Personal Finance

Walmart online account security

  • Last Updated:
  • Feb 21st, 2022 10:50 pm
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver

Walmart online account security

CBC published this story today about someone who had their Walmart.ca account hacked somehow:
https://www.cbc.ca/news/business/walmar ... -1.6353016

Walmart apparently stores credit cards, doesn't have any 2FA, and allows shipping address to be changed to a new location without any extra security - surely a recipe for fraud. I can confirm from my own account that they store credit cards used without the option to opt out, but I don't recall whether they at least asked for the card CVC code when placing an order. Surely they must? But then how could a hacker place an order if they just got the account name and password?

In any case, this reminds us once again about bad security practices by online retailers. They should not store your credit card by default, or at least they should let you opt out of that. If they do store it, they should at least have tighter security to use it, like 2FA and requiring the CVC code.
7 replies
Deal Addict
User avatar
Jun 25, 2008
1122 posts
1174 upvotes
I'm not sure how you signed in, but it's easy enough to go to My Account > Credit Cards (under Payment Information) and modify and/or remove any card there.

Also, I just tried a new checkout with "new card" and right there is a checkbox (which is checked by default, but definitely selectable) that says "Save card for easy check out".

So they absolutely let you opt out and also remove the card later if you didn't by mistake.

Also, use randomized passwords stored securely in a password manager, never reuse credentials and never enter them on any unsolicited request whether by email or SMS.
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver
MikeMontrealer wrote: Also, I just tried a new checkout with "new card" and right there is a checkbox (which is checked by default, but definitely selectable) that says "Save card for easy check out".

So they absolutely let you opt out and also remove the card later if you didn't by mistake.
I think that's actually a more recent addition. I never store my credit card with a retailer voluntarily, always opt out if offered, but last year I found Walmart.ca prompting me to update my expired card information in the online account. I was able to delete the {expired} card as a payment method at that point, but I was definitely never offered the option not to store it in the first place on some previous order.
Deal Addict
User avatar
Jun 25, 2008
1122 posts
1174 upvotes
Scote64 wrote: I think that's actually a more recent addition. I never store my credit card with a retailer voluntarily, always opt out if offered, but last year I found Walmart.ca prompting me to update my expired card information in the online account. I was able to delete the {expired} card as a payment method at that point, but I was definitely never offered the option not to store it in the first place on some previous order.
Could be. They've done a lot of updating in the last couple of years (I'm a regular user of the grocery pickup).
Deal Addict
Nov 21, 2014
3580 posts
6290 upvotes
Atlantic
Scote64 wrote: In any case, this reminds us once again about bad security practices by online retailers.
Certainly some bad cybersecurity practices going on with retailers. But what about the consumer side - recycling passwords, no anti malware software etc? I am willing to bet the latter is way worse.
Deal Expert
Jun 20, 2020
20144 posts
29043 upvotes
Toronto
Scote64 wrote: CBC published this story today about someone who had their Walmart.ca account hacked somehow:
https://www.cbc.ca/news/business/walmar ... -1.6353016

Walmart apparently stores credit cards, doesn't have any 2FA, and allows shipping address to be changed to a new location without any extra security - surely a recipe for fraud. I can confirm from my own account that they store credit cards used without the option to opt out, but I don't recall whether they at least asked for the card CVC code when placing an order. Surely they must? But then how could a hacker place an order if they just got the account name and password?

In any case, this reminds us once again about bad security practices by online retailers. They should not store your credit card by default, or at least they should let you opt out of that. If they do store it, they should at least have tighter security to use it, like 2FA and requiring the CVC code.
Posted to YouTube

This Ontario man says Walmart told him he'd have to pay for his hacker's purchases
Destiny is all
Sr. Member
User avatar
Nov 23, 2010
687 posts
125 upvotes
Montreal
I removed my saved CC from my WalMart account. Maybe use a Prepaid CC and add funds before buying.
Do Not put All your Eggs in One Basket!
Overtaxed, Underpaid, Overpriced Proud Canadian!
Deal Addict
Aug 20, 2008
3215 posts
1264 upvotes
Ajax
I’ve had this happen twice with Walmart, only place it’s ever happened. Both times oddly they tried to buy PlayStations. The first time they placed the order and I called right away to get it cancelled. The second time I actually was the victim of email spamming where the scammer sent me thousands of emails and hid the Walmart transaction amongst them. Thankfully I knew what was happening and locked my credit cards and thus blocked the purchase.

The worst part - when I called Walmart the next day to close my account so I could unlock my cards, they told me it would take up to 72 hours. I had to call 3-4 times and demand managers before action was taken. I’ll never open a Walmart.ca account again

Edit: this happened last year, I’m guessing may or June 2021 the second time. The first was 2018 or 2019

Top