Walmart Stored Value Cards Compromised

morcheeba writes "It appears that Walmart's pre-paid gift cards have been hacked. Customers are buying cards and finding that criminals have already emptied them of value. It seems someone has access to Walmart's database and/or registration data, and can create clones of recently activated cards. (via engadget)"

What't the penalty for this?

[LeahofRivendell]

That is, in the ideal world where criminals could in no way pay off the court system with tons of stolen money

Re:What't the penalty for this?

[gl4ss]

* It's probably not illegal. If walmart wants to sell snapple bottlecaps for $20 and accept them in their store to buy $20, it's not anyone's problem if their scheme doesn't work as intended.*

where do you live, in a fairytale world where comic book legal logic prevails? of course it's illegal, probably goes under fraud too and depending on how it was done maybe some misuse of power or illegal telecommunications interception.

or perhaps you say that stolen calling cards are legal to use as well and that it's legal to use credit card numbers you found from google? and that shoplifting is legal if you just manage to get out of the store? and that hacking into a bank is legal since they put their computer on the internet and you only used public protocols? sorry but that kind of logic only gets you in jail where you'd belong if you did those things.

Re:What't the penalty for this?

[abb3w]

It's probably not illegal.

Um.... such Gift Cards appears to be a form of Debit card (and in some cases are exactly that), and would to my casual glance be prosecutable as fraud, and investigated by the Secret Service.

Re:What't the penalty for this?

[wcdw]

Stored value cards are _NOT_ the same as debit cards, in many important respects. For one, the customer CANNOT get cash from the card.

Stored value cards are classed exactly the same as paper gift certificates, as that is what they are. (They are also subject to escheet laws in most states.)

I was part of a small team which created the first such card - Blockbusters - and am still amazed at how fast they've proliferated.

http://www.theboyz.biz/ - Your source for computers, parts and more!

Re:What't the penalty for this?

[abb3w]

Stored value cards are classed exactly the same as paper gift certificates, as that is what they are.

Possibly; however, did you read 18 USC 47 sec 1029? In particular, Subsection e.1:

the term ''access device'' means any card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds (other than a transfer originated solely by paper instrument) [Empasis added]

Paper gift certificates, if accessable digitally by an account number, would also seem to be covered here, as well as gift cards.

Of course, you may be right about the legal distinctions between a true stored value card and a debit card; I believe laws on refund of any remaining balance is regulated by the individual states, and rules do vary.

I think it's an inside job

[plover]

This has to be someone hacking from the inside of Walm*rt. Maybe not an employee, but it sure looks like someone is inside their network.

First, look at how gift cards work. Many retailers use the model where their gift card records in their database created upon activation. This means they don't even ask the manufacturers for a list of "cards printed"; they simply direct the manufacturer to produce "a million cards in this number sequence, label them $20," that sort of thing. The value is added when the record is created at issuance. I'm assuming Walm*rt is operating in a similar fashion.

It's theoretically safe, because a shoplifted card isn't redeemable. The cards never actually "store" their value, all the value is located only in the database (more correctly, the value is in the ability to redeem from the database.)

So, if someone is redeeming the cards in a distant state just hours after issuance, they're doing it by sniffing the data real-time, somewhere on the inside of Walm*rt's systems. The article implies that the thief knows when the card is issued, and cashes it in within hours. Cashing the cards in distant states implies network access to at least run the scam (although that may be an email to a conspirator.) The fact that the victims were located in different states implies the perpetrators either have central access to the database involved, or have access to the POS systems that are selling and activating the cards.

The points of access are numerous. This could be happening in the POS registers, the store POS servers, the networking gear, the central authorizing servers, the central sales logging servers, or the database. It could be someone in their security group looking at electronic journals on-line. It could be a hacker in the parking lot with 802.11 gear telnetting to any of the above equipment, emailing card info to his buddies. The redemption is probably being done via "forged" cards, which might be as simple as printing a barcode on a sticker, covering the existing barcode, and then keeping the cards after redeeming them to hide the evidence. A smart thief would redeem $149 on a $150 card to keep the card with the $1 balance on it in his pocket.

That's a lot of ground to cover for their investigators. Given their M.O. I can think of a few traps they can set to catch these guys, but they're probably going to take time to implement. And with the high probability of an inside job, who do you trust in their systems end to help you catch the bad guys?

Re:I think it's an inside job

[gl4ss]

I agree(probably someon on the inside).. no other way for it to be several times at the same store otherwise..

Re:I think it's an inside job

[Quarters]

First, look at how gift cards work. Many retailers use the model where their gift card records in their database created upon activation. This means they don't even ask the manufacturers for a list of "cards printed"; they simply direct the manufacturer to produce "a million cards in this number sequence, label them $20," that sort of thing. The value is added when the record is created at issuance. I'm assuming Walm*rt is operating in a similar fashion.

More and more stores are selling cards with no value displayed on them. When you buy one it is blank and the person at the register adds both activation information and the value at the time the card is purchased. The cards on the racks are essentially blank.

Re:I think it's an inside job

[nacturation]

More and more stores are selling cards with no value displayed on them. When you buy one it is blank and the person at the register adds both activation information and the value at the time the card is purchased.

A key example of this is how the Starbucks cards work. You can choose to put $10 on it, or $100, or $8.13 or whatever. It runs down, you just add more funds to it much like a debit card.

Re:I think it's an inside job

[dagoalieman]

I wonder why they can't follow the money... they run these things like credit cards, I would assume there's a log somewhere of the transactions.

Is there a geographical correspondence to where these cards are emptied? Or online?? Get an ip address, subpoena- this sorta stuff isn't taken lightly by the feds anymore.

Or better yet.. can they spot the activation locations.. do THOSE have a correspondence?

It seems to me this case would be simple to solve with some minor investigation of the data. And logs (which can be enabled if they aren't already.)

The only odd thing here is the case went public. Usually you keep these silent until you have a firm suspect. They're easier to catch if they keep at the same routine, instead of getting scared off to not return for a while. I'm guessing they pretty much already have this guy in hand...

Re:I think it's an inside job

[danharan]

At the very least, any time someone redeems a card within hours of purchase and at a distance that is farther than you would expect someone to be able to travel - there should be an alarm set off.

Re:I think it's an inside job

I know a little bit about Wal-Mart's Networking layout.

Your typical store has at least 6 sets of switches: UPC office (where the servers are kept), GM (general Merchandise), GRC (Grocery), Garden Center, PICS (In the electronics Department, and Receiving. These switches are laid out into at least 3 vlans: POS, Non POS, and Wireless. By Default, the POS vlans are set to ports 1-12 on the switch. The switches are connected by a fiber backbone that usually involves two separate physical routes...so if one is cut, the other will be able to pick up the load. They're concnentrated to some cisco routers, and it'll go out either a 56K modem line or a T1 line, using a Hughes Sattelite link as a backup.

You've got your usual mixture of IBM Cash register controllers (CC and DD), what they call their "SMART" system (I think it's running a flavor of AIX), BOSS (Best Optical Selling System), MMS (Multi-Media Server, runs the Wal-mart TV Network), and a few others.

It's trivial to get into a UPC office to gain access to these things. Most stores don't check ID's, let alone work orders. Default passwords are commonplace ("ma5t3r", "9052/9052" and the like), and it's very easy to get an employee to Log in for you if needed. WalMart keeps printed logs of just about every transaction that is created, as well as in electronic form.

If it were an inside job (which I doubt knowing the intellect of most Wal-Mart Workers. Do you want to be the squiggly?), all someone would have to do is gain access to the UPC office, bring yer good ole' hub, a WAP, and volia....no one would ever notice (usually because there are boxes stacked in the UPC offices, and well, no one really has a clue to what really needs to be in there, anyway).

(Posted AC to protect my job)

Re:I think it's an inside job

[maeka]

Redeeming all but a few dollars on a card is a good idea I hadn't thought about but (if Wal Mart is smart) it isn't going to be enough to save the theives' asses.

IANAWME but I do know that the cleaner American big-box discount retailer (think red) video captures every credit card transaction and I don't think it's going very far out on a limb to assume they do the same with gift cards. If Wally World does the same it will be only a matter of days before the crooks are caught...unless they are running this like the old cloned-cellphone game where the crooks sell the cloned goods, but don't actually use them personally.

Re:I think it's an inside job

[plover]

I'm pretty sure the case wasn't publicised by Walm*rt. I can't think of a single benefit they'd get by announcing to the world "our gift card customers are getting screwed." This was made public by an annoyed customer who went to her local TV station, and the reporter did a bit more digging (just like they're supposed to!)

Re:I think it's an inside job

[SealBeater]

Replying to the post about how Wal-Mart gift cards work, I've noticed this
cards before. (This is all speculation, I read the article) One possiblity
is that, the person doing this, for instance, has a bar code printer (if
their smart). If they are stupid, they have an in on the database, and are
transferring the credit to their card, then using it. Easy to track even if
Wal-Mart isn't logging transactions, and even tho I agree that their probably
stupid, big companies are usually smart to pay lots of money for security
(expensive != good, of course). So, they print out a card, (or a sticker for a
card) go to a store, buy it up. Looks like they are sticking to a store in
Cali, so unless they are reading slashdot, they are screwed if they go there
too often, unless they have a crew (have a girl, makes guys stupid) and even
then, they are screwed, it'll just take longer.

As for the sniffing idea, well shit, every Wal-Mart I've seen has at least 4
WAPs with antenees. Good ones too, Cisco 1500s which pump out a lot more power
than linksys (at least the default ones). I can't imagine that the registers
(which have to send info over the wire somewhere) send them encrypted or
anything like that. Personally, I'm surprised that we are just now hearing
about it.

Oh, and don't be surprised if this going at any number of stores. I see WAPs
everywhere. Brave New World.

SealBeater

Re:I think it's an inside job

[idiot900]

If it were an inside job (which I doubt knowing the intellect of most Wal-Mart Workers. Do you want to be the squiggly?)

It's easy enough, then, to be a networking pro and get a job as a Walmart drone by just not putting your qualifications on the application? If one's new coworkers are then as stupid as you imply, running an inside job such as this doesn't sound too difficult.

Re:I think it's an inside job

[hendridm]

Not only that, but if you've ever looked up at a Walmart, you'll notice they have about a 1:1 ratio of black bubbles to checkout lanes. I'd dare to say every square inch of the store is under surveillance. The database should give them a time the card was used and at which register. They'd just need to find a camera that was pointing in that vicinity.

Re:I think it's an inside job

[s7uar7]

I think we have a suspect. Mr Coward, would you mind stepping this way please.

Re:I think it's an inside job

As you can plainly see from the IP records, that was obviously not my post. It was made only minutes from the last Anonymous Coward posting, but was from several states away.

Investigators are looking into the matter.

Re:I think it's an inside job

[jkeyes]

that wouldn't work because the card serial numbers have the golden stuff you have to scratch off with your finger nail.

Re:I think it's an inside job

[CodeMaster]

Don't overrule smart "consumers". As you pointed out they simply direct the manufacturer to produce a million cards in this number sequence The numbers ARE sequential (to some degree - they do need to pass some mod10 check or alike - not too different than credit cards), which means - you only ned one card number, and then a way to check the status of other numbers (available online). To redeem at store - get hold of a mag stripe writer and just use the same card (nicely branded) with your new numbers.

Also - many retailers have the cards just lying around the store - flip them over and if you are lucky (B&N, Borders, CVS, etc...) the card number is just there. Write it down, and wait for someone to activate it (buy it). the rest is up to you.

Again - all you have to do is be an observant shoper - what do the cards look like, are they sequential, is the card numbered covered with a scratch-off (better security), etc... Because most of these gift cards ride on the Visa/MC/AMEX networks, they have to conform to these rules, thus have easily guessable numbers, stupid PIN numbers etc...

Just my $0.02

get a free ipod! This really works... Only one GMAil invite left!...

Re:I think it's an inside job

[Cereal+Box]

Can you explain the "Walm*rt" thing? Are you one of those people that believes that Wal-Mart is the most evil corporation to ever exist and therefore think its name should be treated like a bad word?

Re:I think it's an inside job

[gasgesgos]

I'd dare to say every square inch of the store is under surveillance.
I'd say about 100 square feet of the store is under surveillance...

You see 20 registers and 20 black bubbles...
2 of those have cameras...
1 might be recorded...
there's probably someone watching them only on a very high volume weekend.


I worked in a wal-mart for a number of years, the bubbles are to scare people, like the "security tag detectors" on the doors...

Re:I think it's an inside job

[fredklein]

Not all retailers hide their card numbers. Besides, it just takes a few people not noticing the number is already 'scratched' for this to work.

Re:I think it's an inside job

[AsnFkr]

I know how this is being done, our local Walmart has a big problem with this over the last holiday, and after some investigation they figured out how it was being done. Here's the know-how:

Quick background:
-None of the "amount data" is stored on the gift card. It's all server side, interfaced by the cash registers when swiped. All the card has is a unique ID number to identify itself to the register when swiped.

-The cards used have credit card type stripes on the back, easily readable by *many* cheap swipe readers. http://www.barcodediscount.com/cats/credit-card-re aders/ You can also by rather cheap swipe formatters/programmers with a quick google.

-The cards are also sold on shells that anyone can get to, and they are on cardboard backing packaging where is it *very* easy to just bend the package and have full access to swiping the card.

The procedure:
-First the criminal buys a bunch of cards for the lowest possible amount. I think this is $5. They now have valid cards.

-Next the criminal takes a small Credit Card swiper into the store, grabs a hand full of the cards and swipes a ton of them..stores the card info into memory on the device or a small laptop/pda in their pocket or purse. then they place the card back on the shelf and go home.

-They go home and use the numbers they have taken from cards at the store and program them over the valid $5 card they had bought.

-A few days later, under the assumption that the cards they had copied have been legitimately sold and not yet used they go into the store with their copies and use them. All it takes to verify the card is working is to find a stupid wal-mart drone and ask them to scan it and tell you the worth of the card. As far as the cash register system is concerned the card is valid because it has a valid ID number. If it comes back with more than $5 on the card available for spending, they criminal wins. Spend the card and go on their way.

-Now when the actual owner of the card comes in it will appear to have been spent, as its ID number is the same as the one used by the criminal has been used, even though the card technically has not.

Its rather ingenious actually, and works best at Xmas. You scan cards the 15-23 assuming they will be activated and you will have a few days until they are spent (at least until the 25th) as they are popular Xmas gifts. It's also hard but not impossible to track the criminal, as you have to find the time of the transaction and dig up video of the transaction taking place...and most walmarts have rather shotty video quality at the registers, but the chance of getting caught in the act are slim and none. But if you do it, don't be surprised if cops show up at your door a week later. Snoogins.

Re:I think it's an inside job

Assuming the cards at WalMart work like the ones at target, the balance can't be transfered. The only operations appear to be adding money to a particular card(associating the dollar value with the barcode on the back of the card) and spending the value on merchandice.

Are you sure that the WAPs are for the registers? At Target the registers are on twisted pair wire. It's probably ethernet, but IBM could still be using token ring. They may use the WAPs for the portable inventory control terminals. I don't think that the ones we had at Target were 802.11, but it might have been faster if they were. The Portable Data Terminals we used had no access to the gift card system, but since they just ran a telnet session to the store computer it might not be the same at WalMart.

The fact that they haven't found the person suggests that the gift cards look just like the real thing. The ones at Target have a fancy color picture on the front and have the number stamped onto the back in black ink. Melting off the old printing and printing a new barcode would be much easier than getting access to the central database .

Re:I think it's an inside job

[idiot900]

But why would you?

For the intellectual challenge.

Re:I think it's an inside job

[MindStalker]

Wal-marts gift-cards cards work like debit cards, with magnetic strips you swipe at the credit card machine. It then subtracts the balance from the amount stored in "account", you can readd money into this card at any point and use it over and over again. Several walmarts have associated gas stations where you can use this card at the pump and get a discount also.

Re:I think it's an inside job

[gcaseye6677]

In most stores, it seems like the employees completely ignore the alarm when someone sets it off. The most I've ever seen them do is waive somebody through when they see that the person has a bag of merchandise in hand and has just left the register. Having worked in a $7 an hour sales job, I know what I would do if I suspected someone shoplifting - absolutely nothing. $7 an hour is not enough to risk a potentially dangerous confrontation. The main reason for sensors is to make people think they'll get caught shoplifting and to make management feel like they are doing something to prevent theft (maybe the store's insurance requires them). I'm sure they don't even begin to deter the serious professional thief.

Re:I think it's an inside job

[Nogami_Saeko]

Then you buy one coffee with it, and it's empty again :)

The greatest thing (for the company) about those Starbucks "debit-style" cards is that people who are putting their money in them by charging them up, are effectively combining their money and giving Starbucks a big cash loan that Starbucks can keep in the bank and make interest from until you use eventually use them. So they get your money AND all of the interest made from your money. Keep the cash in your own account and keep your interest as well.

Great business technique.

N.

Re:I think it's an inside job

[asdfghjklqwertyuiop]

Your typical store has at least 6 sets of switches: UPC office (where the servers are kept), GM (general Merchandise), GRC (Grocery), Garden Center, PICS (In the electronics Department, and Receiving. These switches are laid out into at least 3 vlans: POS, Non POS, and Wireless. By Default, the POS vlans are set to ports 1-12 on the switch. The switches are connected by a fiber backbone that usually involves two separate physical routes...so if one is cut, the other will be able to pick up the load. They're concnentrated to some cisco routers, and it'll go out either a 56K modem line or a T1 line, using a Hughes Sattelite link as a backup.

So these 6 sets of switches are located in various places in the store? And there's a fiber backbone linking them all togheher?

Re:I think it's an inside job

[DAldredge]

Those WAPs are for the handheld terminals that the CSM's (Customer Service Managers use) and some of the Automotive depts also use the same wireless network for their workorder entry.

Re:I think it's an inside job

[Gonarat]

You don't need access to WAP, or even the central database to pull this off. Most retailers have their cards in an assigned BIN range, which is a range of 16 or 19 digit (can be other lengths, but 16 or 19 is typical). If you can figure out what the range is (easy -- just buy one or more cards), get a card number generator program, use the 800 AVR (Automated Voice Response) number, and keep trying until you hit a card number with value. Fix up your card, and you're in business.

These guys may get away with this for awhile, but most Retailers get fraud reports which they can use to analyse this kind of thing. Once they figure out the pattern, they can wait for the criminal(s) to make a mistake.

It is not easy to prove fraud since gift cards are not linked to a customer, so they must catch the criminal with an altered card, or prove there is no way that a card bought at store A could be used at store B in a given time frame.

Re:I think it's an inside job

[DavidTC]

Yes, the grandparent is a fool. I worked at Wallyworld, not in LP, but I knew someone who did. He said, basically, that other employees don't have any idea what's going on there. The management deliberately doesn't tell them anything, so basically everything's a rumor. I suspect that the management figured out that employees are probably more likely to steal from the store, and also realized they didn't want to be told this. But, hey, like I said, I don't know anything...I'm just one of the few people who worked there who realized I don't know anything.

Of course, I was a cashier, so the only thing I was even vaguely expected to do toward loss prevention was to open up coolers and tackleboxes. People who shoplift normally don't even go though the checkout. And the only things I could steal were pens and tictacs. (Well, obviously, I could have stuck a few hundred dollars in my pocket and sprinted out of the store. But not undetected.)

However, I simply can't go with the idea that all cameras are recording. There's no reason they wouldn't have told us that, and what we were supposed to do about shoplifters are predicated on altering management without letting them out of our sight, and we were told that basically nothing would be done if we did let them out of our sight.

In other words, if you shoplift in Walmart, wander quickly around the store immediately afterwards, and you'll probably get away with it. They don't want people pretending to shoplift and then sticking things back on shelves when no one's looking. Which makes no sense at all if the cameras are always rolling and have complete coverage...they could just check the tape before stopping someone. (Or, at least, before searching them.)

Like you said, we weren't told jack about how actual LP works...but I don't understand what they would have to gain by telling us that it's more important to watch the shoplifter than to alert someone, if in actuality they have tapes of everything.

That said, I couldn't care less. While I loathe Walmart, I don't plan to start shoplifting from there. I do laugh as I casually get 20 dollars cash back on a 59 cent purchase, though, secure in knowing that my bank charged them 2 dollars for that.

And if they ever talk about a schedule power outage...that's a bomb threat. Just in case anyone cares and actually wants to get out of the store.

Re:I think it's an inside job

[plover]

It's all about networking capability and cost.

Remeber that 100 base TX over cat 5 ethernet is rated only for a max of 150 meters per segment. If you've got to run further than that (and going up into ceilings, around ducts, etc., makes for a long run quickly) you need some kind of hardware to act as a repeater, be it a router, switch, hub, or booster. Those cost big money, since not only do you have to buy them, you have to install them, you have to power them from their own electrical outlet which also costs lots of money to install. You also have to pay to maintain them with service contracts, monitoring software, payroll costs, etc., which means that even a simple repeater ends up costing roughly the same as a full blown 24-port switch, while giving you only 1/24th the value.

The cheapest solution is to put a router and fiber switch at your building's service entrance. Run the fiber to a closet in each corner of the building, and in each closet put a switch. Then you can run the final wires from the closets to your devices over cat 5.

This eliminates "random repeaters" hanging unmaintainably in the ceilings. Fiber is high capacity, and unaffected by EM interference generated by other devices in the building, such as HVAC systems or lighting ballasts, and is well suited to the long portions of the runs.

10 years ago, if you were in a Walm*rt or other big retailer, chances are the wiring was completely different. IBM POS systems at the time used a "store loop" system, running over shielded two-twisted-pairs. Those runs were rated for 2000 feet, but I know of some installations that pushed them as high as 4000 feet. While it was a loop topology designed to run from register to register, for maintenance reasons many retailers found it simpler to run individual lines from a central switch panel (typically an Autoshunt device.) With 2000 foot cable lengths, this is possible, where the 300-375 foot cat 5 is not. NCR used a "Starlan" network topology, again all wires were brought back to a central closet. And Siemens Nixdorf ran yet another proprietary serial network in a hub-and-spoke topology through boxes called "star boxes".

It wasn't until the adoption of ordinary PCs as cash registers that ethernet caught on in the retail world. And since ethernet cards were way cheaper than token ring cards (no IBM tax) and far, far cheaper than store loop cards (for the proprietary register networking), ethernet was adopted on price alone even though other networking alternatives had their attractions.

While it may seem more complicated today, you should have tried to troubleshoot problems with any of those other "networking" technologies. The IBMs, in particular, acted a lot like a really slow token ring loop, and could talk only in one direction. Confuse just one computer, and the whole loop failed. Break two computers, and now none of the computers can even tell you where the break occurred anymore. Also, you have to train technicians on all the magic diagnostic commands, the electrians on the funny wiring requirements, and you have to have special software running on special hardware with a special OS; whereas ethernet is just ethernet. And everybody knows ethernet, which means service contracts and support staff just got way cheaper, too.

A little late?

[darkmeridian]

The date of the article was June 10, 2004. Maybe this was in another time zone or something so it was more recent than I thought?

Re:A little late?

[NeuroManson]

That's nothing, I submitted a story back in November, only to find it posted 9 months later, and under a different name altogether.

Re:Owned!

[ArchAngel21x]

So now Wal-mart customer are stupid? You arrogance must know no limits.

Bad Publicity

[MikeMacK]

"Well initially he told me that he really couldn't do anything for me," Tami Kegley says of the Wal-Mart employee she dealt with. "He said it was a corporate issue." But Tami persisted, and got finally got the $150.00. Carol also got her money back.

Wal-Mart does not need anymore bad publicity, this should be a non-issue, if people got cheated, they need to provide recompense. It's not like they can't afford it.

Re:Bad Publicity

[Edmund+Blackadder]

But I hate it that they always initially refuse these things. It's like you have to make a big deal out of it in order to get your money back. Or, in other words, the store takes advantage of people that are too polite too nice and/or too busy to make a scene.

Cool but....

[dirkdidit]

What kind of geek buys their computer gear at Wal-Mart? I mean come on, even Best Buy would have been a step up. I bet he'd even opt for the Extended Service Plan. Either way, the culprit will be set for life when it comes to toilet paper and snacks.

Re:Cool but....

[nizo]

the culprit will be set for life when it comes to toilet paper and snacks.

Ummm, considering the number of cameras in every Walmart I have ever seen, it will only be a matter of time before whoever is doing this gets caught. I would bet money that sooner or later Walmart will start sending fake cards through the system (with high dollar amounts) to catch these kinds of people too.

Re:Cool but....

[MikeMacK]

As I understood, Walmart.com was one of the first major sites to sell Linux pre-installed on cheap computers. Whatever you feel about Wal-mart, that is a cool thing, in my opinion.

Old adage..

[Ikn]

Something like "idle hands are a devil's playground"? Well, bored geek employed at Walmart = ..well, this.

Re:Old adage..

[Xabraxas]

Union busting? Unions are terrible, and a waste of time. I worked in a union-backed retail store, and the only thing I found the union did was take my money from my paycheck every week. I tried using it, and the union was, and continues to be, worthless. I applaud Wal*Mart for being union-free.

People have the right to form a union if they want to. If you don't like unions then don't join them. It's not anyone else's problem. Despite complaints from people about unions (including my own personal experience) their presence is better than their abscense. We've already seen what happens when we don't have the right to form unions.

How can you be "anti-competitive"? I don't know what you mean, mind explaining?

Do you know anything about predatory pricing, discriminatory pricing, and display fees? I didn't think so or you wouldn't be posting.

I have no experiences with the discriminatory behavior, so I can't really comment much on your final statement. In my area, there are more women working in Wal*Mart than there are men, so I don't know how true your statement is in terms of the entire company. Your area may have problems, but I would link that more to the poor managerial staff, and not Wal*Mart in general. But as I said, I don't have experience with that, so I can't comment much.

First of all, the CEO must ultimately take responsibility for the company. In fact CEO's have been arrested for offenses committed by their managers or even salespeople usually as a result of healthcode violations. Walmart also has a responsibility as a company to provide for a fair and non-discriminatory work environment and they haven't done that. Maybe you missed the news when Walmart had a class action lawsuit against them for disciminatory behaviour, concerning the lack of women who received promotions. Next time you are in a Walmart take a look at what positions the women usually hold as compared to the men.

Re:Old adage..

[RollingThunder]

People have the right to form a union if they want to. If you don't like unions then don't join them. It's not anyone else's problem.

That's amusing.

Don't join. Heh.

A company up here in Canada was bought up by a major telco. The union employees in the major telco forced a vote on the employees of the smaller company, making it mandatory for the smaller company's employees to join the union if they wanted to keep their jobs.

Yeah, they had a choice, all right.

Re:Owned!

[Hitmen]

You were supposed to add an S at the end, not move the one already in the word.

reimbursement

[X_Caffeine]

at least Walmart can afford to reimburse those customers. After all, they skim a buck from every card every month they remain unused. (If you've got an unused Walmart card from last Christmas, it's lost $9 of its value.)

Re:reimbursement

[emcron]

Actually, in Washington State it is now illegal for companies to skim ANYTHING off of a gift card for any reason, and the balance can NEVER expire.

Re:reimbursement

[Beowulfto]

That is untrue. They only start to deduct a buck a month after 24 months of non-activity. So you still have 15 months yet until you start to lose your Christmas gift.

I think this has been going on for a while...

I remember reading a while back that one of the major retailers, possibly walmart had gift cards with sequential serial numbers, stored on the magstripe in plaintext, so anyone with a card reader/writer can easily change the id stored on the gift card.

Theres an 800 number you can call to find out the card's balance, so it just takes a little time and guesswork to find a card number with a balance on it.

Why steal when you can make?

[usefool]

If someone has access to Walmart's database and/or registration data, why can't this someone just get a pre-paid card, and change its value according with all matching/tracking records in the database?

In this case, no other customer is going to report missing money, and this someone can quietly purchase and "top up" the card regularly until maybe the auditing season.

Re:Why steal when you can make?

[Tony+Hoyle]

Plug a wireless AP into their network and sit outside in the car sniffing packets... easy enough.

You'd probably get a few of their passwords that way too.

Re:Why steal when you can make?

[SealBeater]

If someone has access to Walmart's database and/or registration
data, why can't this someone just get a pre-paid card, and change its value
with all matching/tracking records in the database?

There might be a system of checks and balances, like the card not being
activated unless/until the til is checked at the end of the day, to prevent the
employees simply issuing themselves cards. It might even check against a different
database..other than the above pure speculation, I agree.

SealBeater

Re:in case it gets slashdotted

[cammoblammo]

Man, I thought I was doing well without having to RTFA, but you made me read it anyway.

The injustice is that you now get *good* karma!

Or system error...

[plover]

Yeah, I know replying to yourself is bad karma, but I just thought of another possibility: system error.

Walm*rt may have an error in their central authorizing servers that's "confusing" redemption replies. Imagine a server that accepts requests from tens of thousands of different registers (probably a mainframe.) All those responses have to go back to the place they came from. What if a response was corrupted and an approval went back to a wrong register?

Or what if a request was corrupted? What if some stack corruption in their register changed a 12345 into a 22345, and they just happened to match a card issued elsewhere?

Or, what if the manufacturers screwed up and printed duplicate serial numbers on the backs of a batch of cards? Jane Doe goes to buy a card, but that serial number was already purchased by John Smith in a different state. If Jane's purchase request was made "offline", the card would be given to her immediately, but the card activation would have to be made after she left. Now, if Jane redeems her card, she uses John's value. Walm*rt would have no way to go back to Jane to say "Sorry, we gave you a bad card."

For these scenarios to work with a card being cashed within hours of being issued seems highly unlikely until you remember one thing: Walm*rt operates over 8000 stores, with probably over 200,000 POS registers, each of which is cranking through perhaps two or three hundred transactions a day. When you start factoring in just how many transactions might be corrupted, having a couple of "unlikely" coincidences seems more like a statistical certainty than a random chance.

Re:Or system error...

[Colol]

The number printed on the card is really irrelevant -- they're read by the mag stripe reader at the POS, both for activation and debit (just clarifying; not discounting your idea). This actually makes production flaws all the more interesting to me. What if the machinery kept printing the right numbers, but every card produced was given the same serial in the stripe?

Walmart's cards are "rechargeable" after all (and anyone can add funds to any card), so the POS system might not find anything wrong with 100 people crediting $20 to card 412345678.

Heck, you could walk out with some gift cards that hadn't been activated yet, reprogram/restripe them to match your card, and stick them back on the shelf. As long as you knew when the balance was increased, you'd have a veritable cornucopia of digital cashflow. Granted, you're limited to spending it at Walmart or Sam's Club, but it's there.

snort

[zogger]

walmart slave labor in china, 13-16 hour days at 13 cents an hour, 7 days a week, 20 hour shifts during rush season like for christmas shopping. That's all -american walmart for ya. And they claim US workers need to be more productive and to compete globally with that. How? Magic fairy dust?

And they can't even keep their cards secure. What a joke.

Walmart single handedly has shutdown thousands of small town down town areas all over the nation. That's the new culture, a big square ugly box of a building, they all look the same, all got the same cheapest crap imaginable for sale. Largest corp in the world, bigger even then the energy companies. They come into a town, and do what is in essence "dumping" for a few years, incredibly cheap prices, until all the local competition is hosed, then they run the prices back up. Shop elsewhere-sure, go over to the next county, the same walmart.

I'm surprised walmart and microsoft haven't merged yet, exact same business philosphy.

Re:snort

[Edmund+Blackadder]

they probably had their code written by a poor teenage girl in honduras who was getting whipped by a mean guard while she was trying to compile. I can just imagine it:

"more linking errors??? You are going to get it now BITCH!!!!" *whip* *whip*

It seems.

[ftgow]

The cracker must be low on paper towels and socks.

Re:in case it gets slashdotted

[Tony+Hoyle]

law enforcement at the highest levels possible, to rectumfy the problem

Looks like the cuplrit is going to really get it in the ass...

Re:in case it gets slashdotted

[Cerebris]

From the parent: A corporate spokesman says the company, " is working with law enforcement at the highest levels possible, to RECTUMFY the problem and catch the people responsible." (all caps mine)

I wonder just what rectumfying is. Maybe it's like "radidzomai" in Greek (to be buggered by a raddish), or the Tossed Salad Man. I'll bet rectumfying would deter anyone else from hacking gift cards!

-Colin

Re:Owned!

[cmacb]

There are two Walmarts "near" me. One is 20 miles to the north, the other is 15 miles to the south. They are the two closest "department" store operations near me, although I can drive 30 miles or so east to a Sears. I can't see how either of the Walmarts have put anyone out of business. There were no department stores here before Walmart, now, there are still none, but the Walmarts are at least within a days drive. Walmart does not have a very large selection in some areas, particularly computers. What they do have represents good "value", with no-names at the low end and HP and Compaqs at the "high" end. For online 3D game-play you probably need something a bit better than you are going to find at Walmart (in the stores at least, their mail-order selection is better). For what I do with a computer most of the time (web, email, photo and music collection, etc. these mid-range computers (some of which are available without the Microsoft tax) are more than adequate. For me and other people in my situation you are not going to get us to feel guilty for going to Walmart, so you might as well stop trying. You shop wherever you want to, and I'll do the same.

Lots of bubbles, not many cameras

[slk]

While this is from approximately third-hand sources, wal-mart type stores have lots of those glass bubbles that look like they should contain a camera.

However, in most cases, only a few actually contain cameras. They might move the cameras around, but remember, wally-world labor is cheap, glass bubbles are cheap, and cameras are expensive.

They do have logs.

[nietzsche_freak]

They do log when and where the cards are activated and emptied. From TFA:

Carol's shopping card was purchased in Olympia, and days later, cashed out by a stranger at the Wal-Mart in Chehalis even though Carol still had the card.

"Here's my receipt," Carol points to the shopping card notation at the bottom which reads: "Shop card reception 0.00"

In Tami's case, her receipt shows the $150.00 card was activated at 11:32 in the morning, then cashed out three hours later in a another state!

My guess is they'll nail the ones responsible in short order, seeing as how they know dates, times, and locations, and no doubt have decent electronic surveillance inside their stores as well (for all those pesky shoplifters ).

Re:They do have logs.

[CaptBubba]

The cameras are not aimed at the customers, they are aimed at the cashiers. My mother had her mastercard stolen and they pulled the camera records when it was used, and while you could clearly see the cash register and drawer, the thief's face was far enough outside of the camera's focus that he was unidentifiable.

Of course, if it was an inside job this could be useful.

Corporate Policy?

[Bowling+Moses]

Given how Walmart mistreats its employees (forced unpaid overtime, automatic firing for even *thinking* of getting unionized, illegal immigrant janitors making well below minimum wage and locked in the stores at night, etc.) and how Walmart systematically ruins local economies, and who knows what else, would it surprise anyone at all if some Walmart executive would have the system set up to wipe out gift cards X% of the time? In Walmart's case assuming a system compromised by petty theft is just unwarranted--systematic and corporate-sanctioned theft may be more appropriate.

Couldn't have happened to a nicer company

I laugh at those bastards, I hope whoever's doing this bleeds them dry.

--
The only thing worse than being held hostage by Muslims is being rescued by Russians.

Not to interrupt your OT Walmart rant...

[Chordonblue]

But, what's wrong with China changing it's laws to better support their own people? If you are seriously suggesting that we stop using Chinese products then you'd better look around. In electronics, there's hardly any other choice. Why do you single out Walmart for this? Open your eyes and look in ANY other retail store.

The US simply can't compete with cheap labor like this so... We use it if they want to supply it.

Perhaps it would be better for these people to slave and die in the fields instead of becoming industrialized, but I'm not sure. Every nation that has gone through this process started this way - out of necessity.

Don't weep too uncontrolably for China. At the rate they're going their economy will soon dwarf the US. Pray that their governmental system changes before them or perhaps YOU will be working for .50 cents an hour.

Here's the simple solution.

[macdaddy357]

Here's the simple solution. Ditch the high tech whizbang gift cards, and go back to good old-fashioned paper gift certificates. That would be simple and effective, so it will probably never happen.

Re:Here's the simple solution.

[silentbozo]

The problem with paper gift certs is that, like coupons, they can be counterfieited fairly easily. If you start tracking gift certs via a centralized database, then you essentially have the same system that they have in place for stored value cards. This is a big issue for larger retailers, because having a stored value card system that can be deployed over an existing card-processing infrastructure saves them money, and allows for faster reconciling of accounts. It also saves them from having to give out cash in change for the remainder of the balance on a paper gift certificate.

Wal-Mart expires these cards when?

[grolaw]

Where one of the cards was empty in three hours the problem is within the control of Wal Mart. If the matter is considered as a glitch in the system and the cards just expire too fast, well that is one thing...an error that Wal Mart should have caught.

If there is an insider trading information (that could NEVER happen, right?) then security is way off and Wal Mart still loses.

If the system is open to outsiders to hack and they have the ability to grab the latest cards purchased and burn data and make purchases within three hours then the system is way too open.

People who pull off these scams aren't interested in most goods - they want cash. I suppose that the easiest method is to buy a case or 10 of cigarettes or to try to return a high-dollar item. The former can be sold almost anywhere and the latter will give the thief cash, but only after a second pass at the Wal Mart chain. The latter is a high-risk approach and it isn't consistent with an ongoing breach...

If only a few stories are out about these cards, but the breach of the cash control system is so complete that the funds can be diverted within three hours, then the problem is far more common and serious than Wal Mart wants to disclose. The system must have been compromised so thoroughly that only a complete replacement would eliminate the problem. Wal Mart data mines (last I read, they had the largest database of consumer purchases on the planet) and these cards are clearly an integral part of their data capture system. The cost of "fixing" the system must be far greater than the losses thus far. Of course, that could be hundreds of millions of dollars....

Re:Wal-Mart expires these cards when?

[reverse+flow+reactor]

If you don't spend the full value of the card, the balance should still remain on the card.

If you return an item to the store, they don't typically return cash. I returned a ~ large item, and they would only give it back in terms of store credit - i.e. value stored with the card. They refused to return it as cash or a credit to the credit card used to purchase the item.

Just be careful that they do give it back to you. I had a cashier try and keep my card even though it had $45 value left on it. She tossed it in the garbage after the transaction. I made sure she fished it out and returned it to me.

I've seen more 'fishy' cash-register things at Wal-Mart than any other store. Things like the cost of a good mysteriously increasing in price up to 50% between the shelf and the cash register. And, according to those who this has happened to, is a regular occurance.

Maybe it is just the Wal-Mart near here, but I really can't trust them.

Re:Wal-Mart expires these cards when?

[stephanruby]

"Things like the cost of a good mysteriously increasing in price up to 50% between the shelf and the cash register. And, according to those who this has happened to, is a regular occurance. "

This happens at many stores. Usually, it's because some item is being marked down for the week, but the store is taking its sweet time updating its database.

In California, the law is very clear about this. The price at the shelf always trumps the price at the cash register. We even have inspectors who make sure this law is enforced.

It won't bankrupt WalMart

[erick99]

About 45 billion dollars a year are spent on gift cards. Five to 10% are never cashed in. So, we are talking about 1/2 billion dollars of "additional profit." I've gotta believe that WalMart sells a sh*tload of gift cards and even at at redemption rate of 95% is coming out ahead millions a year. So, while it's no fun to pay out on the stolen cards twice, there is ample money in the bucket from the never-to-be-redeemed to cover the losses.

Cheers,

Erick

Re:It won't bankrupt WalMart

[wcdw]

Unfortunately for WalMart, this is NOT true. Uncashed gift certificates are typicall subject to escheet laws -- meaning that if they haven't been used in some period of time (two years in some states), the money must be given _to the state_.

The only thing they have going for them is the interst they can raise on the uncashed cards. (Except in states not subject to escheet law.)

Re:It won't bankrupt WalMart

[Igmuth]

Which is why gift cards never last that long. After one year or so, they always charge you a "service fee" at some extremely high rate, so as to basically empty the account out before said turn over occurs. (Walmart may be different then basically every other company out there and not do this, but I highly doubt it. I don't know, not having dealt with their gift cards.)

Re:It won't bankrupt WalMart

[ElizaYikes]

I read recently that Amazon.com's gift certificates are issued out of a separate division, which operates out of Idaho becuase of that state's favorable lack of escheat laws. Of course, I can't find where this was discussed, but I found this page, which mentions the Idaho laws.

"Careful legal planning can potentially reduce the risk of gift certificates becoming abandoned property. Incorporating the issuer of the gift certificate in a state that exempts gift certificates from its escheat can reduce liability since the state of incorporation is often the relevant state or determining escheat liability...Under Idaho law, gift certificates with an expiration date prominently displayed on their face will not be deemed abandoned."

Amazon.com states here that "Amazon.com gift certificates are issued and sold by A2Z Gift Certificates, Inc., an Idaho corporation. The risk of loss and title for gift certificates pass to the purchaser upon our electronic transmission to the recipient or delivery to the carrier, whichever is applicable."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Interesting

[Pan+T.+Hose]

I find it very interesting that people are willing to buy those "value cards," compromised or otherwise. Similar cards were used in Soviet Russia, but no one seemed to like them, so one has to ask a question: what's wrong with money in the United States? Is it because people don't want to have cash so they are less attractive targets for criminals? After all, who would want to steal "value cards"? Well, obviously this is not the case, as the story shows. This is a very interesting issue, a one much more important than this incident alone. Why people don't want to pay with USD?

Re:Gift Vouchers are stupid.

[kalislashdot]

I would have to agree with Parent. I see absolutly no point in gift-cards. The retailers push them because they make money on them since they charge a monthly fee or the card goes unused. Then they say a gift card if different then a gift certificate so they can charge those fees. That is kinda like saying a mini-van is not a passenger car so it can pass bad crash tests.

I for one laugh!!! HAHAHA Gift cards are lame, anyone who buys them deserves this.

Re:transexual?

[UserGoogol]

Uh, yeah... that wasn't in the original article. Tami bought it for her church group, not for her transsexual group.

Didn't we see this story before?

[dougmc]

I could have sworn that I read a similar story somewhere a month or two ago ...

In that case, people were writing down the number of a card still on the shelf, or taking pictures of the bar code or something, and then noting what the sequence is (they are in order, after all) and then going home, and using the 1-800 number to see how much money was on the card to see when it was sold.

Once they found a number with money on it, they'd modify a card that they had (printing bar codes and reprogramming magnetic strips is easy) to have that number, and go and spend somebody else's money. Easy.

Seems easy enough to track, as 1-800 numbers include caller ID type info, so just see what number was called to check the balance of the card before it was depleted of funds, and if the same number shows up a few times, call the police ...

To make matters worse, the fine print basically said that this sort of loss was the customer's problem, not the retailer's. So the retailer was refusing to pay people for the lost money ...

In any event, giving a gift card sucks, even without this scam. It has *all* the tackiness of giving cash, but with the additional tackiness of telling you where you can spend this money. If you're going to buy me a present, buy me a present. If you want to give me cash, I certainly like cash. But don't spend cash on a gift card ... either use it to buy me something, or just give me the cash.

And if this does happen to you, scream bloody murder. Do not accept anything less than all the lost money, even if the fine print says that it's not their responsiblity. Call the local media if you have to. Make a scene in the store. Call the corporate office if you have to ... you'll probably eventually get your money.

Why? Why? WHY, I ASK?!

[HarveyBirdman]

If you are going to hack gift cards, why, for the love of baby Jesus, would you target Wal-Mart??? Now hack me up some Best Buy or Good Guys or Circuit City cards, and now we're talking.

Re:Owned!

[jschottm]

Not that this will change where you shop, but the argument against Walmart isn't just that they put destroy other businesses that sell things, but that its overall effect on the businesses that it buys from and the government.

Walmart is notorius for squeezing every last panny out of the companies they buy goods from. While in the strictest economic sense, this is a great idea for Walmart, it is decimating other companies that pay a living wage to their employees, fueling outsourcing and bankrupsy in this country. I live within a two hour drive of towns with 20+% unemployment because the textile industry has been destroyed by foreign imports. No matter how libertarian/randian you may be, that kind of situation is very dangerous, because large numbers of unemployed (and unemployable) people leads to high crime and even civil rebellion.

Walmart also shifts expenses to the taxpayers. See a biased source and a collection of less biases sources.

If I lived out in the middle of nowhere, I'd prolly shop at Walmart, just because it would be the only option. I'm lucky to have a decent amount of money and to be surrounded by choices, and deal with small retailers and restuarants as much as possible rather than feeding the large corporate machines. It's not just feeling smarmy and alternative, it's good economic sense to make sure that money is circulated into your local economy. Absolutely pure capitalism is great only for big businesses - it's horrible for the inviduals.

Gift Cards are Evil Genious

[SnprBoB86]

The guy who thought up gift cards/certificates was an evil genious. At what point does someone as a business person say "maybe people are willing to exchange their real money for store credit so that they have a non-cash gift to give?" I can't imagin thinking "I want my money to be acceptable at less places for the sake of forcing a friend or family member to buy something they don't want or need".

I'm a fan of capitalism, so I don't want them to ban gift cards, but I really hate them. Damn you, you evil genious!

Re:Gift Cards are Evil Genious

[DavidTC]

Yeah, limiting what people can do sometimes makes sense. For example, if I was constantly hassled by beggers, I might want to have some five dollar Burger King gift certificates or whatever in my wallet.

But a Walmart gift card makes no sense at all. Don't even try to tell me how it shows thought went into the gift...who, exactly, doesn't need something they could get from Walmart every week?

I mean, if someone rents a movie every week from Blockbuster, a Blockbuster gift certicate would show thought. But everyone buys Mountain Dew or cough medicine or a pillow or a tent or a gun or a ottoman or an 12-volt inverter or one of those balls that make the static lightning dance when you touch them or...

I mean, seriously, people. A Walmart gift card shows you put no thought into it at all, because everyone can use it. And if you're giving a gift that anyone could use, you might as well give cash.

the concept was already flawed

[frovingslosh]

It seems to me that anyone who would pay a certain amount of money for a gift card or gift certificate worth the same amount, and give a gift that can only be used at a certain place and might expire, in this way shows even less thought than giving money, and deserves this.

Re:the concept was already flawed

[gregm]

I disagree... I've gotten cards for bookstores and appreciate those more than the actual cash.. I can go to the book store and drop a wad without feeling guilty about spending that money on something like my electric bill. Give me $50 and I'll probably sue that money for groceries or utilities.

as a employee of the enemy...

[garfunkalow]

since i do work there, it is interesting how much information they divulge at meetings. I am also allowed into their server rooms, which i don't think i (or anyone without proper securtiy clearance) should be allowed in since there should be some physical security to the boxes. It humors me to see the servers. In a hot room with box fans on the servers to keep them from overheating. VERY INEFFICIENT. There is no A/C in the room where the servers are at my location and sometimes the store pretty much shuts down due to them overheating. Back to the subject, it does sound like an inside job. I don't know what the security is like at the home office (Bentonville , AR) but if it is anything like the store i work it, it is pathetic.

Re:OT: Walm*rt

[ryanjensen]

It's because they're confused -- "Walm*rt" is actually Wal*Mart. Don't blame them for not actually looking it up themselves, they're just sheep.

No way ... not an inside job

This is not an inside job - I've read about this before . Walk into a Walmart, get a stack of cards swipe them and record the numbers - the number to scratch is only needed if you want to call the 800 number to find out how much is left.

Put the cards back on the rack - they are the next ones that will be picked up. Remember these are purchased as gifts, they are not used right away.

Create new cards, go in the next day - "Hey freind gave this as a gift, can you tell me how much is on it ?".

No inside job, no hacking, no security leak - just exploiting a weak system.

Re:OT: Walm*rt

[Wansu]

Why do people refer to Walm*rt with a star in the name?

Well, they might be using the star as a sphinctor symbol. Yessir. Heck, we used to put 'em by people's names on memos to denote sphinctorhood.

Holy Holes-In-Your-Security, Batman!

[Thedalek]

It's trivial to get into a UPC office to gain access to these things. Most stores don't check ID's, let alone work orders. Default passwords are commonplace ("ma5t3r", "9052/9052" and the like), and it's very easy to get an employee to Log in for you if needed. WalMart keeps printed logs of just about every transaction that is created, as well as in electronic form.

Am I alone in noticing this as a nightmarishly insecure system? Consider this scenario: Hacker enters the UPC office, then alters the prices on a select number of high cost items to be something negligable, like $0.20 or some such. Hacker's partner buys the items on the list, winds up paying less than $5.00 for over $1,000 worth of merchandise, with everything looking fine from the POV of your non-tech-savvy register worker (or U-Scan system). Hacker gives his partner 4 minutes or so (since the prices only have to be right when they're getting scanned), then switches all the prices back and makes his escape.

That's just scary.

Re:OT: Walm*rt

[plover]

It's a deliberate typo on my part. I do it mostly because I work for a company that doesn't think highly of Walm*rt, nor do I. I know there's a star in the name somewhere, but I deliberately choose to replace the 'A' with the asterisk in the same manner that I might spell f*ck. I think of it in roughly the same manner that the military types deliberately mispronounce the names of their enemies. It's just a little slam against them. (I thought your regexp jokes were pretty funny, btw.)

That said, I feel really bad for them taking a hit from thieves. As much as I don't like W*llyWorld, I really, really don't like thieves; and nobody should ever have to put up with them. Very few things are sweeter than watching videotape of a scumbag thief get nailed because of a system I wrote or helped implement. I'd personally go a long way out of my way to help Walm*rt bust these assclowns. Funny how a shared enemy can get you to set aside your differences like that.

That doesn't surprise me.

[Ayanami+Rei]

Best Buy and Home Depot didn't even bother encrypting theirs some time ago. I imagine nowadays store managers aren't so technically inept to allow that to happen now, but then, we are talking about Walmart...

Re:Store is too big.

[hab136]

Wal-Mart's maximum allowed length for twisted-pair cable runs is 325 feet, following the ceiling beams (i.e. no going diagonally). Some switches are close enough, some aren't. All switches are connected via fiber at 100mbit (switches will possibly be upgrade to gigabit in the future), even the switches that are in the same room.

It's not Wal-Mart's maximum.. it's copper ethernet's maximum. http://www.duxcw.com/faq/network/cablng.htm