Are Apple gift cards safe to redeem?

81 comments

·December 18, 2025

oidar

I'm glad that got resolved for Paris, but what the hell is a normal person supposed to do. Not every one has that kind of public reach to get a satisfactory resolution. First he had understand what happened technically, then he needed a public platform to tell people about it, then that writing needed to get reposted by others, than PR needed to get involved. Not something that's going to happen for a normal user.

Apple, Google, and the big players are not a trustworthy place to entrust precious data. Increasingly, Apple and Google aren't very much different as they are both in the advertisement business: the great misaligner of incentives.

sigseg1v

Agreed. A situation similar to this happened to me with Steam over a payment issue with their service. They banned me even though I had thousands of dollars of games and an account since Sept 2003. I had to go to my bank and escalate multiple times to get letters providing the info steam wanted about my account and credit card to prove it was legitimate. Eventually after contacting them enough times they said they would do a "one time good faith" gesture by unbanning me but warned if it ever happens again they cannot help and that my account will be flagged with this. In the end I didn't do anything wrong and the bank didn't do anything wrong, it was all on steam. It was over $10 by the way.

ndriscoll

They've made it clear that you don't own your library, so the only reasonable answer is to never pay for something with DRM you cannot remove (including things that require an online account for functionality you consider important), and treat services like steam as a temporary convenience to download known good files that you then fix to remove any DRM.

dylan604

I'm not an avid gamer, so maybe this is a naive question, but how do you know these things before you buy the game?

vablings

Sadly, the real issue here is with the banks and the payment processors. It's very likely that they have metrics for larger marketplaces about being below a threshold for fraud. Online game stores like steam live, breathe and die by payment processing.

This was the reason why free trade was removed from RuneScape back in the day and it wasn't even a Jagex issue. People would go to 3rd party gold selling websites and then pay for gold with stolen credit cards. They could easily keep the money because the trade cannot be reversed without a moderator and what they were doing was against the rules so everyone would just get banned. The payment processors saw a bunch of fraud related to a game called RuneScape and told Jagex if they dont fix this then they will be blacklisted.

null

[deleted]

csomar

> but what the hell is a normal person supposed to do.

Not store their data in their iPhones. Period. I only store temporary data and photos I wouldn't care about.

ChrisMarshallNY

> as they are both in the advertisement business

Apple isn't. Just sayin'. They are trying to do it, but they aren't really anywhere near the scale of Google and Facebook. They make money (lots of money) by selling high-margin hardware, and, to some extent, digital media, on that hardware.

Currently, Apple is genuinely serious about preserving user privacy. I realize that can change, in the future, but it's the way it is, now. I get the feeling that a lot of folks on HN are having difficulty understanding businesses that make a profit by doing stuff other than harvesting and selling PiD, but that's not what has made Apple a 4 trillion-dollar company. They make that money the old-fashioned way; but with a modern twist.

That said, this situation is unforgivable, and I hope that Apple leads by example, by preventing this all-too-common type of dumpster fire from happening in the future.

Apreche

The real problem is that companies do not offer any accessible, powerful, and intelligent customer support. Even if they have real humans to talk to, they simply follow a script. Those agents do not have the ability to investigate a situation or the power to use their discretion to take meaningful action.

We should impose, by law, the following rules on all companies that offer accounts to their customers.

1. If they block/ban/close/suspend a customer account they must provide habeas corpus. Explain to the customer the policies that were violated that resulted in their account being terminated. Additionally they should be required to show the customer the evidence that led the company to make the decision.

2. They company must provide an accessible live human appeals process. The human they appeal to must have the discretionary power to investigate and make a common sense decision even if it contradicts policy. This process currently only exists for people who are capable of making a lot of noise in public. How many people lose their accounts and suffer harm because they are incapable of getting attention in public? It needs to be available to all customers with a simple phone call or email. It must also be required to make a decision very quickly, 24 or 48 hours at most.

3. In the rare case that the company still makes an unjust decision, there must be a quick and accessible legal remedy. Establish some kind of small claims court where it is cheap and easy to file without a lawyer, and where cases can be heard and decided on short notice.

Workaccount2

The real real problem are shameless shitheads that will abuse anything to any length the run scams or malware distributions.

"Yes support tech, please understand my child just died of cancer and my wife in a car accident last week and the only pictures I have of them are on my bitcoin4free@gmail.com account!"

dylan604

I know you're just trying to pull something out of thin air that sounds plausible, but...this would be simple to prove with a request for valid death certificates, marriage license, and a birth certificate to prove you were married, the child is yours, and that both are in fact deceased. Oh, and of course, you'll have to prove who you are as well.

sneak

> The real problem is that companies do not offer any accessible, powerful, and intelligent customer support.

No, the real problem is that we have no reasonable alternatives when companies misbehave. There is no meaningful way to exist in society today without an Apple or Google account, and that's actually insane. It's doubly insane for people who aren't citizens of the United States (although the CCP addressed this by requiring Apple make a separate iCloud for them).

The solution isn't to legislate a right to a bank account, it's to preserve the usefulness of cash so banks don't get too far out of line.

lxgr

> There is no meaningful way to exist in society today without an Apple or Google account

As is the case for many other infrastructure companies, such as your local electricity network operator (or even supplier depending on market liberalization). We also didn't solve that problem by ensuring everyone's right to run a generator in their backyard or heat their city apartment with a coal oven.

If tech companies have become essential to our day to day lives and are not willing to allow for horizontal interoperability, i.e. to split over-the-top services from infrastructure and individual elements of infrastructure from each other – because walled garden lock-in undoubtedly increases profits – why not regulate them as infrastructure entirely?

rsync

I have neither a Google nor an Apple account.

Well, to be fair, I do create an ephemeral Apple ID every time I get a new phone… But I immediately log out of iCloud after downloading the two or three apps that I use. I have no idea what my Apple ID or password is… I would have to go look them up.

Further, if I lost said Apple ID, I would lose nothing of value.

I believe, as you say, I exist meaningfully in society.

Apreche

Even if there were viable alternatives, I believe people who chose to use an Apple, Google, or any other account should still have the rights I proposed.

alpinisme

As one data point, I would.

criddell

Cash being more useful wouldn't help you regain access to your photos, music, email, etc... when your account has been deactivated..

wat10000

China is quite a bit worse. Not having an Apple or Google account in the US would be kind of inconvenient. Not having WeChat Pay or AliPay in China means you can't buy stuff most places. They've ensured that their de-facto-mandatory services are domestic, but they're a lot more mandatory.

I assume the Chinese government is quite happy with this, because they have no trouble bringing their large companies to heel, unlike the US. And centralizing payments like this gives them a great deal of information and control.

null

[deleted]

raverbashing

This is the naive tech bro view

You can't keep chasing alternatives when companies misbehave

That's why there's a thick list of contract law precedents and consumer's rights and what not

srmatto

This fiasco stirs up a lot of different topics for me, none of which seem like they are likely to be resolved anytime soon.

First, with so much importance placed on an Apple/iCloud account in our current era it's not good that they can be shutdown so trivially. Someone can be shut out from using Messages, Apple Wallet, Digital Identification (depending on where they live) and all their subscriptions and media purchases without any recourse, in an instant. It's not hard to imagine someone being put into a pretty bad situation as a result of this with just a little bad luck and bad timing. It's easy to point out that you shouldn't be overly reliant on these technologies but I think it's more important that there be ways to safe guard people from this scenario. Apple should do more to handle these scenarios given the importance of an account now.

Second, there are other recent events that point out the failure modes and gaps that Apple (and Google?) need to address. There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation. There's also no way to leave a "family" account even as an adult or how to assign children to multiple families. Again we can trot out the easy "Just don't use these things, use FOSS, Nextcloud, etc..." but I think Apple should do more to address these types of scenarios regardless of what people choose to use.

Mistletoe

I’m realizing maybe I should just use Amazon or iCloud AND Google Photos for backing up my images. My whole life is in Google Photos. I could lose it from something stupid and never even have a person to contact about that.

MobiusHorizons

At least do a google takeout backup. I believe there are ways of onimport that into software like immich (a self hosted alternative)

bombcar

Shutterfly will upload all your photos and store them for free if you buy a few magnets on sale now and then. Works from iPhone well enough and it's my "third backup."

rtavares

Apple has locked my Apple ID, and I have no recourse. A plea for help.

1730 points, 1045 comments https://news.ycombinator.com/item?id=46252114

DannyPage

> Update 18 December 2025: We’re back! A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working.

It’s great that it has been resolved, but I’m still baffled by a number of things:

1) Why would redeeming a bad gift card result in a complete shut-down of the account? 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press? 3) Should companies be restricted from growing too large where they can’t support their customers?

In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access. Rather than move to outright banning the account, there are intermediate steps that can be taken. Personal example, my Facebook account was recently banned because a hacker accessed my account uploaded a bad ID when FB requested an ID verification. Despite the request coming from a country I have never visited and would likely be on any high-risk list, my 20 year old account was banned literally overnight without having any recourse. There’s no number or even any email to use. Maybe I can see if the Register will write it up… (I do have all the info from my Facebook account download to show how it was compromised, and any internal support should have been able to see the same… if they cared.)

estimator7292

Banks frequently completely freeze accounts for no discernable reason and with zero communication, support, or recourse.

You're just lucky that it hasn't happened to you. That does not mean it doesn't happen to anyone.

ryandrake

What I want to know is why does it always have to go straight from 0 to 100? There's seemingly no concept of proportion. For most online services, your account can be in one of two states: Totally good and "banned for life". There's no warning, no investigative period, no concept of scale (was the fraud $10 or $10,000?), no way to serve your time and come back if you actually were bad. It's just instant, silent BAN HAMMER.

stackskipton

As someone who worked in fraud, sometimes the $10 transaction is primer for 10k transaction that will really cost the company. When you don't know what's going on, you don't give a shit about end user and primary objective is prevent the company from losing money, shut it down and sort it out is easiest way.

Furthermore, without physical presence where you could sit down with someone, this becomes more difficult to deal with. Truth is, Apple should have option where someone could go to Apple Store, verify ID and talk to someone with power but they don't want to spend that money so here we are.

huslage

Yes. But that doesn't make it right.

wishfish

Would checking the Apple gift card balance first be a useful precaution? Would it have saved Paris all this hassle?

Seems like this might be a necessary step if checking the balance would reveal there's something wrong with the card. Would be frustrating to see the $500 card is worthless but better than risking the bureaucratic hell.

Havoc

Continuing the worrying trend that when computer says no you need social media presence & industry connections to get basic level of "hey can you not kill my account" support

owenthejumper

It's almost a rhetorical question, isn't it? Clearly, from both the original post, and this reporting, they are NOT safe to redeem.

In addition, it just re-emphasizes how tied we all are to these "digital lives". I used to do it without a blink, but now think twice before clicking "Login with Google/Apple".

altairprime

> Strangely, he did tell me to only ever buy gift cards from Apple themselves

The Singapore Apple exec person who eventually reported the issue fixed provided the above advice, and I think it is the best advice given to anyone in this entire situation.

What can a normal person do? Only buy Apple gift cards from Apple, only buy Home Depot gift cards from Home Depot, et cetera.

That one piece of advice destroys a retail line of revenue that’s suffering massive endpoint fraud and removes the vast majority of risks to recipients of gift cards, and is simply explained to uninterested people that those conveniently-placed gift cards are bait cast by fishers for the unwary.

(I’d also sue the retailer in small claims court for selling a fraudulent product that didn’t perform as advertised.)

realusername

Personally I only use these login buttons for throwaway accounts, if it's something important, I'll use email/password.

lvl155

I experienced something similar recently. There’s something going on with gift cards at Apple. It’s a bit fishy. As in they don’t want you to use it so they can report higher holiday season sales. Or they’re experiencing a huge uptick in scams involving the cards. I started wondering if the system they use is actually secure from a cryptographical pov.

My lessons were:

1) if you’re going to accrue gift cards for hardware purchases, use a separate Apple ID. Do not use that ID for anything else and especially not as family organizer.

2) save paper trails for all your gift cards. That’s your only way out of this.

3) be prepared to be treated like a scammer by Apple Support. They will even question where you got the devices you traded in at the store. Some support staff will basically say you stole them without any evidence.

bombcar

There are apparently large amounts of NEW gift card scams going around; Target has recently changed how they work and I've heard other reports.

Frankly, staying away from gift cards seems the best option unless it's blast radius can be limited (e.g., redeemed in person).

tiffanyh

I don’t want to minimize the pain people experience here, but it’s worth calling out just how hard this problem is for retailers and issuers.

Gift cards are the #1 fraud vector in payments ... because it lets stolen cards be converted into a cash-like equivalent with zero traceability.

So fraud/risk system are highly sensitive to gift cards.

It's not an excuse, but I see in this thread people minimizing the problem at hand - so I just wanted to call that out.

toomuchtodo

It would be a suboptimal UX potentially (vs live funds on a physical gift card), but Apple could tie the gift card to an Apple ID at purchase with a QR code or something similar, and then permit gifting through the existing Apple ecosystem primitives. Apple could then enforce stronger controls as the value is transferred internally on their internal ledger. In financial services, its all about tradeoffs.

The optimal amount of fraud is non-zero (2022) - https://news.ycombinator.com/item?id=38905889 - January 2024

($day_job is financial services, a component of my work is fraud mitigation)

pixl97

Then they are free to stop offering gift cards.

citrin_ru

How it's zero traceability if Apple can see: 1. credit card used to by a gift card 2. who exactly redeemed a gift card.

It can be traced, the problem that they block accounts (probably using on FP prone algorithm) even if a gift card was not purchased using a stolen credit card.

eduction

Apple only sees the credit card if you buy from them, if you buy from a retailer they don’t get that info.

To be clear, this is their problem, not the customers.

Still, I’m curious what the scammer did in this case. If a retail worker just stole the card number it would merely be used up, not flagged as fraud. Maybe someone in the supply chain obtained the number and reported it lost/stolen? And used that to obtain a new card no one would complain about once it was used? Vs the original number which would result in a customer complaint. Idk.

kelnos

I'm not sympathetic to this point at all. As Patrick McKenzie says, "the optimal amount of fraud is non-zero"[0]. Yes, fraud causes problems for retailers and issuers. But in cases like this one, the result of overreactions and incorrect handling of fraud is severe, mostly-intractable problems for customers. Customers who end up having very little or no recourse.

McKenzie's point is more about how businesses need to accept a certain level of fraud because trying to stamp all of it out will be more expensive and more damaging than allowing some of it. But I'd go further than that: companies should be required to accept some amount of fraud in order to avoid harming their legitimate customers. It should be just another cost of doing business.

[0] https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...

usefulcat

> it’s worth calling out just how hard this problem is for retailers and issuers.

I'm having a hard time finding much sympathy. They could always, oh I don't know.. maybe just not sell gift cards? Or have a much lower maximum amount?

I mean yeah, you could take the view that technically the blame really lies with the people trying to use gift cards for theft, but that's not going to be productive.

wat10000

And yet they continue to sell these cards. Why?

It's simple: they're essentially free money. The worst case for them is that the recipient of the card uses the full amount of the card. In that case, the issuer "only" makes the full profit on those sales. Often they do better: the card is used partially or not at all, then lost or forgotten about.

You can see how lucrative they are by looking at promotions. You can often find deals where you can buy a $100 card for $90, or similar. Why would you sell a dollar for 90 cents? Because you know that on average you're selling quite a bit less than a dollar.

As for the fraud risk... do they even care? When gift cards are used for crime, the issuer doesn't suffer. Maybe they have to deal with upset customers, but that's hardly new. Most of the time, the gift card is bought legitimately, given to criminals, resold, used by the secondary buyer, and the only one who suffers is the unfortunate scam victim who bought it.

It would be so easy to make gift cards more secure. Modern technology can do a lot better than an alphanumeric code under a sticky cover. The fact that they don't bother should tell you everything you need to know about how important fraud is for them.

purpleflame1257

Every time a read a story like this, I feel an atavistic desire to self-host eveything. But I've had my Google account for 20 years now; the die is cast.

wrxd

If you never start you'll never be free. It's also not all or nothing. You can keep things with Google, self-host new stuff and gradually move over things that make sense to mover over.

bayindirh

I'm slowly decoupling things and hosting parts of my infrastructure myself. Let it be on a cloud server or a home machine.

Doing everything and/or all-at-once is not practical, but having backups for most critical infrastructure helps a lot, and when it's rolling, it rolls without effort.

One can go step by step and call it's done when it becomes too much to bear or satisfactorily decoupled.

paulpauper

creating backups is crucial. this includes all the contacts, texts of saved emails, photos and so on. Many of these ppl who get locked out fail to create local backups and rely on apple's cloud storage. big mistake.

bombcar

Even just simulating "what if I lost this account" and seeing what you can't access (have your wife change your password and not tell you for a month or so, say) - tells you what you'll be missing.

The tendrils can run deep.

neilv

> > There is one way the Apple community could exert some leverage over Apple. Since innocently redeeming a compromised Apple Gift Card can have serious negative consequences, we should all avoid buying Apple Gift Cards and spread the word as widely as possible that they could essentially be malware.

It's December holidays time, but I assume that most Apple gift cards that would be purchased for the holidays already have been, so...

Maybe people should also be urged to demand to return any Apple gift cards already bought. Arm people with a copy of the news story. If retailers resist, then regulators can get involved.