[ale] OT: I AM paranoid!

Thu Oct 9 20:55:20 EDT 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The previous thread gets awfully close to an issue I've been dealing with the 
last two weeks. Some goon got my debit card number (how, I don't know) and 
bought a bunch of stuff on the Internet. They bought $378.83 worth of stuff 
at Walmart.com and spent another $59.95 at USSearch.com. The latter site does 
public records searches, so I guess they were looking for a new victim. By 
reporting it all quickly, I got Walmart to stop the shipment of merchandise 
and USSearch quickly reimbursed me. But there are some scary things that came 
out of this.

The DeKalb County cops gave me some resistance when I reported this as a 
crime, saying it had to be investigated in the jurisdiction where it 
occurred. They took this to mean the city where the servers live. Never mind 
that this is utterly stupid, I set out to call the police in Bentonville, AR 
(home of Walmart). And--wonder of wonders!--they simply turned over all of 
the information they got from Walmart. Now here is what was weird about that. 
I was already doing business with Walmart.com for their DVD rental service. 
So, they already had my debit card number. The fraudster used that same card 
number with them, but gave them the wrong e-mail address, the wrong phone 
number and also misspelled my name. So, what this tells me is that they do 
absolutely no checking on the identity of the person presenting the card. If 
they communicated with the card issuer, they could get the spelling for my 
name and my home phone number. Or, barring that, all they would have to do is 
check to see if someone else has tried to use the same card number with 
different information. But they don't do either thing. Now given the fact 
that Walmart is the biggest retail operation in the world, you would think 
they could afford this kind of diligence. But apparently, it's too much 
trouble for them. I sent them an e-mail asking about all of this and what I 
got back was their stock answer to all security questions: SSL, your 
information is encrypted and all of that crap.

Side note: Last Saturday, I got e-mail from Amazon.com saying that my debit 
card might have been compromised in some way. I wrote back and explained that 
I had no suspect transactions from their site, but that my card had indeed 
been compromised. I asked them to tell me what might have happened. They sent 
me back a tersely worded reply, saying that information could only be turned 
over to law enforcement. So, something happened, but I don't deserve to know. 
Amazon.com is now my most likely suspect for the place where my information 
got stolen. I hadn't used them in a couple of years. But just a few days 
before I got ripped off, I registered my debit card with them and ordered a 
DVD. 

Just so you'll all know how concerned the major e-commerce sites are about 
your money.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/hcrNmqVh/g13CaoRAv6pAJ91q2vkp0cmBFmvSoYF+iyx3gPDGwCfYKV1
Ub/7ey+5v+VJgTVEhqqrJWw=
=Sfhb
-----END PGP SIGNATURE-----