What? No, just store every key that you officially sell in an internal database. Now if someone enters a key you check if it's in your DB, therefore if the key has been legitimately issued. Everything else gets rejected and your now 100% counterfeit safe, unless someone hacks your database, which is unlikely. Don't wanna pick on apple, but that's pretty much how things like that are done.
Should Best Buy report back to Apple whenever a card is sold?
Many gift cards sold at retail have to be "activated" at the register (presumably to cut down on shoplifting); I don't know what this involves but there may already be some communication.
Well, in case of retail cards the keys are registered before shipping. You give the manufacture a set of registered keys, which are then printed on the cards. If done right you won't have any issues - that's exactly what people are doing with CD-Keys or Prepaid-Cards. However, if you mess up (can't always avoid mistakes) and have shipped invalid keys or may be the key-printer didn't work right, you have the customer send you the certificate card and you can refund him.
It's by far the better system than using just a algorithm-based genuine check, especially for things that directly translate into money, like gift certificates.
> No, just store every key that you officially sell in an internal database.
My point is that such keys can now be generated independently of the sale. In other words, key_A is generated by a sale and key_A is generate by the algorithm. When key_A is presented, what do you do?
> My point is that such keys can now be generated independently of the sale.
I'm pretty sure his suggestion is to have the keys generated randomly, so that they cannot be generated independently of the sale. If we are to believe him, this is standard operating procedure for businesses that are not apple.
If they reject it, there's now a good chance that they've rejected a redemption request by a legit customer.