You’ve probably heard more than once that cheaters can write bonus points off the cards of different stores. It’s been on the news more than once, and you may have been the victim of point theft yourself.
Well, as a concrete example, I’ll take the Magnet store.
Let’s start with the fact that any card has its own unique number. And most often, the card of a particular store has its own combination of numbers, which distinguishes it from the others. For example, the number of any card store “Magnet” begins with 7000.
Sometimes, by the card number you can also define the region in which the card is valid or was issued.
Also almost all cards are added with QR or bar code (more often they simply have the card number encrypted). This is so that the seller can quickly click your card and write off or credit you with points.
After that, the most interesting begins
Usually, manufacturers do NOT make card numbers in a row by simply raising each card number by one, no. The card number is created using a specific algorithm. Here is an example for a map of some shop (I don’t remember which one).
The first 8 digits contain information about what shop it belongs to and in what region it operates. And the next 8 digits is a unique number for each card.
It started with 0000-000000. Next 8 digits were added (0000-0008). After that 8 (0016) were added again, then 10 (0026) were added, etc. When the maximum number was reached, a slightly modified algorithm was run in the opposite direction and more numbers were received.
Inscrupulous workers merge these algorithms and the principles of map creation, on the basis of which the software is created to generate map numbers of individual stores and unique Qr and bar codes to them.
After creating such a software, it is more often sold or sometimes merged on shadow forums. And then it’s simple.
The Fraudster runs a program to generate maps, gets a huge list and goes with it to the store. Then he is likely to use the self-service cash register (if it is a grocery store) to avoid getting caught. There he slips any of the generated Qr codes from his phone and uses the available points.
There is more information specifically about “Magnet”, but I’m sure there are others like that.
Shops have long sniffed out such a scheme and to at least somehow tame it made the following. They made it possible to check the card balance only in the personal cabinet (for which you need a login and password) or at the cash desk at the time of purchase.
Of course, the intruder does not have the login and password from the personal cabinet of the card. That’s why he doesn’t know in advance how many points one or another of the generated cards keeps. He can only find out about it at the cash desk when he snaps a QR code. In other words, it will not be possible to find the card with the highest balance in advance.