Link to: https://tidbits.com/2025/12/17/compromised-apple-gift-card-leads-to-apple-account-lockout/
You will recall the Apple Account fiasco of Paris Buttfield-Addison, whose entire iCloud account and library of iTunes and App Store media purchases were lost when his Apple Account was locked, seemingly after attempted to redeem a tampered $500 Apple Gift Card that he purchased from a major retailer. I wrote about it, as did Michael Tsai, Nick Heer, Malcom Owen at AppleInsider, and Brandon Vigliarolo at The Register. Buttfield-Addison has updated his post a few times, including a note that Executive Relations — Apple’s top-tier support SWAT team — was looking into the matter. To no avail, at least yet, alas.
Adam Engst, writing at TidBITS today:
There is one way the Apple community could exert some leverage over Apple. Since innocently redeeming a compromised Apple Gift Card can have serious negative consequences, we should all avoid buying Apple Gift Cards and spread the word as widely as possible that they could essentially be malware. Sure, most Apple Gift Cards are probably safe, but do you really want to be the person who gives a close friend or beloved grandchild a compromised card that locks their Apple Account? And if someone gives you one, would you risk redeeming it? It’s digital Russian roulette.
I suspect that one part of Buttfield-Addison’s fiasco is the fact that his seemingly problematic gift card was for $500, not a typical amount like $25, but that’s just a suspicion on my part. We don’t know — because key to the Kafka-esque nature of the whole nightmare is that his account cancellation was a black box. Not only has Apple not yet restored his deactivated Apple Account, at no point in the process have they explained why it was deactivated in the first place. We’re left to guess that it was related to the tampered gift card and that the relatively high value of the card in question was related. $500 is a higher value than average for an Apple gift card, but that amount is less than the average price for a single iPhone. Apple itself sets a limit of $2,000 on gift cards in the US, so $500 shouldn’t be considered an inherently suspicious amount.
The whole thing does make me nervous about redeeming, or giving, Apple gift cards. Scams in general seem to be getting more sophisticated. Buttfield-Addison says he bought the card directly from “a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)”. Until we get some clarity on this I feel like I’d only redeem Apple gift cards at an Apple retail store, for purchases not tied to my Apple Accounts. (I’ve still got two — one for iCloud, one for media purchases.)
In addition to the uncertainty this leaves us with regarding the redemption of Apple gift cards, I have to wonder what the hell happens to these Apple Accounts that are deactivated for suspected fraud. You would think that once escalated high enough in Apple’s customer support system, someone at Apple could just flip a switch and re-activate the account. The fact that Buttfield-Addison’s account has not yet been restored, despite the publicity and apparent escalation to Executive Relations, makes me think it can’t be restored. I don’t know how that can be, but it sure seems like that’s the case. Darth Vader’s “And no disintegrations” admonition ought to be in effect for something like this. I have the sinking feeling that the best Apple is able to do is something seemingly ridiculous, like refund Buttfield-Addison for every purchase he ever made on the account and tell him to start over with a new one.
My other question: Were any humans involved in the decision to deactivate (disintegrate?) his account, or was it determined purely by some sort of fraud detection algorithm?
Update: Very shortly after I posted the above, Buttfield-Addison posted an update that his account was successfully restored by the ninja on Apple’s Executive Relations team assigned to his case. That’s great. But that still leaves the question of how safe Apple gift cards are to redeem on one’s Apple Account. It also leaves the question of how this happened in the first place, and why it took the better part of a week to resolve.
★ Wednesday, 17 December 2025
Read the original article
Comments
This fiasco stirs up a lot of different topics for me, none of which seem like they are likely to be resolved anytime soon.
First, with so much importance placed on an Apple/iCloud account in our current era it's not good that they can be shutdown so trivially. Someone can be shut out from using Messages, Apple Wallet, Digital Identification (depending on where they live) and all their subscriptions and media purchases without any recourse, in an instant. It's not hard to imagine someone being put into a pretty bad situation as a result of this with just a little bad luck and bad timing. It's easy to point out that you shouldn't be overly reliant on these technologies but I think it's more important that there be ways to safe guard people from this scenario. Apple should do more to handle these scenarios given the importance of an account now.
Second, there are other recent events that point out the failure modes and gaps that Apple (and Google?) need to address. There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation. There's also no way to leave a "family" account even as an adult or how to assign children to multiple families. Again we can trot out the easy "Just don't use these things, use FOSS, Nextcloud, etc..." but I think Apple should do more to address these types of scenarios regardless of what people choose to use.
Absolutely. The current level of service these companies provide is functionally identical to what would have existed 25 years ago. Losing your Apple account would have been a minor annoyance - the relationship involved trivial amounts of money, and wasn’t deeply integrated into anyone’s lives. Even if you lost an email address, losing access to it wouldn’t have locked you out of hundreds of important accounts, and any important accounts would probably be easily updated to a new address with a phone call, and likewise for a few friends. If you got fully locked out forever, it really wasn’t important.
So, we now have the same “who cares, it’s just some dumb online account” level of service with much more critical accounts. Because big tech has scaled users to the 9-10 figure range, while not investing almost anything in customer service. Instead of having thousands of CSRs like the phone company, tech employs a few disempowered call center operators overseas, whose only job is to read FAQ answers at callers and ask them to try restarting their computers.
By ethbr1 2025-12-193:17 To say nothing of weaponized account locking.
I shudder to think how vulnerable the current system would be to intentional denial of identity via other parties tripping fraud systems on an account.
Say, while the target was traveling?
By x0x0 2025-12-1820:28 > There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation
Believe it or not, google is even more stunningly incompetent than that.
If you have someone in your contacts there literally is no way to (1) retain him/her, and (2) ensure they are never, ever, for any reason, suggested in any product. eg in google docs, I do not want "@" autocompletions to suggest the person. No sharing, no drive sharing, no email cc/bcc, etc.
In my case, there was a breakup with a cofounder / exit from a company and ongoing collaboration with a friend who shared the same first name. I actually had to delete the former cofounder's contact, which made me miss some calls from an unknown number.
Having someone that you need to occasionally maintain contact with that should never be prompted in any way (exes of all types, divorced, stalker) is a basic need in real-world systems.
By miki123211 2025-12-1820:544 reply To put this as plainly as I possibly can:
1. It is objectively true that Apple and Google accounts are extremely important to many people.
2. It is also objectively true that most users will only need one of each, a few at most. Fraudsters have no such limitations, and may want to create thousands of them per day if the possibility arises.
3. Therefore, it's likely that a significant percentage of all accounts ever created are fraudulent, even if the actual number of fraudsters is much lower. This is the crucial observation many people miss in this debate.
4. Real users do not want constant iMessage spam and other problems resulting from fraudulent accounts remaining open. Therefore, normal users care deeply about fraudulent accounts being closed promptly (and so do money-laundering regulators, but that's another discussion).
5. Normal users also care about their accounts remaining open. Apple has to balance these two problems.
6. If we force Apple (by regulation, PR crisis or any other method) to be softer on closures, the only way to do that without exacerbating #4 is to make opening fraudulent accounts harder.
7. The only reliable way of preventing fraudsters from opening accounts is strict and invasive identity verification.
8. Therefore, if we're asking Apple / Google to keep more accounts open, we're also asking for more surveillance.
This may actually be the right tradeoff to make, but it is important to point out that there is a tradeoff here, and that no decision in this regard goes without consequences.
None of this prevents them from providing proper customer service that can resolve cases of false positives.
It is kind of astonishing to me that the entire chain of logic was put together without "The company could invest in better customer service to resolve disputed identity" as a third possibility.
It was certainly my first priority for an e-mail provider when I started to de-Google my life.
By drewgross 2025-12-1916:44 My reading is that this was included in point #7, i.e. access to the customer service is conditional on identity verification.
By Sweepi 2025-12-1911:19 Why cant they give a task which is reasonable for a real customer, e.g. show up with ID in an apple store and lets us reserve $100 on your credit card to unlock an account which is under investigation immediately? This is not more surveillance - Apple already knows the real name of their customer.
charge 5$ for the ability to send your first iMessage. problem solved.
By moogly 2025-12-192:07 Now Apple has a financial incentive to let more fraudsters in. Great job.
By refactor_master 2025-12-190:263 reply So now every fraudster with $5 appears legitimate?
Remember blue check marks? The EU is not happy about those.
https://ec.europa.eu/commission/presscorner/detail/en/ip_25_...
By Sweepi 2025-12-1911:26 "On X, anyone can pay to obtain the ‘verified' status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with."
As stated in you source the EU is (among other things) not happy about Twitter calling users 'verified' while the meaning of 'verified' switched from "we did sth. to make sure the account owner is indeed the thing/person they say they are" to "the account owner is paying a monthly fee".
By bcye 2025-12-190:46 They would appear no less legitimate then now?
By GaryBluto 2025-12-193:47 When has the EU been happy about anything, ever?
Or we could, you know, restructure our economy so that we don't have huge semi-monopolies anymore. I know, not going to happen, but one can dream.
By NetMageSCW 2025-12-2020:30 And then we would have health insurance and health care level problems with lots of things.
I’m realizing maybe I should just use Amazon or iCloud AND Google Photos for backing up my images. My whole life is in Google Photos. I could lose it from something stupid and never even have a person to contact about that.
By MobiusHorizons 2025-12-1815:57 At least do a google takeout backup. I believe there are ways to import that into software like immich (a self hosted alternative)
By hamdingers 2025-12-1816:44 Set up a NAS and use a self-hosted equivalent like Immich. Then you aren't dependent on anyone.
By bsder 2025-12-191:06 Immich. https://immich.app/
They have their issues, but they are actively working on it.
By justinclift 2025-12-1911:05 It's good you're realising it now, before you lose the lot as has happened to others.
Shutterfly will upload all your photos and store them for free if you buy a few magnets on sale now and then. Works from iPhone well enough and it's my "third backup."
By BobAliceInATree 2025-12-1816:00 Shutterfly will also continually spam you despite clicking the unsubscribe button multiple times.
By Denote6737 2025-12-197:35 Apple have a solution. Have separate accounts and buy everything twice.
iCloud is overrated, it was not encrypted at rest for ages. I much prefer using Time Machine and keeping the passcodes in a PW manager, and maybe a safe deposit box as a backup.
By mvanbaak 2025-12-1910:25 iCloud is a whole lot of things. What you describe is a backup storage solution. Time Machine does not handle: - photo sync between devices and users - shared storage between devices and users (no, not backup, but actual directories and files etc) - private relay - state sync for games and other apps - etc etc
> Update 18 December 2025: We’re back! A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working.
It’s great that it has been resolved, but I’m still baffled by a number of things:
1) Why would redeeming a bad gift card result in a complete shut-down of the account? 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press? 3) Should companies be restricted from growing too large where they can’t support their customers?
In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access. Rather than move to outright banning the account, there are intermediate steps that can be taken. Personal example, my Facebook account was recently banned because a hacker accessed my account uploaded a bad ID when FB requested an ID verification. Despite the request coming from a country I have never visited and would likely be on any high-risk list, my 20 year old account was banned literally overnight without having any recourse. There’s no number or even any email to use. Maybe I can see if the Register will write it up… (I do have all the info from my Facebook account download to show how it was compromised, and any internal support should have been able to see the same… if they cared.)
Banks can’t legally just take your money and lock you out permanently. There are some actual regulations. Plus they have a proper handle on your actual human identity, which means you ought to always have a route to going somewhere in person and proving you’re the rightful owner of your money.
“Online” accounts have zero regulatory requirements, plus many of them aren’t necessarily directly paid-for, so they frame themselves as doing you a favor by letting you have it in the first place. And they usually don’t have a route to prove identity because they don’t record a legal identity (passport/SSN/etc) to begin with (not that that was an issue here, of course - in this case Apple didn’t dispute that they were the owner, just asserted that they were some kind of criminal.)
By estimator7292 2025-12-1815:028 reply Banks frequently completely freeze accounts for no discernable reason and with zero communication, support, or recourse.
You're just lucky that it hasn't happened to you. That does not mean it doesn't happen to anyone.
What I want to know is why does it always have to go straight from 0 to 100? There's seemingly no concept of proportion. For most online services, your account can be in one of two states: Totally good and "banned for life". There's no warning, no investigative period, no concept of scale (was the fraud $10 or $10,000?), no way to serve your time and come back if you actually were bad. It's just instant, silent BAN HAMMER.
By stackskipton 2025-12-1815:571 reply As someone who worked in fraud, sometimes the $10 transaction is primer for 10k transaction that will really cost the company. When you don't know what's going on, you don't give a shit about end user and primary objective is prevent the company from losing money, shut it down and sort it out is easiest way.
Furthermore, without physical presence where you could sit down with someone, this becomes more difficult to deal with. Truth is, Apple should have option where someone could go to Apple Store, verify ID and talk to someone with power but they don't want to spend that money so here we are.
By NetMageSCW 2025-12-210:33 If you don’t care about the end user, you should be fired, your manager should be fired, and your company should be shut down.
By coldtea 2025-12-1914:26 >What I want to know is why does it always have to go straight from 0 to 100? There's seemingly no concept of proportion.
Because anything else would require them to spend resources to examine your case and claims more deeply (to find the appropriate level of response), and they don't want to spend them, plus they don't care.
At the scale these companies operate and the number of actual scammers they block because of their 0 - 100 policies, I can see how they got there. I bet all of us have had the luck (?) of out card being blocked because someone out there was able to get a hold of the credentials. Collateral damage like this, as devastating as it is to the individual, is probably a drop in the bucket for the company.
I'm not excusing this. What happened here shouldn't happen, and there should be quick resolutions and explanations available to the aggrieved parties.
It's not just corporate policy, it's regulatory requirements in the US.
You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.
Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.
This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!
By browningstreet 2025-12-1817:011 reply AML and fraud are different, and the regulatory requirements you're talking about are only one requirement for banks to follow.. they have additional, internal policies of their own that may affect account and money access. If Apple isn't following a Suspicious Activity Report (SAR), then the actions are their own, and the policies are their own.
By quesera 2025-12-1817:13 This is true, but potential money laundering is a UAR, and the issuing bank decides whether to turn that into a SAR (merchants do not file SARs, although at Apple's scale, the conversation between merchant and bank is continuous and both sides will have fraud and AML experts at every step).
The decision to create the SAR will depend on the outputs of the multi-party investigation, which is the thing that takes time and causes visible issues for consumers.
By sceptic123 2025-12-1816:10 When money is concerned, any kind of suspected money laundering / fraud investigation generally requires you to pause that account until the check is complete. What happens afterwards will be down to the results of the investigation.
It's also unlikely there are just those two states. For many services there will be a number of factors involved, but it's purposely opaque to make it harder to circumvent.
By Steve16384 2025-12-1816:521 reply The same with Youtube. Broken an unknown rule on one of your vids? Your whole account and all the videos are deleted instantly.
By bookofjoe 2025-12-1819:17 My experience with YouTube was different. Two or three times, up to around five years ago, I got an email from them stating I'd done something wrong — used protected music/content etc. — and that this notification wasn't a strike but I should contact them and explain why they were wrong to put a hold on the video and they'd withdraw the notice. I did so and they then responded that the email was erroneous, all good.
By tgsovlerkhgsel 2025-12-1820:02 Because it's easier for the companies and there is no (serious enough) downside to doing it this way.
By chrismorgan 2025-12-1816:16 Depending on the jurisdiction, there may be a financial ombudsman you can appeal to. From what I have heard, Australia’s is effective.
Well for banks your account is usually tied to a local brick-and-mortar agency, where it's definitely someone's problem if a customer comes in and refuses to leave. It's one of the reasons I'll never go with fully online banks.
By coldtea 2025-12-1914:27 >It's one of the reasons I'll never go with fully online banks.
Offline banks are increasingly phased out in many places (closing branches, limiting options, strick appointment only visits, reducing stuff, etc).
By charcircuit 2025-12-1817:46 The police can remove you from the building if you refuse to leave.
By Lx1oG-AWb6h_ZG0 2025-12-1816:18 patio11 wrote a great article and podcast about debanking and anti-money laundering processes last year, it was eye opening how kafkaesque these things are: https://www.bitsaboutmoney.com/archive/debanking-and-debunki...
By SoftTalker 2025-12-1816:191 reply A bank might freeze an account for suspicious activity but you can walk in to a any local branch and talk to someone about it.
By huslage 2025-12-1815:23 Yes. But that doesn't make it right.
By asadotzler 2025-12-1819:093 reply Banks are well regulated and will face meaningful consequences for getting this wrong with any regularity.
By bonsai_spool 2025-12-1819:141 reply > Banks [...] will face meaningful consequences for getting this wrong with any regularity
That's false, unfortunately. There's amazing levels of discretion that banks enjoy and minimal accountability to end users. The CFPB (in the USA, anyway) was a countermeasure but has been recently weakened.
By swat535 2025-12-1820:18 The point is that you have more recourse when dealing with banks than you do with big tech thanks to legislation.
By miki123211 2025-12-1821:01 More important than "well-regulated" is that a bank account is very clearly tied to a single geographic jurisdiction where the bank's headquarters, as well as all its branches and employees, are located.
Apple would be much harder to regulate, as it wouldn't even be clear what jurisdictions should be involve in the process, and what a "change of jurisdiction" would entail. It would also create the opportunity for fraudsters to choose the jurisdiction which gives them the most consumer protections but has the loosest identity verification requirements.
By coldtea 2025-12-1914:28 Not even close to the reality
By benced 2025-12-1818:07 In the US, that doesn't mean they steal your money though.
By crazygringo 2025-12-1816:193 reply > 1) Why would redeeming a bad gift card result in a complete shut-down of the account?
Because they assume you stole the gift card and are therefore a criminal. As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.
> 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press?
I'm as infuriated as you are.
> 3) Should companies be restricted from growing too large where they can’t support their customers?
Size has nothing to do with it. Plenty of small companies ignore their customers too. So I don't think this is the right solution.
> In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access.
There are plenty of horror stories with banks too. I'm not sure they're that much better at all.
"No Way To Fix This" Claims Only Digital Ecosystem Where Catastrophic Lockout Regularly Happens
By crazygringo 2025-12-1818:191 reply I know the headline you're referencing, but "only digital ecosystem"? I'm pretty sure accounts getting blocked is an issue with all of them. So I don't know what point you're trying to make. It's certainly not like Google is known to be any better.
Google's digital ecosystem doesn't doctrinally prevent owners from installing software or reflashing bricked hardware. Their OEM might, but iOS is the only smartphone ecosystem I've seen that enforces it universally.
But hey, at least Apple's universal lockout capability is able to deter theft! Every non-negotiable backdoor has a silver lining.
By crazygringo 2025-12-1820:24 I feel like you're conflating three things -- software installation, account closure and disabled hardware.
Software installation has nothing to do with account closure, so I don't know why you're bringing it up.
Account closure doesn't disable your devices. You can set them up with a new account.
And if devices are disabled due to theft and can't be reflashed for sale on the black market, that is a good thing. I haven't heard any reports of people's legitimately purchased devices being disabled due to theft.
Clearly you have things you don't like about Apple, but I don't see what they have to do with the subject at hand, which is account closure.
By fmajid 2025-12-1822:05 Google and PayPal are notorious for locking customers out with no recourse.
By InterlooperX 2025-12-197:141 reply Still, with Point 1) I wonder what exactly was happening. To think straight away "suspected fraud/criminal activity" for merely entering a voucher code a second time?
As a sane person I would expect a mere popup saying "Voucher code was already redeemed. try another one" Nothing more.
The ONLY other thing I can currently think of why Apple straight away went to "criminal" would be that the brick and mortar store failed to activate the card when they sold it.
You know, someone shoplifts such a card thinking they got it made. Even though you'd think everybody should know that the code you scratch of that card is only active after the clerk at the register did his thing.
If Apple then receives this voucher code that they must have in their databases but it has a big "not activated flag" next to it, THEN I could start to believe why they would lock down the account that tried to redeem, it.
And even then it seems iffy. Because how should I as the consumer know if the clerk did everything right with the activation?
By crazygringo 2025-12-1914:50 I'm not defending Apple here. But I think the logic is, if you rightfully bought the card then nobody but you should be able to activate it. So the first person activating it is legit, and a second person attempting to activate it is necessarily trying to engage in fraud, having stolen it from a trash can or something.
But this breaks down for the reasons described, that thieves get the code before you do and manage to spend it first once the cashier activates it but before you get home and actually use it.
So maybe that's new and Apple hasn't updated their scam detection logic? It's the only thing I can think of.
By coldtea 2025-12-1914:30 >.As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.
Why the fuck couldn't it just be that you forgot and tried to redeem twice?
Just reject the card and be done with it, no action required.
By WorldMaker 2025-12-1819:11 On the subject of (1) I wonder if a complication in this specific case might be a variant of the clbuttic Scunthorpe problem that the last name on the account that redeemed a bad gift card included the word "Butt" and an algorithm or underpaid reviewer (or both) flagged it also as a suspiciously named account.
(2) and (3) remain great questions without enough good answers.
By Artoooooor 2025-12-190:53 4. Why locking account bricks any device? It should work without registering anywhere.
I suspect the underlying problem is that the gap between legitimate use of gift cards and fraudulent use of gift cards is just not very large...
Years ago I briefly played around with "manufactured spend" (on credit cards, to earn frequent flyer miles).
There was one specific loophole, with one specific gift card provider, and it was a doozy. You could earn credit card points on spend, plus supermarket loyalty points on spend, by buying gift cards from one specific provider which could be cashed out at face value (ie no fee at all) immediately to a specific type of savings account.
So, of course, world+dog was buying these things like it was the end of the world.
As I sat in a hotel room one evening rubbing the security codes off the latest batch of cards before redeeming them one-by-one into my savings account, it dawned on me that what I was doing was basically indistinguishable from money laundering. Of course it was NOT money laundering, but it would take some time to explain exactly why not...
The loophole was closed relatively quickly, and the gift card provider gave up.
I did this ages ago to build up airline points and take a nice trip to the EU.
Back then, the trick was to get a generic Vanilla Visa or other prepaid credit card. A recent legal ruling meant they had to be run as a debit card for... reasons... I forget them.
But a lot of grocery stores would sell you a money order up to 500 bucks for under a dollar with a debit card (not a credit card).
So you'd call up the issuer and have them issue it a PIN. Then you'd run it as a debit card and buy a 500 dollar money order.
Subtract ~$5 for the GC and ~$1 for the MO and you could manufacter about 500 bucks in spend. And the best part? You could take that money order to your bank, deposit it, get the funds immediately, pay off your balance, then rebuy.
In one afternoon I earned enough points for a first class flight to a fancy European city, and eternal side eye from the grocery store clerks who were convinced I was up to something put couldn't put their finger on what.
>Back then, the trick was to get a generic Vanilla Visa or other prepaid credit card. A recent legal ruling meant they had to be run as a debit card for... reasons... I forget them.
Interchange fees, probably. Otherwise the credit card companies is taking a 2-3% cut.
>So you'd call up the issuer and have them issue it a PIN. Then you'd run it as a debit card and buy a 500 dollar money order.
I don't know how this ever could have worked considering that "cash-like transactions" are counted as cash advances, same as if you were to use your credit card at an ATM.
By ethbr1 2025-12-193:03 > considering that "cash-like transactions" are counted as cash advances, same as if you were to use your credit card at an ATM
Afaik, gift cards are more like fixed balance debit cards that happen to be runnable over a specific payment network (e.g. VISA, MC, AMEX) as credit cards
But at least a fair number of them will allow you to set a PIN, which then allows their use as normal debit cards
By firefax 2025-12-1820:58 You're not running it as a credit card, and it's not a credit card -- you can't do a cash advance on a gift card. But they sold ones that were accepted anywhere visa or MC is accepted rather than specific stores.
By tgsovlerkhgsel 2025-12-1819:581 reply > but it would take some time to explain exactly why not...
Not really:
"I'm churning credit cards for the rewards points. Here is the receipts where I use $10k from account A to purchase $10k worth of gift cards. Here is the statements where I deposit $10k of gift cards into account B. Here is the statement for the $10k wire from B to A. And here are the receipts for the next round of gift cards I purchased. Any further questions? I have $10k of gift cards to redeem."
By coldtea 2025-12-1914:20 The time will be taken with your accounts frozen, the bank non responsive, and probably before of a judge to help you restore them.
By miki123211 2025-12-1820:41 > the gap between legitimate use of gift cards and fraudulent use of gift cards is just not very large.
And many legitimate uses of gift cards may actually have been fraudulent somewhere up the chain.
Imagine a scammer which sells their cards to real users (perhaps through one or more less-than-scrupulous intermediaries willing to buy them in crypto without asking too many questions). If the victim comes to their senses and somehow gets those cards reported and blocked as fraudulent, unsuspecting users will get into trouble.
> it dawned on me that what I was doing was basically indistinguishable from money laundering. Of course it was NOT money laundering
But it is money laundering, that's what manufacturing spend is. It's not money laundering to hide evidence of a crime, but it is money laundering for the purpose of hiding the fact that you didn't engage in commerce in the process of spending money on a credit card to earn a reward. It's indistinguishable, only because we criminalize behavior not only on its base but due to its intent.
By bloppe 2025-12-196:09 They call it laundering because it takes "dirty" money and makes it "clean". That's not what happened here. The money was perfectly clean to begin with.
Which law do you think was being broken? I think the person is pretty clearly not defrauding the bank. Maybe the credit card company doesn't like it, but they almost certainly don't have that in writing because if they'd considered this possibility, they wouldn't have allowed it to be possible in the first place.
By coldtea 2025-12-1914:23 That's not what money laundering means. Where was the illegal activity that led to the money's existance? He just used a rewards loophole, didn't clean anything of actual "dirty" origin.
Not engaging in commerce to earn rewards isn't illegal, it's just an oversight on their part.
We criminalize behavior based on whatever we feel like, based on our cultural expectations of what is allowed. That's what "we criminalize behavior not only on its base but due to its intent" and "considering the context" is all about. That's why we have juries. We reserve the right to break the rules if public opinion allows, based on our feelings. It turns out that justice in practice is not so blind.
For example, we feel like it is fair for credit card companies to monopolize payment systems, charge fees to businesses, and use a portion of the money from this scheme to set up this bullshit reward point system.
But to undermine this system is criminal, because the system is established, but undermining it is novel and therefore disallowed. Any new way to play the game is breaking the rules, because the purpose of the system is what it does.
By tristor 2025-12-1820:58 I wasn't trying to write a fully formed political dissertation, so I'm not really sure what you were expecting in response to this comment? My point was that the GP was describing their behavior as "indistinguishable from money laundering", because it technically is a form of money laundering (the act) even if it's not money laundering (the crime). Intent is what turns the act into a crime, specifically in the case of money laundering.
It's not illegal to buy a few beers every evening from a bar you own out of your own pocket, and then book that revenue, pay taxes on it, and then ultimately collect a distribution of the profits as the owner of the business. It is illegal to do the same thing if the money you took out of your pocket came from selling drugs.
