload/187505/123832/1.jpg
        https://files.ozbargain.com.au/upload/187505/123833/2.jpg
        https://files.ozbargain.com.au/upload/187505/123834/3.jpg
        https://files.ozbargain.com.au/upload/187505/123835/4.jpg

        3 is the restored card btw.

        You can look for subtle horizontal lines near the PIN region by tiling the card at an angle against a light source. However, if the scratcher used a blade that closely match the width of the PIN sticker, it would be extremely difficult to spot. Also look out for dirt traces under the clear part of the PIN stickers. With their volume I would say it is going to be very hard to keep their blades clean.

        • HaydosK on 06/09/2025 - 22:05

          Ok. I don't buy tcn anyway but ultimate gift cards have better security and thats what I have been buying recently anyway.

        • SarcasticEmu on 06/09/2025 - 22:25

          I was like that will never work you'll have to get… And I'm like Ah! Duh!

    • Silmo on 06/09/2025 - 17:10
      +3

      Yes this, its IMPORTANT to highlight that although its patched, unless they change all current cards in the market, there is still risk someone had taken a photo and identified the pin through the non captcha page before they patched the system.

      Is there a way to know when the card was produced? Then we can get those that are produced after they have patched the system.

      • subnebula on 06/09/2025 - 21:02
        +1

        From my understanding the pins can only be cracked after the card is activated. The exposed API that was being called by a script would only respond that the guessed pin was correct if the card number was also valid and activated.

        So assuming it's been patched correctly, then any existing cards that are still in stores should be safe even if they've had the card numbers photographed.

        I'm not 100% convinced that it has been completely patched though, it still seems risky to buy the cards. It's not the page that needs the captcha but the API endpoint, so if they haven't put the captcha or protections in front of that then they haven't actually fixed anything.

        • HaydosK on 06/09/2025 - 22:08

          I know how it was done and on the webpage it does have the captcha. I assume if it bypassed that using API the YouTube guy would have told them to fix it. There is enough spotlight on this. Hope they fix other issues while they are at it.

      • HaydosK on 06/09/2025 - 22:06

        Did you even look at the video and the vulnerability??? It needs to be activated first for them to crack it. If you buy now you aren't vulnerable to this anymore.

        • SarcasticEmu on 06/09/2025 - 22:27

          10000 rotating proxies and captcha solver say you're wrong.

  • VantageXL on 06/09/2025 - 15:00

    I'd be curious to know if anyone has successfully purchased these as I had someone tell me that their TCN Him gift cards failed to activate at two separate Reddy Express locations when purchased on Thursday and Friday.

    • justtoreply on 06/09/2025 - 15:16
      -1

      Try paying cash

      Sounds dumb, but seriously.

      • Craze on 06/09/2025 - 15:29
        +1

        I might be wrong, but think it's an issue back end activating a purchased card. I don't think the method of payment (cash or card) will make any difference?

        • justtoreply on 06/09/2025 - 16:02

          I get what you're saying, but trust me

  • trixieb on 06/09/2025 - 15:26

    I would avoid as there could be activation issues as mentioned above.

    Please read the first comment here.

  • Big-Deal on 06/09/2025 - 15:28

    Use Shell GCs for extra 2% off

    • ozBForLife on 06/09/2025 - 15:49

      can buy GC using a GC!?

      • rpb on 06/09/2025 - 17:43

        Has worked previously. I have done several times but not for a few months

  • cheaptech20 on 06/09/2025 - 19:57
    +2

    Avoid TCN. A friend bought one today for $100, after the vulnerability was patched. She thinks it's already been stolen.

  • subnebula on 06/09/2025 - 21:06

    Seems smart to avoid TCN gift cards for the time being, until it's been confirmed that the patch they implemented actually fixes the exploit.

    • cheaptech20 on 06/09/2025 - 22:17

      Problem is they fixed the exploit, but existing cards on the shelves are ALREADY compromised. So really they need to recall all cards… or find a new way of issuing the pin etc.

      • subnebula on 06/09/2025 - 22:22

        From my understanding the pins can only be cracked AFTER the card is activated. So existing card should be safe, assuming they completely fixed the exploit.

        • SarcasticEmu on 06/09/2025 - 22:37

          Still very much crackable.

          Similar to salting your passwords when finding a vulnerability in your database but not patching the vulnerability.

          And with the news coverage more skilled crackers now know the vulnerability exists.

        • truetypezk on 06/09/2025 - 22:38

          Best practice is definitely to return a generic nondescriptive error for both unactivated cards and wrong PIN, but knowing TCN well I am not holding my breath on that:) But unfortunately they already know your PIN so it doesn't really matter.

  • brad23man23 on 06/09/2025 - 21:15

    I bought some today from Woolies - other than taking a few hours to activate they worked fine for me - saved us $40 on the cards and then an additional $30 with the JB hifi perks voucher I used

  • gviddy on 06/09/2025 - 22:26

    You will have seen the video the guy posted about how easy it is to hack. The worst bit being how they treated him when he was trying to let them know of the hack. STAY AWAY FROM THIS!!

Login or Join to leave a comment
Login Join