**Title:** Security Flaw Discovered in Gift Card System by Video Creator
**Meta Description:** A video creator uncovered a significant security vulnerability in a major fintech company’s gift card system, raising concerns about online safety.
**URL Slug:** security-flaw-gift-card-system
**Headline:** Video Creator Exposes Major Security Vulnerability in Gift Card System
In mid-July, Simon Dean, a video creator and business owner, purchased two $500 gift cards from a local supermarket, hoping to benefit from a promotional offer. However, he stumbled upon a serious security vulnerability affecting a prominent fintech company when he encountered issues accessing one of the cards.
The trouble began the day after his purchase when Dean faced difficulties using the card online. A support representative delivered alarming news: one of the $500 cards had already been accessed and its funds depleted. Despite the PIN code being completely covered, Dean was perplexed by how this could happen, having thoroughly inspected the cards for any signs of tampering.
The Card Network, which offers multibrand gift cards available at major retailers, was acquired by InComm Payments in 2022. These cards, designed for both online and in-store use, feature a concealed PIN that is activated upon purchase. Dean, who holds a degree in computer science, suspected foul play regarding his missing funds. Within minutes, he wrote a simple code that successfully guessed the hidden four-digit PIN from a new card.
Describing his discovery as a “eureka moment,” Dean initially felt excitement but quickly recognized the gravity of the issue he had uncovered. Cybersecurity expert Jamieson O’Reilly noted that the vulnerability likely stemmed from inadequate security measures on The Card Network’s website, particularly the absence of CAPTCHAs and rate-limiting features. CAPTCHAs help verify that users are human, while rate limiting restricts the frequency of actions on a website.
O’Reilly emphasized that even individuals with basic coding skills could exploit this vulnerability, stating that attackers could easily capture card numbers in retail environments, monitor for activation, and brute-force the PIN once funds were available. He pointed out that this type of exploit does not require advanced techniques or specialized malware, but rather takes advantage of poor web application security practices.
After reporting the security flaw to The Card Network through multiple channels on August 25, Dean received only a generic response a week later, indicating that the issue would be escalated. Frustrated by the lack of action, he decided to create a YouTube video to raise awareness about the vulnerability.
**FAQ Section:**
**Q: What security vulnerability did Simon Dean discover?**
A: Simon Dean uncovered a flaw in The Card Network’s gift card system that allowed unauthorized access to funds due to inadequate security measures on their website.
