alt Hacker NewsYour math is wrong.
The merchant wants you to use the card, in all cases, always. Because statistically, you are likely to spend 30-40% more than the card face value, when you do.
The unused portion of the card sits on the merchant's balance sheet as a liability, for years, until they decide to recognize it as revenue ("breakage"). They prefer this over NOT selling a GC, of course, and some merchants (e.g. Starbucks, high volume, low ticket) make a ton of money on breakage. But in all cases, merchants greatly prefer their cards to be used.
You're also wrong about how the fraud works. Usually, the card is not purchased but sniffed prior to legitimate sale. The mechanisms for this vary, but a common method is to literally pull armloads of cards off of display shelves, open and repackage the carriers, then surreptitiously return to shelves for legitimate sale. This is purportedly the process for large organized crime rings based in Asia, mostly China.
And you're wrong about how easy it would be to fix. Packaging costs money, retailers have to be on board for activation, this has to be integrated into POS systems, and it all has to be very easy for consumers.
This is a hard problem at scale, and smart and motivated people on the merchant side, the program manager side, the bank side, and the law enforcement side, would love a simple solution.
...
What is not a hard problem, though, is that Apple should separate "AML investigation in process" from the user's ability to access their own data. This would turn a very large problem (for all involved) into an annoying inconvenience (for the customer).
Packaging costs money. Gift cards make money. Easy fix.
Stopping the theft you describe is very easy. Don't have actual gift cards just sitting around. Require customers to get them from the cashier at the time of purchase. Have dummy cards on display if you want them to have something to hold, or make them ask.
Of course these solutions aren't free. Adding friction to the purchase process will reduce sales. Retails have clearly concluded, I assume correctly, that it's not worth the cost. Nothing wrong with that.
Don't confuse something being difficult to fix with something not being worth the cost of fixing. We can put a solid upper limit on the impact of fraud by looking at what it would cost to stop it, and conclude that the impact of this sniffing fraud is less than the impact of having cashiers exchange dummy cards for real ones at the time of purchase.
Note that this isn't a "this is easy, they must be idiots not to do this" sort of thing. The current approach is probably the smartest one, given how things currently work. If the incentives changed to make retailers bear more of the cost of fraud (say, legally putting the burden of proof on the retailer to show the card was used legitimately, otherwise they have to refund it if the customer alleges fraud), things would change quickly.