Perhaps a scammer visits the display, copies down the code, then adds a scratch off sticker making it seem unscratched? Then when they see it’s been sold, they use the details to empty it?

Years ago, I went to check my gift card balance on line and did not pay attention to the website that was at the top of my Google search results. I went to the website and put the card number in, it said I had $50 on the card. A day or two later, I realized my mistake and went to the correct website. My card had been drained on the day I entered the info on the fake website. I had not used the card at all. It’s easy to be scammed if you don’t pay attention

Sometimes it’s a sketchy cashier. After they activate your card and you leave, they can print a duplicate of the activation receipt. This they will sell to someone or just use for themselves.

At least this used to be possible, not sure if it is anymore. But I would let the management of the store know.

Gift cards look like they act like credit cards but they don’t at all. Much more insecure. PCI PA-DSS rules don’t apply to gift cards unless they are Master Card/Visa/Discover/Amex/JCB/Diners Club. This means that they do not need to be as secure.

Example: Full card number printed on the receipt. Not allowed if PCI, non-PCI no one cares.

Credit Cards are insecure enough and that’s with a lot of security measures. Without PCI DSS rules that must be followed, it’s easy for vendors to be lax about gift cards. Even big companies get sloppy about gift cards without the fear of fines that can run many millions of dollars.

Fortunately, Credit Cards are insured and the issuer will give you the money back if you dispute it. Gift cards are not insured so you’re SOL if they are stolen.

Everyone here is just taking wild guesses haha I used to be a manager at a CVS. What I found was scummy thieve people would come in, ESPECIALLY around the holidays, steal a bunch of gift cards off the rack, then take and print photos of the barcodes.

They would then take a gift card, place the photo of a barcode they had just printed OVER another barcode and then place some gift cards back on the rack with the alternate barcodes, so when a person grabs a gift card off the rack and the cashier goes to activate the gift card, they would be activating the photo of the barcode that the thieves already had a hold of.

So PSA- always inspect your gift cards, especially the VISA and MasterCard ones with flaps where it’s easy to paste a barcode over. And always make sure the last digits on the receipt MATCH the last 3 or 4 digits on your gift card BEFORE leaving the store!! (I hope this makes sense, I’m on mobile and my phone keyboard is having issues)

EDIT: I just noticed OP said the barcode did not show on theirs but I’ll leave this PSA here anyways

Gift card fraud is a moving target. Back when online redemption was still new, it used to be that most gift card fraud was insiders, usually store employees, who would copy the redemption codes for a batch of gift cards, then launder them so it wouldn’t be obvious who the fraudster was. Then the gift card issuers started requiring cashiers to activate the gift card at the point of sale before it’s valid. I’m out of touch, so I don’t know how it works now.

Source: worked at Google on Billing SRE. We weren’t directly responsible for anti-fraud detective work, but we’d often get asked to retain or extract information about known or suspected fraudsters for Google Legal and/or local police. At one point we were tangentially involved in some anti-fraud work with the Google Play Store physical gift cards, back when those were brand new.

Possibly they generated a bunch of card numbers which included yours, then used them online so PIN isn’t needed Source: worked in banking and had this happen to multiple credit card customers customers

Maybe the activation receipt got lost or tossed and someone grabbed it? Or a duplicate was made of it?

9 times out of 10 they are running a ton of number combinations to see what works. Also these gift cards aren’t printed and sold the same day, so it could be that the numbers got leaked from the vanilla website, but they didn’t pull those cards.

I know I’ve seen some explanations on the personal finance sub that explains it better.