Slashdot Mirror
Walmart Stored Value Cards Compromised
morcheeba writes "It appears that Walmart's pre-paid gift cards have been hacked. Customers are buying cards and finding that criminals have already emptied them of value. It seems someone has access to Walmart's database and/or registration data, and can create clones of recently activated cards. (via engadget)"
That is, in the ideal world where criminals could in no way pay off the court system with tons of stolen money
I are winner
First, look at how gift cards work. Many retailers use the model where their gift card records in their database created upon activation. This means they don't even ask the manufacturers for a list of "cards printed"; they simply direct the manufacturer to produce "a million cards in this number sequence, label them $20," that sort of thing. The value is added when the record is created at issuance. I'm assuming Walm*rt is operating in a similar fashion.
It's theoretically safe, because a shoplifted card isn't redeemable. The cards never actually "store" their value, all the value is located only in the database (more correctly, the value is in the ability to redeem from the database.)
So, if someone is redeeming the cards in a distant state just hours after issuance, they're doing it by sniffing the data real-time, somewhere on the inside of Walm*rt's systems. The article implies that the thief knows when the card is issued, and cashes it in within hours. Cashing the cards in distant states implies network access to at least run the scam (although that may be an email to a conspirator.) The fact that the victims were located in different states implies the perpetrators either have central access to the database involved, or have access to the POS systems that are selling and activating the cards.
The points of access are numerous. This could be happening in the POS registers, the store POS servers, the networking gear, the central authorizing servers, the central sales logging servers, or the database. It could be someone in their security group looking at electronic journals on-line. It could be a hacker in the parking lot with 802.11 gear telnetting to any of the above equipment, emailing card info to his buddies. The redemption is probably being done via "forged" cards, which might be as simple as printing a barcode on a sticker, covering the existing barcode, and then keeping the cards after redeeming them to hide the evidence. A smart thief would redeem $149 on a $150 card to keep the card with the $1 balance on it in his pocket.
That's a lot of ground to cover for their investigators. Given their M.O. I can think of a few traps they can set to catch these guys, but they're probably going to take time to implement. And with the high probability of an inside job, who do you trust in their systems end to help you catch the bad guys?
John
The date of the article was June 10, 2004. Maybe this was in another time zone or something so it was more recent than I thought?
A NYC lawyer blogs. http://www.chuangblog.com/
So now Wal-mart customer are stupid? You arrogance must know no limits.
Wal-Mart does not need anymore bad publicity, this should be a non-issue, if people got cheated, they need to provide recompense. It's not like they can't afford it.
What kind of geek buys their computer gear at Wal-Mart? I mean come on, even Best Buy would have been a step up. I bet he'd even opt for the Extended Service Plan. Either way, the culprit will be set for life when it comes to toilet paper and snacks.
Something like "idle hands are a devil's playground"? Well, bored geek employed at Walmart = ..well, this.
I know nothing
I guess you havnt been to a small town that has been taken over by Walmart?
The plural, my good man, is cutomers.
What about it? Are you trying to say that Walmart actions make people stupid? Sure, I don't like walmart too much, but it doesn't mean that walmart customers are stupid. They go to walmart because it is cheap.
You were supposed to add an S at the end, not move the one already in the word.
at least Walmart can afford to reimburse those customers. After all, they skim a buck from every card every month they remain unused. (If you've got an unused Walmart card from last Christmas, it's lost $9 of its value.)
// I will show you fear in a handful of jellybeans.
There is a side of the story that they are not reporting. The hackers Jeb and Jesse are using the hacked value cards to buy more value cards - hmmmmmm?
10 CLS
20 PRINT "Always Low Prices. ALWAYS"
30 GOTO 20
I remember reading a while back that one of the major retailers, possibly walmart had gift cards with sequential serial numbers, stored on the magstripe in plaintext, so anyone with a card reader/writer can easily change the id stored on the gift card.
Theres an 800 number you can call to find out the card's balance, so it just takes a little time and guesswork to find a card number with a balance on it.
do a search on google for Walmart customers and IQ and you will find that most of the results agree with me. Generaly Walmart customers are stupid.
If someone has access to Walmart's database and/or registration data, why can't this someone just get a pre-paid card, and change its value according with all matching/tracking records in the database?
In this case, no other customer is going to report missing money, and this someone can quietly purchase and "top up" the card regularly until maybe the auditing season.
Uselessful technology (Air-Charged
Man, I thought I was doing well without having to RTFA, but you made me read it anyway.
The injustice is that you now get *good* karma!
Cogito, ergo sig.
Walm*rt may have an error in their central authorizing servers that's "confusing" redemption replies. Imagine a server that accepts requests from tens of thousands of different registers (probably a mainframe.) All those responses have to go back to the place they came from. What if a response was corrupted and an approval went back to a wrong register?
Or what if a request was corrupted? What if some stack corruption in their register changed a 12345 into a 22345, and they just happened to match a card issued elsewhere?
Or, what if the manufacturers screwed up and printed duplicate serial numbers on the backs of a batch of cards? Jane Doe goes to buy a card, but that serial number was already purchased by John Smith in a different state. If Jane's purchase request was made "offline", the card would be given to her immediately, but the card activation would have to be made after she left. Now, if Jane redeems her card, she uses John's value. Walm*rt would have no way to go back to Jane to say "Sorry, we gave you a bad card."
For these scenarios to work with a card being cashed within hours of being issued seems highly unlikely until you remember one thing: Walm*rt operates over 8000 stores, with probably over 200,000 POS registers, each of which is cranking through perhaps two or three hundred transactions a day. When you start factoring in just how many transactions might be corrupted, having a couple of "unlikely" coincidences seems more like a statistical certainty than a random chance.
John
b should read
B: Hey happy birthday/christmas/eid here's $50 you can only spend on crack-whores or beer.
Walmart is not known for compensating its employees well, and the turnover rate seems to be high. (Its economic impact on communities is generally not good either, that that's another topic.) It doesn't seem too surprising that insider theft might be a problem for them.
walmart slave labor in china, 13-16 hour days at 13 cents an hour, 7 days a week, 20 hour shifts during rush season like for christmas shopping. That's all -american walmart for ya. And they claim US workers need to be more productive and to compete globally with that. How? Magic fairy dust?
And they can't even keep their cards secure. What a joke.
Walmart single handedly has shutdown thousands of small town down town areas all over the nation. That's the new culture, a big square ugly box of a building, they all look the same, all got the same cheapest crap imaginable for sale. Largest corp in the world, bigger even then the energy companies. They come into a town, and do what is in essence "dumping" for a few years, incredibly cheap prices, until all the local competition is hosed, then they run the prices back up. Shop elsewhere-sure, go over to the next county, the same walmart.
I'm surprised walmart and microsoft haven't merged yet, exact same business philosphy.
The cracker must be low on paper towels and socks.
law enforcement at the highest levels possible, to rectumfy the problem
Looks like the cuplrit is going to really get it in the ass...
From the parent: A corporate spokesman says the company, " is working with law enforcement at the highest levels possible, to RECTUMFY the problem and catch the people responsible." (all caps mine)
I wonder just what rectumfying is. Maybe it's like "radidzomai" in Greek (to be buggered by a raddish), or the Tossed Salad Man. I'll bet rectumfying would deter anyone else from hacking gift cards!
-Colin
There are two Walmarts "near" me. One is 20 miles to the north, the other is 15 miles to the south. They are the two closest "department" store operations near me, although I can drive 30 miles or so east to a Sears. I can't see how either of the Walmarts have put anyone out of business. There were no department stores here before Walmart, now, there are still none, but the Walmarts are at least within a days drive. Walmart does not have a very large selection in some areas, particularly computers. What they do have represents good "value", with no-names at the low end and HP and Compaqs at the "high" end. For online 3D game-play you probably need something a bit better than you are going to find at Walmart (in the stores at least, their mail-order selection is better). For what I do with a computer most of the time (web, email, photo and music collection, etc. these mid-range computers (some of which are available without the Microsoft tax) are more than adequate. For me and other people in my situation you are not going to get us to feel guilty for going to Walmart, so you might as well stop trying. You shop wherever you want to, and I'll do the same.
While this is from approximately third-hand sources, wal-mart type stores have lots of those glass bubbles that look like they should contain a camera.
However, in most cases, only a few actually contain cameras. They might move the cameras around, but remember, wally-world labor is cheap, glass bubbles are cheap, and cameras are expensive.
ERROR: Null
Given how Walmart mistreats its employees (forced unpaid overtime, automatic firing for even *thinking* of getting unionized, illegal immigrant janitors making well below minimum wage and locked in the stores at night, etc.) and how Walmart systematically ruins local economies, and who knows what else, would it surprise anyone at all if some Walmart executive would have the system set up to wipe out gift cards X% of the time? In Walmart's case assuming a system compromised by petty theft is just unwarranted--systematic and corporate-sanctioned theft may be more appropriate.
I laugh at those bastards, I hope whoever's doing this bleeds them dry.
--
The only thing worse than being held hostage by Muslims is being rescued by Russians.
But, what's wrong with China changing it's laws to better support their own people? If you are seriously suggesting that we stop using Chinese products then you'd better look around. In electronics, there's hardly any other choice. Why do you single out Walmart for this? Open your eyes and look in ANY other retail store.
.50 cents an hour.
The US simply can't compete with cheap labor like this so... We use it if they want to supply it.
Perhaps it would be better for these people to slave and die in the fields instead of becoming industrialized, but I'm not sure. Every nation that has gone through this process started this way - out of necessity.
Don't weep too uncontrolably for China. At the rate they're going their economy will soon dwarf the US. Pray that their governmental system changes before them or perhaps YOU will be working for
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Here's the simple solution. Ditch the high tech whizbang gift cards, and go back to good old-fashioned paper gift certificates. That would be simple and effective, so it will probably never happen.
How ya like dat?
not an advert, just giving credit where it's due. Slashdot didn't change my submission at all (except putting it in the IT category).
HIV Crosses Species Barrier... into Muppets
The injustice is that you now get *good* karma!
Not at all, dumb schmuck posted as AC.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
as of 5:48pm EST, I'm getting a "cannot find" error on it, /.'ed already? Anyone care to mirror the article?
Where one of the cards was empty in three hours the problem is within the control of Wal Mart. If the matter is considered as a glitch in the system and the cards just expire too fast, well that is one thing...an error that Wal Mart should have caught.
If there is an insider trading information (that could NEVER happen, right?) then security is way off and Wal Mart still loses.
If the system is open to outsiders to hack and they have the ability to grab the latest cards purchased and burn data and make purchases within three hours then the system is way too open.
People who pull off these scams aren't interested in most goods - they want cash. I suppose that the easiest method is to buy a case or 10 of cigarettes or to try to return a high-dollar item. The former can be sold almost anywhere and the latter will give the thief cash, but only after a second pass at the Wal Mart chain. The latter is a high-risk approach and it isn't consistent with an ongoing breach...
If only a few stories are out about these cards, but the breach of the cash control system is so complete that the funds can be diverted within three hours, then the problem is far more common and serious than Wal Mart wants to disclose. The system must have been compromised so thoroughly that only a complete replacement would eliminate the problem. Wal Mart data mines (last I read, they had the largest database of consumer purchases on the planet) and these cards are clearly an integral part of their data capture system. The cost of "fixing" the system must be far greater than the losses thus far. Of course, that could be hundreds of millions of dollars....
I don't think defending a business would really be considered anal... my commment about the anal attitude was the spelling of Wal*Mart. Sorry for the confusion.
Sweet! Now Ed can trade his family-owned grocery that made him enough to make ends meat for a
Monopolies hurt everyone (except the shareholder), not just the small business owner.
I was wondering the same thing! I thought perhaps Walmart had become a swear in certain areas, like Canada or something. You know, "sh*t" is so much less offensive than "shit".
anyone can do this. all you need to do is write down the gift card number on the back of the card and then put it back on the rack. then some unknowing sap comes along buys that gift card that you have the number to, and thats all, wala, free gift card. walmart has an online store also so its not like you need a physical giftcard. just the numbers will do. this is more like a case of a dude discovering he got scammed than the walmart db getting hacked.
Cheers,
Erick
http://www.busyweather.com/
anyone else except me read that part a couple times to make sure it's true? Generally you don't hear about transexuals in media.
Comment removed based on user account deletion
I find it very interesting that people are willing to buy those "value cards," compromised or otherwise. Similar cards were used in Soviet Russia, but no one seemed to like them, so one has to ask a question: what's wrong with money in the United States? Is it because people don't want to have cash so they are less attractive targets for criminals? After all, who would want to steal "value cards"? Well, obviously this is not the case, as the story shows. This is a very interesting issue, a one much more important than this incident alone. Why people don't want to pay with USD?
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
I would have to agree with Parent. I see absolutly no point in gift-cards. The retailers push them because they make money on them since they charge a monthly fee or the card goes unused. Then they say a gift card if different then a gift certificate so they can charge those fees. That is kinda like saying a mini-van is not a passenger car so it can pass bad crash tests.
I for one laugh!!! HAHAHA Gift cards are lame, anyone who buys them deserves this.
Clicking on .info domains is inadvisable while they're being given away free. Until after the holiday when the abuse desk folks, they'll still resolve.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
...but here if we don't know what to buy someone we buy them gift vouchers. Some stores have now started offering vouchers in a credit-card type form-factor. It gets charged with a certain amount of money and you can actually get something you won't return or exchange anyway, therfore removing that embarrasing moment when they come over to visit and don't find their vase/picture/abomination (delete as appropriate) in pride of place - everyone's a winner.
;o) with one her dad gave her for a very nice department store here in the U.K.
My significant other and I bought most of the essential things we needed for our new house (champagne flutes, wine glasses, whisky tumblers and 250 count egyptian cotton sheets...the usual necessities
I am NaN
I have a client who bought a software product from an eBay auction. The product was offered as a "remainder" that was "unopened" and eligible for upgrade.
What the client received for $350 was a pirated copy of the software.
I sent notices off to the software company and to eBay's legal dept. I had no answers. A couple of years ago I had very rapid responses to such communications from an attorney.
Perhaps eBay is the way these cards are turned into cash...but the 3 hour turnaround isn't consistent with eBay....
why I always ask for cash each year for my birthday and christmas... ^_^;
DEAD DEAD DEAD DELETE ME
War on .? You mean, war on /., right?
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
come on, he knows how to do it, he knows Wal-Mart rather well, he posted anon.. it's got to be him!
call the cops. ha, he shouldn't have posted to /., we're too smart for him.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
In that case, people were writing down the number of a card still on the shelf, or taking pictures of the bar code or something, and then noting what the sequence is (they are in order, after all) and then going home, and using the 1-800 number to see how much money was on the card to see when it was sold.
Once they found a number with money on it, they'd modify a card that they had (printing bar codes and reprogramming magnetic strips is easy) to have that number, and go and spend somebody else's money. Easy.
Seems easy enough to track, as 1-800 numbers include caller ID type info, so just see what number was called to check the balance of the card before it was depleted of funds, and if the same number shows up a few times, call the police ...
To make matters worse, the fine print basically said that this sort of loss was the customer's problem, not the retailer's. So the retailer was refusing to pay people for the lost money ...
In any event, giving a gift card sucks, even without this scam. It has *all* the tackiness of giving cash, but with the additional tackiness of telling you where you can spend this money. If you're going to buy me a present, buy me a present. If you want to give me cash, I certainly like cash. But don't spend cash on a gift card ... either use it to buy me something, or just give me the cash.
And if this does happen to you, scream bloody murder. Do not accept anything less than all the lost money, even if the fine print says that it's not their responsiblity. Call the local media if you have to. Make a scene in the store. Call the corporate office if you have to ... you'll probably eventually get your money.
That's interesting. When I don't know what to buy, I give cash. Seriously, what is so wrong with cash these days? Is it this great disadvantage that you can use it in any little store you want? I would really like to know.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
The question I have is: if they are nabbing data from somewhere between the register and elsewhere in the network, what's preventing them from nabbing Credit Card or Debit information.
If you are going to hack gift cards, why, for the love of baby Jesus, would you target Wal-Mart??? Now hack me up some Best Buy or Good Guys or Circuit City cards, and now we're talking.
--- Ban humanity.
If the card gets used the same day as issued, or more than 250 (pick a number) miles away, ask for and record picture ID.
This should pretty quickly turn up the culprits.
...though I expect it has something to do with some people feeling vulgar about giving money...that's just how some people think. They probably think that by giving a card for a certain type of store they are at least putting some tought into the gift. It would probably make a good subject for a psych essay..."The Psychology of gift giving...money or vouchers?" ;o)
I am NaN
Absolute fucking bottom of the gene pool.
Software piracy is victimless theft.
Not that this will change where you shop, but the argument against Walmart isn't just that they put destroy other businesses that sell things, but that its overall effect on the businesses that it buys from and the government.
Walmart is notorius for squeezing every last panny out of the companies they buy goods from. While in the strictest economic sense, this is a great idea for Walmart, it is decimating other companies that pay a living wage to their employees, fueling outsourcing and bankrupsy in this country. I live within a two hour drive of towns with 20+% unemployment because the textile industry has been destroyed by foreign imports. No matter how libertarian/randian you may be, that kind of situation is very dangerous, because large numbers of unemployed (and unemployable) people leads to high crime and even civil rebellion.
Walmart also shifts expenses to the taxpayers. See a biased source and a collection of less biases sources.
If I lived out in the middle of nowhere, I'd prolly shop at Walmart, just because it would be the only option. I'm lucky to have a decent amount of money and to be surrounded by choices, and deal with small retailers and restuarants as much as possible rather than feeding the large corporate machines. It's not just feeling smarmy and alternative, it's good economic sense to make sure that money is circulated into your local economy. Absolutely pure capitalism is great only for big businesses - it's horrible for the inviduals.
The guy who thought up gift cards/certificates was an evil genious. At what point does someone as a business person say "maybe people are willing to exchange their real money for store credit so that they have a non-cash gift to give?" I can't imagin thinking "I want my money to be acceptable at less places for the sake of forcing a friend or family member to buy something they don't want or need".
I'm a fan of capitalism, so I don't want them to ban gift cards, but I really hate them. Damn you, you evil genious!
http://brandonbloom.name
Now that walmart can track purchases to the faces on store cameras, how long before these people get caught?
---- Booth was a patriot ----
It seems to me that anyone who would pay a certain amount of money for a gift card or gift certificate worth the same amount, and give a gift that can only be used at a certain place and might expire, in this way shows even less thought than giving money, and deserves this.
I'm an American. I love this country and the freedoms that we used to have.
I've seen this before. Why do people refer to Walm*rt with a star in the name? Is there a whole chain of Walmerts, Walmurts, and Walmirts? Or is it sometimes spelled Walmrt, Walmmmmmmrt, or Walrt? Does G*d shop there?
What gives?
The ______ Agenda
I can say that most of these folks have their heads well stuffed up their asses around security.
Most of the technical requirements are made up on the spot by demanding retailers, that do pre-load value on as yet unactivated cards. Activation is often as simple as simply the first swipe(!), and they rely on standard loss prevention and inventory control in the store to prevent theft as any other models for dealing with these types of inventories are completely beyond them.
Of course, we've been all too happy to go along with that, as long as their money is green.
Then of course there are the implementation details on the backend, and we've been losing data continually on the system we have here, due to plenty of design flaws and a serious rush-to-market. It's truly frightening what an afterthought security and data integrity is with these people.
All I can say is don't buy your stored value solution from any company that ends in "stone" or "rock"!
AC so I don't lose my job, bla bla
since i do work there, it is interesting how much information they divulge at meetings. I am also allowed into their server rooms, which i don't think i (or anyone without proper securtiy clearance) should be allowed in since there should be some physical security to the boxes. It humors me to see the servers. In a hot room with box fans on the servers to keep them from overheating. VERY INEFFICIENT. There is no A/C in the room where the servers are at my location and sometimes the store pretty much shuts down due to them overheating. Back to the subject, it does sound like an inside job. I don't know what the security is like at the home office (Bentonville , AR) but if it is anything like the store i work it, it is pathetic.
Check it out, it works http://www.
I just wanted to add that although I'm not going searching for it, this is like 4-5 year old news here. I know I've read this before, and a long damn time ago, too. Looks like the network news reporters are starting to have to go back to old shit.. cuz all of those events.. are years ago.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
This is an argument for making those cards smart card where the value is _on_ the card. Recovery of the value of a lost card would become impossible, but optional PIN #s could provide theft deterance ("Mr. Jones, the balance remaining on your card is $36.74. If you like you can enter a PIN on the pad in front of you to protect your card from theft").
SPAM
This is not an inside job - I've read about this before . Walk into a Walmart, get a stack of cards swipe them and record the numbers - the number to scratch is only needed if you want to call the 800 number to find out how much is left.
Put the cards back on the rack - they are the next ones that will be picked up. Remember these are purchased as gifts, they are not used right away.
Create new cards, go in the next day - "Hey freind gave this as a gift, can you tell me how much is on it ?".
No inside job, no hacking, no security leak - just exploiting a weak system.
In the US, we have the concept of right-to-work laws, which prohibit employers from requiring that you join a union as a condition of employment.
Some states have these laws, some states don't. Funny, almost all the growth in auto manufacturing stateside in the past 15 years has occurred in the South, where right-to-work laws are most prevalent.
Tons of companies use a similar technology that dials in to activate such gift cards. It would be interesting to tap the lines of these businesses or even their central command centers and decode this information for personal gain. One wouldn't even have to work on the inside.
Dumb schmuck? Maybe that's their way of contributing to the greater community.
Then again, this is clear proof that the two aren't mutually exclusive.
Cogito, ergo sig.
and shop S-Mart.
A day's drive ? Wow. I put that much milage on my car before lunch, and I keep it pretty local. When I was commuting I drove over 100 miles a day, and that was a pretty easy commute.
And if you need a microsoft-tax-free 'puter, try tigerdirect or something. At least you know what parts are in it that way.
It's trivial to get into a UPC office to gain access to these things. Most stores don't check ID's, let alone work orders. Default passwords are commonplace ("ma5t3r", "9052/9052" and the like), and it's very easy to get an employee to Log in for you if needed. WalMart keeps printed logs of just about every transaction that is created, as well as in electronic form.
Am I alone in noticing this as a nightmarishly insecure system? Consider this scenario: Hacker enters the UPC office, then alters the prices on a select number of high cost items to be something negligable, like $0.20 or some such. Hacker's partner buys the items on the list, winds up paying less than $5.00 for over $1,000 worth of merchandise, with everything looking fine from the POV of your non-tech-savvy register worker (or U-Scan system). Hacker gives his partner 4 minutes or so (since the prices only have to be right when they're getting scanned), then switches all the prices back and makes his escape.
That's just scary.
Happiness is relative, Based upon the way we live.
I didn't express myself well. The closest department store other than the Walmarts is a Sears, 30 miles away, but I don't consider that much of an improvement. To really get to "the big city" and some shopping choice is a 3 hour drive even when there is no traffic (which of course only happens at 3 in the morning), about 150 miles I'd say. Yes, I could drive there in the morning, shop for 2 hours and get back before bedtime, but it's not something I'd want to do. My trips to the city will (I just moved here so its all future tense) probably consist of overnight stays to visit friends and do other things. For normal shopping needs the Walmarts are very welcome.
I should also add, that since I live in a "resort" town, there are THOUSANDS of small shops here, and as far as I know, none of them are particularly threatened by the existence of the Walmart. I don't doubt that there are cases of Walmarts having an adverse effect on pre-existing mom-and-pop stores. I just don't think the phenomena is a pandemic as many would suggest.
As to displaced textile workers (for example) let's not confuse cause and effect. The flood of manufactured goods from China, etc. was happening and is happening independently of Walmart. You don't solve an economic imbalance such as that by punishing a single vendor. Trade barriers, import taxes, and all sorts of other things are possible solutions. Boycotting Walmart will just cause those goods to be purchased at other stores and have little or no effect on the overall situation. IMHO.
I could show you places where all the thieves are white. Race has nothing to do with it - economics, and who was subject to legally mandated discrimination until 40 years ago has a whole hell of a lot more to do with it. Don't be a jackass.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
The mechanics to this scam are ridiculously simple. Many stores have the cards racked like merchandise and they are activated at the register by scanning their barcode and entering the value into a back end database through the POS. All one has to do is go into the store with a small didigtal camera, take pictures of the bar codes on the cards; print up a bunch of stickers, wait a few days for the cards to get sold off the shelf and then use your new stickerized cards to make purchases against the cards that were sold.... TaDa!!!!
-*The above statement is printed entirely on recycled electrons*-
I don't know either. But I didn't say fiber, he did.
Wha? When does debating the benefits of a business mean I "love" it?! People here loathe Wal*Mart. I like Wal*Mart, just like I like its competitiors. It's a store, not a person. Are you against debating when it disagrees with your opinion?
Good thing I don't shop at Wal-Mart. walmartwatch.org
Smeghead every day of the week.
MetroCard stores the data both on the card and in a database. They're crosschecked every time a card is used. The data on the card is encrypted, of course. Cards are checked by the station computer and by a central database. Cards are read both at entry and exit from the subway, and if entries and exits don't match, it's noticed. There are protections against fraud by insiders. This system was intended to be Mafia-proof.
So far, so good. No big frauds so far.
Photo's wouldn't work because WM gift cards can also be used online.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
I work for sams club and we have the same giftcard as walmart (even the card says walmart+sams club on it). I was asked to change all the gift cards in the store about two days ago.
Hmmm... Pie...
I always wondered why people give gift cards. Why not just give someone the money and let them decide where to spend it. Giving a gift card is equivalent to giving cash and then telling the recipient where they must spend it. How is that better than the cash? Am I missing something here?
I watch Brit Hume on Fox News
Best Buy and Home Depot didn't even bother encrypting theirs some time ago. I imagine nowadays store managers aren't so technically inept to allow that to happen now, but then, we are talking about Walmart...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
At Target, the employees call that a "Code Blue".
I'll leave it up to you to figure out what a "Code Yellow" is.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Even if the gift cards are sequentially numbered, each card has a random PIN assigned to it you can only read if you scratch off the back of the card.
Some cashiers would probably balk at activating a card that is already scratched off.
But you never know.
What's nice is you can use the card numbers you've lifted at WalMart.com. I'd use it to purchase downloadable things, not things that need to be shipped, for obvious reasons.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Try taking a product to the register with a cashier you're halfway familiar with. Then suggest the product is X dollars at the shelf. Balk if they even think about verifying it. About 50% of the time, they give it to you without checking. If you're really chummy with said register jockey they'll get the joke and play along.
It's always worth a shot.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The SMART systems come in two varieties; the NCR version runs AIX and the HP version runs HP-UX.
The SmartSystem root passwords are always some lame number-substituted common word like G3or6e or Fr3e6ird, they're always the same at every store in the country (though they change every couple weeks) and they give everyone at the ISD the root password.
Regarding switches:
Garden Center is GDC. Receiving is RCV. You forgot Tire & Lube Express, which is TLE.
Regarding VLANs:
The new wireless network that's been rolled out to some stores (the one that uses Symbol access points and the new Symbol CSM handhelds) has two VLANs to itself 140 and 40. The access points are on VLAN 140, and nothing else is on that VLAN except for the AirBeamSafe units. The AirBeamSafe units have two ports, one to VLAN 140 and one to VLAN 40. There's also a port configured on UPC-1 and UPC-2 to VLAN 40 that's connected to the store's routers; and then the router connects VLAN 40 (and, indirectly, VLAN 140 through the ABS) to the rest of the network.
If anybody wants to try to accomplish anything by going through their wireless network, go ahead, but based on my knowledge of how the wireless network is connected to the rest, it's not going to be simple.
(Posing anonymously even though I don't have that job anymore)
Why even take pictures?
:)
Just write down the barcode number and print them off yourself with any standard barcode printing software.
This was probably reported in 2600, so catching the criminals should be easy.
Solution: We're fucked. They make more money dealing with finance charges and late fees and fucking your credit in the ass than anything else (even if it is just fraud it's such a clusterfuck you have to go through). I have good credit and have not been fucked by these fraudulent people, but I know people who have. It really robs the entire world. It's' like dumping nuclear waste into the ocean or Bonjovi's reign over the ozone.
"Old-fashioned" gift vouchers worked. You know ..... a little slip of paper with some fancy printing, like a special banknote only redeemable in certain stores, which you buy at the till and place in a birthday card. What was ever wrong with them anyway?
Je fume. Tu fumes. Nous fûmes!
I work for wal-mart, $9 an hour, which isn't a whole lot, but it's more than any grocery store and most retailers in the area are paying...
In fact, most of the Giants/Wies' around here start you off at between $6.00 and $6.50 - Walmart will start you between $7 and $8.
Yeah, it's not a lot of money, but people never bitch about the stores that are paying less....
This is not the greatest sig in the world, no. This is just a tribute.
It's not Wal-Mart's maximum.. it's copper ethernet's maximum. http://www.duxcw.com/faq/network/cablng.htm
...unless the employer agrees to implement them.
Right-to-work laws make it illegal for the employer to implement such a condition, no matter what the union wants.