Dear Walmart: Your Online Security Blows

Gather around kids, this is gonna be a fun one. I might even get sued, finally. Yay!!1

Recently, on some random news station, I heard about Walmart’s new “Money Card” which is nothing more than a prepaid Visa card. Just like any other such card, it has a website where you can check your balance, add funds to your account, etc. Alternatively, you can have your account information stolen, be exposed to hardcore XXX porn, or line the pockets of a bottom-feeding douche bag while trying to reach the site. Why? Because Walmart, just like most companies, is nothing short of retarded when it comes to internet security and protecting their brand in the online world.

Walmart Money Card

But, but, but… Their site says that it’s secure. It even has a nifty little seal on it from Thawte verifying that it’s protected by RC4 128-bit encryption.

Thawte Seal Yeah, so what? I said that all those evil evil bad bad things could happen to a person while trying to reach the site. I never said that they’d actually make it there. Your good ol’ Uncle Buck or Aunt Charlene who’s not too savvy on that there interweb, but falls perfectly into the demographic of folks who would have a Wally World prepaid money card, is likely to mistype the web address. That’s why any security-minded company who wants to protect their customers and brand’s image would / should at the very least register all of the most common typo domains when setting up shop on a new domain – especially if it’s a financial kinda deal. In Walmart’s infinite wisdom, they did no such thing.

After hearing about this new Walmart card and the accompanying website, I checked to see if they had registered and were forwarding over traffic from one of the most common typos: the full web address prefixed with a “www”. Typing out “www” and then forgetting or simply missing the dot afterwards is commonplace among eTards and fast typers. Sure enough, wwwwalmartmoneycard.com was wide open. So, I registered it. Just for good measure, I went ahead and registered almartmoneycard.com today too. Missing the first letter of a domain is also pretty common. Luckily for Wally World, I snagged those domains with the sole intent of using them as an example for this blog entry. This could have played out much differently…

Stealing Account Information
It’d be super easy to setup an identical spoof website and steal account information when people try to login. After entering in their account info, I’d bounce their asses through a couple url forwards and plant them on the real site’s login error page. They’d think that they simply mistyped something (Yay! Irony) and reenter their info. In other words, I’d steal their login info, they’d never be the wiser, and Walmart would have no idea why people kept going directly to their login error page. I’d go into more details about how to pull this off without getting caught, but I’m not looking to draw a road map to success for any would-be asshats.

Don’t even start in with that lame “you couldn’t do anything with just the account numbers and expiration dates” nonsense. Even if I didn’t log into the accounts to get their names and whatnot, I could cash in on those puppies. And if I wanted to be super evil about the whole thing, I could add a field for their PIN numbers on my fake login page and literally cash in on those card numbers at ATMs. It ain’t no thang but a chicken wang to slap card numbers on some blank cards.

Credit Card Writer

Trashing Walmart’s Brand
If I was a disgruntled ex employee, hated Walmart for “shutting down my business”, or simply wanted to screw with them for having bathrooms that smell like piss there’s a ton of stuff I could do with those domains. Slap visitors in the face with some hardcore gay anal porn, post anti-Walmart propaganda, redirect all the traffic to Target’s website, etc… Uncle Buck and Aunt Charlene couldn’t care less about all the technical details. They’d be “madder than hell” at Walmart if they got their eyes full of two grown men playing hide the submarine when they “went to Walmart’s website”.

Lining your pockets when outright theft isn’t your thing
The last option worth mentioning is what most likely would have ended up on those domains if I hadn’t grabbed them. Domain squatting (call it “cybersquatting” if you must, lamer) is a very real business in the gray market. Lame-tards register tons of domain names and typo domains and slap domain parking pages up. Typically, these pages are plastered wall-to-wall with text ads related to the domain name. Whenever someone visits one of these pages and clicks an ad, the owner of the domain makes anywhere from one cent to a couple of bucks depending on the page’s niche / ad type. Since credit card / financial ads pay well, the domains I have would be perfect for this.

Using the domains in such a fashion is pretty much harmless to the real site that you’re leaching off of. Uncle Buck will likely get that goofy look on his face as he clicks an American Express ad in hopes of finding Walmart’s site, but no kittens will be harmed. Regardless, there’s no excuse for a large company to allow douche-nozzles to be leaching off of them in this way. There are legal steps that can be taken to get domains from such people.

So, who’s at fault for this crap?
The only reason I’m picking on Walmart is because their site is new and I happened to see that news report. Tons of other companies are equally retarded when it comes to this stuff. Capital One, Discover Card, and countless others currently have lame-tards making money with domain parking pages sitting on the “www” prefixed versions of their domains and other typos. And, Walmart people aren’t the geniuses behind the Walmart Money Card. Their cards / website is all being taken care of by a third party: Green Dot – hereinafter to be known as the people Walmart is pissed at for making them look like retards.

The guys who should be blamed the most for this kinda stuff in general are the domain registrars: GoDaddy, et al. They should have systems in place to flag all domain registrations that have a trademarked name in them or begin with “ww” so that they require human review before the would-be owner gains possession of the domain. Domains like almartmoneycard.com would slip past such systems, but simple shit like this would still help out overall internet security health a bit.

I shit you not… After registering the “www” prefixed domain there was an issue. After setting up the DNS to point at my server space, it never resolved (started working). My host guys said that it was a “problem at the registrar level”, so I had to call GoDaddy to get it straight…

Which domain are you having these problems with?

W-W-W-W Yeah, four W’s… And then A-L-M-A-R-T-M-O-N-E-Y-C-A-R-D dot com.

So, it’s three W’s and then Walmart Money Card dot com, right?

Yup.

Can you hold on one minute for me?

Sure.

*totally expecting a manager to get back on the line and drill me about my planned use for the domain*

Hey, Mr. Williams… It looks like a server-side issue. Everything is working fine on this end.

That’s a paraphrase but I swear to strippers and one dollar bills it went down just like that. Shame on you GoDaddy. Oh yeah, please don’t screw with my domains over this blog entry :P

Ultimately…
It doesn’t matter who’s really to blame. When you have an international brand / image and customers to protect, whoever people perceive to have screwed up is responsible. So, I repeat…

Dear Walmart: Your online security blows.

P.S. You can’t have the typo domains that I registered. Sue me, I dare ‘ya. The next thing I’ll teach you about is a neat little thing called “fair use”.

29 thoughts on “Dear Walmart: Your Online Security Blows”

  1. Gotta love walmart. Glad you brought this up. Maybe I will send it to my aunt who is a complete fucking retard online and will probably have one of these things. All hail the holy white trash discount store.

  2. having deep Wal-pockets, they deserve all the shit that can be thrown at them!! Uncle Buck and Aunt Charlene were always
    my least favorite relatives anyways, ‘cuz they’s so dumb!!

  3. Very informative. I’m thinking of opening a side business now. Thanks L! (just kidding..)

  4. wonderful…simply wonderful. now down to brass tacks. YOU have something very unique that very few people will ever posses in their lifetimes. a slight bit of power over walmart. sure, it’s not going to crumble their empire of raped/discount kittens, but still, due to the evil evil things that one can do with these, it could turn into a nasty little p.r. nightmare that they probably don’t want to deal with. if it were me, i would make them PAY for them(to charity that is, preferably something Jewish) or even better…a sizeable donation to help form undeveloped walmart labor unions. and if they don’t want to pay, fine. i guess you’ll just have to raise the money for fighting Jewish autism yourself…by auctioning the adresses off to the highest bidder. walmart better hope that the person who won the bid shared the same code of ethics as you.

  5. You should post some anti-Wal-mart info.
    If that’s the worst thing that happens to them behind this,they’re gettin’ off easy.

  6. Very good information, and thanks for posting this. I don’t shop at walmart anyway, but this is good information for those that do, in terms of visually seeing the potential dangers and making themselves aware.

    Sharia

  7. LoLo is actually helping Walmart for free (if you ignore the cost of registering the typo-sites) and all of us can attest at any court of law that his intention is nothing but good. The jury will agree with us as the “innocence being wrongly accused” case would be too obvious even for them. Moreover we will campaign for LoLo and against walmart. Bring it on!

  8. I wish Wal-Mart would just die! WM has completely f***ed-up our qualities of life by their low-to-middle-class marketing of Chinese bulls**t, and taking all our tax base dollars to Bentonville, Arkansas. Stay on their ass, Lo.

  9. Re Mike:
    It’s hard to say. By posting this blog entry I’ve screwed up any real stats and the almart one was registered the same day as the entry. The www prefixed one was getting 1 – 6 visits per day before this entry. It’s safe to assume that number will go way up as these cards get into the hands of consumers.

  10. Hi Man your to cool , i like that i”m a SCAMMER myself i work hard at it , sofar i work alone but you make me think , . anyway i love walmart where else can you go in spend all night looking around at stuff and eating up the stock lots of time i reprice something i want but cheeper , or put on a new pair of shoes and socks ball cap , etc,,, hell i even help myself to some icecrem , yes i do love wallmart , email me and lets do something evil , jonjon

  11. Thank you so much!!!!!!!!! I’m One of thoes fast typers that could have very eaisly fallen prey to some son of a bitch that would rather steal my hard earned cash than get a real job. I really appreciate your online wisdom. you are really a true american with true american values unlike Walmart!!!!thank you again and as far as wal mart goes, the card never got activated. They can kiss my ass!

  12. Why does it matter if they didn’t reserve some websites? It’s the consumers responsibility to double check those types of things. Wal-Mart doesn’t need to be responsibile for someone’s error. It should be pretty obvious that when you are on a website that is dealing with funds you make sure you don’t type in the wrong address.

    Yes, that site is secure, and yes, they have a certificate. The context of “secure” in this situation does not pertain to “idiot proof.” It pertains to the overall security of THAT website.

    Not to mention, Wal-Mart would sue a scammer as soon as a customer reports fraud.

    Reserving typod websites is by no means a standard.

  13. Why target just Wal-mart? This could apply to virtually ANY website that allows login. Simply look at the overwhelming amount of spam sent to you by your friends on popular social networking sites. As you mention, the real people to blame (if anyone) are the domain registrars.

  14. its reasons like that is why i always type it into my web-search first and then click on the link provided. most web-search engines will account for user error.

  15. Walmart is a corporate hungry machine. They are the biggest corporation in the world and yet they pay slave wages to its employees.

    They suck… the walmart money card sucks.

  16. Here’s what happened:

    I opened a prepaid Visa card at your Walmart store located in Mt. Dora, FL 6 months ago. When I spoke with the cashier who sold the card to me, I let her know that I would be having my pay check direct deposited on the card, and many deposits would be in excess of $5K (I get paid 2 times per month). She assured me this was fine as long as the money was direct deposited, so I bought the card, did the direct deposit, and off I went.

    Now, six months later, your company decided that my deposits are too high, and without contacting me, went ahead and closed my account without my knowledge. I was stranded in the middle of nowhere and tried to get gas, the card was declined, so I called your Customer Support number from my cell phone. They explained this ridiculous mess to me (my deposits are too high). Then, they reopened the card for an hour, just long enough for me to remove what was left on the card, and the account was closed. A couple of days later, your Loss Management department called me and said how “sorry” they were, that the account was closed in error, and they offered to re-open the card, which I accepted so I didn’t have to cancel my direct deposit, and for my “pain and suffering”, they gave me a HUGE $25.00 credit (lol).

    Yesterday there was $15.74 on my card. I went to check the balance today, and it was “ZERO”, so I called your Customer Service department (and was transferred to Phillipines, Pakistan, and Guatamala….I thought this was a US based company???). Ana, ID #10838 informed me the account was closed a second time in error (I was supposed to have a $5K direct deposit on the card at midnight tonight), and she promised it would be re-opened in 10-15 minutes, and the $15.74 would be put back on the card. Four hours later, nothing happened, so I called Loss Management yet AGAIN. I spent better than an hour talking to them, who then informed me that it was tough ‘S _ I T”, (Kathleen….another Supervisor at Loss Management) the account was closed again permanently, and there was nothing I could do. They also informed me that my direct deposit would be DENIED, completely screwing me up royally since I had bills that I paid right off the card, not to mention that the payroll would have to be sent back to ADP, then back to my company before it could be forwarded to me. Thanks Walmart……

    Then, the idiot “Claudia” (Supervisor at Loss Management), offered to open me another card!!!! After I was done laughing (why in the name of God would I do THAT???), I told her I wanted nothing more to do with Walmart, and I mean that completely. My sister works for channel 9 news in Boston, and is Diane Sawyer’s neighbor on Martha’s Vineyard, and they are friends. This will make a WONDERFUL human interest story once it hits the airways, don’t you agree??? I am going to be SURE that this story is told everywhere. From your idiot cashiers, right down to your incompetent Loss Management group (you get a different story from everyone you speak to), I can’t think of ONE good reason why I, or anyone else would want to shop at Walmart. I find it interesting that no one will give you their last name or ID number (except Ana), and they spend the majority of the time putting you on hold so they can pass the buck, all the while telling you how sorry they are!!! In reality, they couldn’t care less, they just want to pass you onto someone else so they don’t have to deal with you.

    Having said all this, Walmart is TRASH and not only will I not get another card, I will no longer patronize your store. I am starting a Blog as well, and when my sister speaks with Diane Sawyer (this is happening first thing in the morning), I am sure they will be contacting you for comments (especially the lawyers).

  17. DEAR MICHELE JONES let me ask you if you are paid such of big amouth WHY IN HELL WOULD YOU HAVE A PREPAID CARD?????????? IT SOUND LIKE A BIGGG LIE TO ME XD

  18. Awesome, i thought it would be a good idea once i signed up for the card, till i had to deal with the asinine call centers. :/

    They are unsympathetic robots, do not get the card, total waste of time.

  19. @Michele Jones

    THANK YOU. This sounds so much like what happened to me! “Im sorry sir.” its all they can say! they froze my card because i had 254 dollars deposited on it. left me totally stranded, i was supposed to have like 1800 in my account!! i wanna find those bastards and stick my foot up some arse’s

  20. hey man thanks for posting this!! I just so happen to be one of those people that miss type alot seeming as how my daughter always wants to sit in my lap when i’m online, and i sure would not have checked the address bar as usual. you just saved me alot of problems by redirecting me to this posting, i will pay more attention, thank you.

  21. yea it sucks allright third month posted .95 cent as pennies as 2 charges of 19.95 two consecutive days have spent 3 hours still cant find account or website called and of course customer service is closed hey idiots it’s one week before Christmas not like spending such fun time to get nowhere your customer service sucks. your such the company thats all that
    fire your stupid fuc**** credit card people you’ve put local business out with your super shitty stores and your 24 hours surely you can get a banking center to do better than that piece of crap with their totally fu website and of course disputes are handled through mail only in Ca po BOX BULLCRAP YOUR SO CUSTOMER SERVICY crap why dont you give the credit afterall your allthat so happy ho ho and hahaha Merry Christmas thanks to my kids
    IF i WAS RICH i WOULD NOT SHOP THEIR AT ALL BUT SEEING AS i AM NOT 40.00 WOULD COME IN REAL GREAT THANKS FOR THE WONDERFUL GIFTS I’M SURE KIDS WILL like a (raincheck)UNDERSTAND IMAGINE THE SMILES WHEN I SHOW THEM A COPY OF THE DISPUTED ERRORS letter what all kids want. they suck maybe i might get Valentines instead change companies you idiots and remember your new ads Wallmart is Christmas
    well gee thanks add grinch and stooges next year wise up and advertise truthly since you
    care about all that Christmas cheer fire the stupid ass people your size of company there is others surely that would be glad to work 24/7 thats the least you should do listen up big brother hey your profits would do so much why dont you credit or furthermore open your own credit card crap the other one sux out loud merry f*** holidays to you to

  22. If you think thats interesting and you are a victim of Walmarts unfair practices check out this site: http://www.Wakeupwalmart.com its put out by the “Union” and it describes a lot of the unfair practices and injustices that Walmart uses to rip off their own employees!!

  23. I am still waiting for someone from Wal-mart to contact me regarding my prepaid card problem, I was in one of your stores and paid a cashier $103.00 to reload my card and it never made it to my account, so as far as I can see, it looks like she never swiped my card to load it, I am not working right now so any money that I get is very important to me, I can not believe a company as big as Wal-Mart can do this to people, I did follow thru by going into the store and talking to a manger infact it was the morning manger of the Wal-Mart on East Washington street that I spoke to and she acted like I must of been mistaken and had gone some place else, I can not understand how this whole thing happened, but I need them to make it right, it is not fair to take advantage of some one like this.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>