Last edit by: silver springer
For checking balances (thanks to Brendan);
For those who don't know already, the US/ Canadian toll-free phone # for Hyatt Customer Service to check the value of Hyatt GCs is 1-866-784-0540. If calling from elsewhere, first dial the ++ code of the country from which you're calling, subject to the normal rate for ringing the USA.
Hyatt Customer Service suggested to check the value of your gift card (e-gift card or plastic) once a month
For those who don't know already, the US/ Canadian toll-free phone # for Hyatt Customer Service to check the value of Hyatt GCs is 1-866-784-0540. If calling from elsewhere, first dial the ++ code of the country from which you're calling, subject to the normal rate for ringing the USA.
Hyatt Customer Service suggested to check the value of your gift card (e-gift card or plastic) once a month
issues with Hyatt gift card
#211
Join Date: Nov 2007
Location: SFO
Programs: AA lifetime platinum; Hyatt diamond;
Posts: 51
Hyatt quickly reimbursed my stolen gift cards
I purchased 20 gift cards with $100 each during the 10% off promotion last Christmas. Never used them until this past Sunday. I tried to pay for hotel bill and found all but 1 are 0 balance! My maximum loss in the worst scenario can be 1900*0.9=1710! I can imagine how sad my wife will be if she knew it.
I immediately contacted Hyatt customer care and found 3 of them are used in Miami, Chicago and somewhere in Kentucky. I didn't bother to check the rest because then I am 100% sure they are stolen - This year I have only been in San Francisco, LA and Seattle. I took photos of gift card and sent to them. Today morning, I received email saying they've shipped out my new gift certificate. Thumbs up for quick response and resolution. I requested to issue paper gift certificate instead of plastic gift cards, because paper cert can only be used in person.
As I've mentioned in the email, their plastic gift card is the least secure gift card because:
1) Their card numbers are consecutive(the last digit is check digit. Ignoring this check digit, the first 18 digits are in sequence). The 20 cards I purchased are all consecutive. If I am a bad guy, I can easily hack the card numbers from these 20 cards.
2) The card does not have PIN. Using these cards does not require entering PIN
3) They also issue e-gift card. Once card number is hacked, one can easily put the number into an e-gift card template, and use or sell as a regular e-gift card.
I won't touch Hyatt plastic gift card anymore until they can increase the security. I think paper certificate should be fine.
I immediately contacted Hyatt customer care and found 3 of them are used in Miami, Chicago and somewhere in Kentucky. I didn't bother to check the rest because then I am 100% sure they are stolen - This year I have only been in San Francisco, LA and Seattle. I took photos of gift card and sent to them. Today morning, I received email saying they've shipped out my new gift certificate. Thumbs up for quick response and resolution. I requested to issue paper gift certificate instead of plastic gift cards, because paper cert can only be used in person.
As I've mentioned in the email, their plastic gift card is the least secure gift card because:
1) Their card numbers are consecutive(the last digit is check digit. Ignoring this check digit, the first 18 digits are in sequence). The 20 cards I purchased are all consecutive. If I am a bad guy, I can easily hack the card numbers from these 20 cards.
2) The card does not have PIN. Using these cards does not require entering PIN
3) They also issue e-gift card. Once card number is hacked, one can easily put the number into an e-gift card template, and use or sell as a regular e-gift card.
I won't touch Hyatt plastic gift card anymore until they can increase the security. I think paper certificate should be fine.
#212
Join Date: Mar 2000
Location: Santa Barbara, CA, USA
Programs: Hyatt Diamond, Hilton Gold, Starwood Gold
Posts: 97
e gift card
I had my e gift card balance of 1 K totally wiped out. It had been used by some thief even while I was at another Hyatt. It was replaced but then when I went to use the replacement card it also was down to zero just as I was checking out of Hyatt Waikiki last month.
We had just started our 3 week trip but a quick call and a new e card was sent. I quickly used it in Kauai before it too might be compromised.
So paper is no safer than plastic, but Hyatt quickly replaces your balance. I guess it's still worth the 10% savings, just disconcerting.
We had just started our 3 week trip but a quick call and a new e card was sent. I quickly used it in Kauai before it too might be compromised.
So paper is no safer than plastic, but Hyatt quickly replaces your balance. I guess it's still worth the 10% savings, just disconcerting.
#213
My e-gift card was drained, so I agree that plastic is no worse than electronic. I learned about it on a Sunday afternoon and had a replacement e-gift card the following Wednesday afternoon. This was fine, except for the interim worry, but I would have more upset if I had been leaving a hotel before the replacement arrived.
#214
Join Date: Sep 2006
Location: xLAS
Posts: 1,362
see this thread for more details: http://www.flyertalk.com/forum/showt...readid=1720517
How so -- don't you need the paper in your possession to use it? I haven't heard any accounts of fraud with the paper certs, but I've heard plenty with the e-certs and plastic cards (so far "only" 1 of 8 of my plastic gift cards was hacked).
How so -- don't you need the paper in your possession to use it? I haven't heard any accounts of fraud with the paper certs, but I've heard plenty with the e-certs and plastic cards (so far "only" 1 of 8 of my plastic gift cards was hacked).
#215
Join Date: Mar 2000
Location: Santa Barbara, CA, USA
Programs: Hyatt Diamond, Hilton Gold, Starwood Gold
Posts: 97
Not one of my 20 plastic gift cards were ever hacked while 3 of my e-certs were drained. All they need is the number on the cert, neither the paper or plastic has to be present. On my first call about a zero balance a year ago, the customer service was not very help full. I had to call back a few days later to say I was positive I had not used the the two e-certs in question. Eventually a very nice agent , Samantha, checked the dates of use and saw I was not at those hotels.
My replacement e-cert for 1K was then hacked before I could use it. That next replacement was the now standard 48 hours. I hope they figure out how to stop these thefts.
My replacement e-cert for 1K was then hacked before I could use it. That next replacement was the now standard 48 hours. I hope they figure out how to stop these thefts.
#216
Join Date: May 2003
Location: Texas
Programs: Hyatt Glob (Barely); Marriott Plat Life; AA Up and Down Now Plat; Hilton, UA, BA, HA Peasant
Posts: 2,661
With all the hacked cards, and the apparent inability to contain the problem, would think a rational person would stop selling them tomorrow. Is a third party actually selling them and on the hook so Hyatt does not care or what?
#218
Join Date: Feb 2005
Location: Marin County, California
Programs: Amex Centurion
Posts: 412
One possible theory is the Hyatt gift card program is run by some mid-level person who is just following instructions to replace compromised cards and hasn't compiled statistics of total gift card losses to upper management. I'd be amazed if Upper Management had any idea of what their losses are with this they wouldn't jump on it immediately.
#219
Join Date: Jul 2009
Location: World
Posts: 1,646
It seems like all varieties of Hyatt gift cards are effectively compromised. Is anyone aware of Hyatt taking steps to address this?
It's totally unbelievable that there are still obviously stolen Hyatt GC listings turning up on eBay from sellers with zero feedback almost a full year after this issue originally started being discussed in public forums.
It's totally unbelievable that there are still obviously stolen Hyatt GC listings turning up on eBay from sellers with zero feedback almost a full year after this issue originally started being discussed in public forums.
#220
Join Date: Feb 2011
Location: Southern California
Programs: Alaska MVP 75K, Delta Plat, Bonvoy Ambasador, Hilton diamond.
Posts: 526
my re-issued (previous card was drained) e-gift card was drained fairly quickly.
...it appears to be idiotically easy to steal one. There is no 2-factor authentication mechanism employed (AKA PIN). The card #'s are likely sequential or semi sequential. Someone is plugging in the #'s into a tool which checks balances. I doubt its even an automated process considering how rampant the problem is. When the thief finds a gift card with a balance they resell it.
My understanding is that Hyatt has stopped issuing e-gift cards at this time. The "new" plastic cards they are sending out are no longer "compromised" from a sequential # perspective...or so a customer service rep claimed. This is probably why some are reporting their plastic cards appear to be fine.
...it appears to be idiotically easy to steal one. There is no 2-factor authentication mechanism employed (AKA PIN). The card #'s are likely sequential or semi sequential. Someone is plugging in the #'s into a tool which checks balances. I doubt its even an automated process considering how rampant the problem is. When the thief finds a gift card with a balance they resell it.
My understanding is that Hyatt has stopped issuing e-gift cards at this time. The "new" plastic cards they are sending out are no longer "compromised" from a sequential # perspective...or so a customer service rep claimed. This is probably why some are reporting their plastic cards appear to be fine.
#221
Join Date: Jul 2009
Location: World
Posts: 1,646
my re-issued (previous card was drained) e-gift card was drained fairly quickly.
...it appears to be idiotically easy to steal one. There is no 2-factor authentication mechanism employed (AKA PIN). The card #'s are likely sequential or semi sequential. Someone is plugging in the #'s into a tool which checks balances. I doubt its even an automated process considering how rampant the problem is. When the thief finds a gift card with a balance they resell it.
My understanding is that Hyatt has stopped issuing e-gift cards at this time. The "new" plastic cards they are sending out are no longer "compromised" from a sequential # perspective...or so a customer service rep claimed. This is probably why some are reporting their plastic cards appear to be fine.
...it appears to be idiotically easy to steal one. There is no 2-factor authentication mechanism employed (AKA PIN). The card #'s are likely sequential or semi sequential. Someone is plugging in the #'s into a tool which checks balances. I doubt its even an automated process considering how rampant the problem is. When the thief finds a gift card with a balance they resell it.
My understanding is that Hyatt has stopped issuing e-gift cards at this time. The "new" plastic cards they are sending out are no longer "compromised" from a sequential # perspective...or so a customer service rep claimed. This is probably why some are reporting their plastic cards appear to be fine.
#222
Join Date: Jul 2006
Location: Upper Sternistan
Posts: 9,981
I just used three cards this morning - no problems. I had called to verify each about a week ago.
When you call now, it's one verification per call, and they mix it up a bit with the menu options to check the balance. So they're working on the problem, at least a little.
When you call now, it's one verification per call, and they mix it up a bit with the menu options to check the balance. So they're working on the problem, at least a little.
#223
Join Date: Oct 2013
Programs: Hyatt Globalist No More..., Hyatt Explorist, Hilton Diamond, SPG Platinum, Marriott Platinum
Posts: 4,375
I just used three cards this morning - no problems. I had called to verify each about a week ago.
When you call now, it's one verification per call, and they mix it up a bit with the menu options to check the balance. So they're working on the problem, at least a little.
When you call now, it's one verification per call, and they mix it up a bit with the menu options to check the balance. So they're working on the problem, at least a little.
#224
Join Date: Feb 2011
Location: Southern California
Programs: Alaska MVP 75K, Delta Plat, Bonvoy Ambasador, Hilton diamond.
Posts: 526
not on mine
Hyatt e-gift cards *do* have pins. Physical Hyatt GCs do not and have historically been sequential. US Bank Visa Gift Cards (sold by Kroger and affiliates) suffered from a similar security flaw and also experienced an elevated level of fraud until US Bank changed their numbering scheme. The number of possible combinations for gift cards is much lower than you might think since the first 50%+ of their numbers are frequently shared by entire production runs.
#225
Original Member
Join Date: May 1998
Location: NYC
Programs: AA 2MM, Bonvoy LTT, Hilton Diamond
Posts: 14,620
Hyatt e-gift cards *do* have pins. Physical Hyatt GCs do not and have historically been sequential. US Bank Visa Gift Cards (sold by Kroger and affiliates) suffered from a similar security flaw and also experienced an elevated level of fraud until US Bank changed their numbering scheme. The number of possible combinations for gift cards is much lower than you might think since the first 50%+ of their numbers are frequently shared by entire production runs.
Having a PIN which is completely unrelated to the compromised algorithm would have helped as even if the main gift# was known to be valid, there would have only been 1 out of 1,000 or more combinations of PIN (depending on how many digit PIN is being used) to keep the gift card from being used. Since Hyatt took down the online balance check and allow you to check one gift card number per phone call, checking the 1,000+ combination via telephone would be tedious. Unfortunately, it does not appear Hyatt gift card have a "PIN" mechanism unrelated to the gift card# algorithm in place.