Gift card cracking is a type of brute force attack in which attackers check millions of gift card number variations on a gift card application to identify card numbers that hold value. Once the attacker identifies card numbers with positive balances, he uses or sells the gift card before the legitimate customer has had a chance to use it.
The attacker may grab a few unloaded physical gift cards from a physical store to see if the gift card issuer relied on sequential numbering patterns. This is not a required step, but it increases the attacker’s efficiency; for example, it may be that only the middle eight digits of a 16-digit serial number need to be cracked, as opposed to all 16.
The attacker writes a script to test all possible gift card number variations based on the sample acquired in Step 1, until a sufficient number of matches are found. Attackers may incorporate tools like Burp Suite into their tactics.
Attackers will either use the cards themselves to purchase goods for resale or sell them online via a marketplace like Raise.com.