CVS Cashstar gift card security

Archived From: Finance
  • Page :
  • 1
  • Text Only
Voting History
The CVS cashstar gift card promotion has been mentioned several times in the past on Fatwallet. The deal being - buy $25 gift card and receive $5.

I have participated and benefited from this promotion several times. Right after the gift cards are available, I print them out and stick them in a folder. Then I grab and use one from the folder. I make it a point to print it at home - so no possibility of interception at the printer.

Last time, when I went to use my giftcard and the cashier basically said that it had no money. It was the classic CVS cashier who didn't seem to have a clue about this paper gift cards - but she insisted that my gift card which should have $150 had no money on it. Anyways, I come home and checked online at CVS and it did show zero balance. The transaction history showed that the gift card had been used at CVS store XXX on in Apr for the full amount. Checked the store XXX and it turned out to be a store in Las Vegas. Never been to Las Vegas this year - so it was definitely not me who cashed this thing out.

The CVS people were very helpful. They took down my information and said that it will take them a week to investigate. It took them slightly longer but at the end, I was mailed a full refund on my gift card.

What I don't understand is how the gift card could be cashed out. It is possible that there is some leak on the Cashstar side but it is also possible that my email account was compromised in some way. I don't believe that my email account was compromised since it also had the $30 bonus gift card - i.e. if the account was compromised, I would have probably lost both the gift cards. But even assuming that my email account was not compromised, what if it could be compromised? What if you accidentally remain logged in on public computer?

The really good and bad thing about the CVS gift card is that it can reprinted multiple times. It is a good thing - in case you want a fresh copy since the old copy got laundered or something. But it is a really bad thing since anybody who has accidental access to your account can reprint it. All it needs for authorization for reprinting is the email address which is already available as part of the account hacking.

So while I don't know the circumstances of how my CVS gift card was hacked, I do want to alert other FWers on the possibility that the CVS gift card can be reprinted if your email account is compromised - so save the CVS gift card mail (with the link) somewhere offline after printing and delete it from your email account. In my case, I was lucky that the card was used at a store which I could not have visited - so it made it somewhat easy to verify that it was fraud but if the card had been used in my town, I would have been scratching my head on what exactly did I use the card for.

In hindsight, I think Cashstar can do a better job of this - by allowing you to enter some kind of passcode so that the gift card cannot be printed a 2nd time without the passcode. But until that happens, please be careful!

Member Summary
Staff Summary
  • Also categorized in:
Thanks for visiting Join for free to remove this ad.

Until Cashstar &/or CVS have to eat severe losses from such fraud, their execs are in no hurry.
Given your letter has enough details, you could send your suggestion to them- would help lots of folks.

Disclaimer: By providing links to other sites, does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to

Thanks for visiting Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017