Walmart Stored Value Cards Compromised

morcheeba writes "It appears that Walmart's pre-paid gift cards have been hacked. Customers are buying cards and finding that criminals have already emptied them of value. It seems someone has access to Walmart's database and/or registration data, and can create clones of recently activated cards. (via engadget)"

Re:Owned!

[ArchAngel21x]

So now Wal-mart customer are stupid? You arrogance must know no limits.

Bad Publicity

[MikeMacK]

"Well initially he told me that he really couldn't do anything for me," Tami Kegley says of the Wal-Mart employee she dealt with. "He said it was a corporate issue." But Tami persisted, and got finally got the $150.00. Carol also got her money back.

Wal-Mart does not need anymore bad publicity, this should be a non-issue, if people got cheated, they need to provide recompense. It's not like they can't afford it.

Re:Cool but....

[nizo]

the culprit will be set for life when it comes to toilet paper and snacks.

Ummm, considering the number of cameras in every Walmart I have ever seen, it will only be a matter of time before whoever is doing this gets caught. I would bet money that sooner or later Walmart will start sending fake cards through the system (with high dollar amounts) to catch these kinds of people too.

Re:I think it's an inside job

[danharan]

At the very least, any time someone redeems a card within hours of purchase and at a distance that is farther than you would expect someone to be able to travel - there should be an alarm set off.

Re:Cool but....

[MikeMacK]

As I understood, Walmart.com was one of the first major sites to sell Linux pre-installed on cheap computers. Whatever you feel about Wal-mart, that is a cool thing, in my opinion.

snort

[zogger]

walmart slave labor in china, 13-16 hour days at 13 cents an hour, 7 days a week, 20 hour shifts during rush season like for christmas shopping. That's all -american walmart for ya. And they claim US workers need to be more productive and to compete globally with that. How? Magic fairy dust?

And they can't even keep their cards secure. What a joke.

Walmart single handedly has shutdown thousands of small town down town areas all over the nation. That's the new culture, a big square ugly box of a building, they all look the same, all got the same cheapest crap imaginable for sale. Largest corp in the world, bigger even then the energy companies. They come into a town, and do what is in essence "dumping" for a few years, incredibly cheap prices, until all the local competition is hosed, then they run the prices back up. Shop elsewhere-sure, go over to the next county, the same walmart.

I'm surprised walmart and microsoft haven't merged yet, exact same business philosphy.

Lots of bubbles, not many cameras

[slk]

While this is from approximately third-hand sources, wal-mart type stores have lots of those glass bubbles that look like they should contain a camera.

However, in most cases, only a few actually contain cameras. They might move the cameras around, but remember, wally-world labor is cheap, glass bubbles are cheap, and cameras are expensive.

Re:Why steal when you can make?

[Tony Hoyle]

Plug a wireless AP into their network and sit outside in the car sniffing packets... easy enough.

You'd probably get a few of their passwords that way too.

Here's the simple solution.

[macdaddy357]

Here's the simple solution. Ditch the high tech whizbang gift cards, and go back to good old-fashioned paper gift certificates. That would be simple and effective, so it will probably never happen.

Re:I think it's an inside job

[SealBeater]

Replying to the post about how Wal-Mart gift cards work, I've noticed this
cards before. (This is all speculation, I read the article) One possiblity
is that, the person doing this, for instance, has a bar code printer (if
their smart). If they are stupid, they have an in on the database, and are
transferring the credit to their card, then using it. Easy to track even if
Wal-Mart isn't logging transactions, and even tho I agree that their probably
stupid, big companies are usually smart to pay lots of money for security
(expensive != good, of course). So, they print out a card, (or a sticker for a
card) go to a store, buy it up. Looks like they are sticking to a store in
Cali, so unless they are reading slashdot, they are screwed if they go there
too often, unless they have a crew (have a girl, makes guys stupid) and even
then, they are screwed, it'll just take longer.

As for the sniffing idea, well shit, every Wal-Mart I've seen has at least 4
WAPs with antenees. Good ones too, Cisco 1500s which pump out a lot more power
than linksys (at least the default ones). I can't imagine that the registers
(which have to send info over the wire somewhere) send them encrypted or
anything like that. Personally, I'm surprised that we are just now hearing
about it.

Oh, and don't be surprised if this going at any number of stores. I see WAPs
everywhere. Brave New World.

SealBeater

Re:Here's the simple solution.

[silentbozo]

The problem with paper gift certs is that, like coupons, they can be counterfieited fairly easily. If you start tracking gift certs via a centralized database, then you essentially have the same system that they have in place for stored value cards. This is a big issue for larger retailers, because having a stored value card system that can be deployed over an existing card-processing infrastructure saves them money, and allows for faster reconciling of accounts. It also saves them from having to give out cash in change for the remainder of the balance on a paper gift certificate.

Re:I think it's an inside job

[idiot900]

If it were an inside job (which I doubt knowing the intellect of most Wal-Mart Workers. Do you want to be the squiggly?)

It's easy enough, then, to be a networking pro and get a job as a Walmart drone by just not putting your qualifications on the application? If one's new coworkers are then as stupid as you imply, running an inside job such as this doesn't sound too difficult.

actually it hasn't been hacked.

[Anonymous Coward]

anyone can do this. all you need to do is write down the gift card number on the back of the card and then put it back on the rack. then some unknowing sap comes along buys that gift card that you have the number to, and thats all, wala, free gift card. walmart has an online store also so its not like you need a physical giftcard. just the numbers will do. this is more like a case of a dude discovering he got scammed than the walmart db getting hacked.

Re:I think it's an inside job

[Cereal Box]

Can you explain the "Walm*rt" thing? Are you one of those people that believes that Wal-Mart is the most evil corporation to ever exist and therefore think its name should be treated like a bad word?

Interesting

[Pan T. Hose]

I find it very interesting that people are willing to buy those "value cards," compromised or otherwise. Similar cards were used in Soviet Russia, but no one seemed to like them, so one has to ask a question: what's wrong with money in the United States? Is it because people don't want to have cash so they are less attractive targets for criminals? After all, who would want to steal "value cards"? Well, obviously this is not the case, as the story shows. This is a very interesting issue, a one much more important than this incident alone. Why people don't want to pay with USD?

Re:Old adage..

[RollingThunder]

People have the right to form a union if they want to. If you don't like unions then don't join them. It's not anyone else's problem.

That's amusing.

Don't join. Heh.

A company up here in Canada was bought up by a major telco. The union employees in the major telco forced a vote on the employees of the smaller company, making it mandatory for the smaller company's employees to join the union if they wanted to keep their jobs.

Yeah, they had a choice, all right.

Re:Owned!

[jschottm]

Not that this will change where you shop, but the argument against Walmart isn't just that they put destroy other businesses that sell things, but that its overall effect on the businesses that it buys from and the government.

Walmart is notorius for squeezing every last panny out of the companies they buy goods from. While in the strictest economic sense, this is a great idea for Walmart, it is decimating other companies that pay a living wage to their employees, fueling outsourcing and bankrupsy in this country. I live within a two hour drive of towns with 20+% unemployment because the textile industry has been destroyed by foreign imports. No matter how libertarian/randian you may be, that kind of situation is very dangerous, because large numbers of unemployed (and unemployable) people leads to high crime and even civil rebellion.

Walmart also shifts expenses to the taxpayers. See a biased source [ufcw227.org] and a collection of less biases sources [google.com].

If I lived out in the middle of nowhere, I'd prolly shop at Walmart, just because it would be the only option. I'm lucky to have a decent amount of money and to be surrounded by choices, and deal with small retailers and restuarants as much as possible rather than feeding the large corporate machines. It's not just feeling smarmy and alternative, it's good economic sense to make sure that money is circulated into your local economy. Absolutely pure capitalism is great only for big businesses - it's horrible for the inviduals.

the concept was already flawed

[frovingslosh]

It seems to me that anyone who would pay a certain amount of money for a gift card or gift certificate worth the same amount, and give a gift that can only be used at a certain place and might expire, in this way shows even less thought than giving money, and deserves this.

Re:I think it's an inside job

[gcaseye6677]

In most stores, it seems like the employees completely ignore the alarm when someone sets it off. The most I've ever seen them do is waive somebody through when they see that the person has a bag of merchandise in hand and has just left the register. Having worked in a $7 an hour sales job, I know what I would do if I suspected someone shoplifting - absolutely nothing. $7 an hour is not enough to risk a potentially dangerous confrontation. The main reason for sensors is to make people think they'll get caught shoplifting and to make management feel like they are doing something to prevent theft (maybe the store's insurance requires them). I'm sure they don't even begin to deter the serious professional thief.

Re:the concept was already flawed

[gregm]

I disagree... I've gotten cards for bookstores and appreciate those more than the actual cash.. I can go to the book store and drop a wad without feeling guilty about spending that money on something like my electric bill. Give me $50 and I'll probably sue that money for groceries or utilities.

Re:It won't bankrupt WalMart

[Igmuth]

Which is why gift cards never last that long. After one year or so, they always charge you a "service fee" at some extremely high rate, so as to basically empty the account out before said turn over occurs. (Walmart may be different then basically every other company out there and not do this, but I highly doubt it. I don't know, not having dealt with their gift cards.)

Re:Gift Cards are Evil Genious

[DavidTC]

Yeah, limiting what people can do sometimes makes sense. For example, if I was constantly hassled by beggers, I might want to have some five dollar Burger King gift certificates or whatever in my wallet.

But a Walmart gift card makes no sense at all. Don't even try to tell me how it shows thought went into the gift...who, exactly, doesn't need something they could get from Walmart every week?

I mean, if someone rents a movie every week from Blockbuster, a Blockbuster gift certicate would show thought. But everyone buys Mountain Dew or cough medicine or a pillow or a tent or a gun or a ottoman or an 12-volt inverter or one of those balls that make the static lightning dance when you touch them or...

I mean, seriously, people. A Walmart gift card shows you put no thought into it at all, because everyone can use it. And if you're giving a gift that anyone could use, you might as well give cash.

The problem and the solution.

[Anonymous Coward]

The problem: Outsourcing call center jobs, and the type of information those jobs entail, to other countries has opened a hyper conduit of fraud. Take all these relay (free Internet communications for the deaf) fraud calls. How are these people acquiring seemingly infinite amounts of credit card numbers (exp date), names, ssn, etc? Because everyone you call for any kind of tech support now talks like the guy in the Simpson s who runs the convenience store. They all ask you for the same information. I'm afraid I will never purchaise a computer from some company who outsources my information to another country. This is crazy.

Solution: We're fucked. They make more money dealing with finance charges and late fees and fucking your credit in the ass than anything else (even if it is just fraud it's such a clusterfuck you have to go through). I have good credit and have not been fucked by these fraudulent people, but I know people who have. It really robs the entire world. It's' like dumping nuclear waste into the ocean or Bonjovi's reign over the ozone.