Walmart online account security
CBC published this story today about someone who had their Walmart.ca account hacked somehow:
https://www.cbc.ca/news/business/walmar ... -1.6353016
Walmart apparently stores credit cards, doesn't have any 2FA, and allows shipping address to be changed to a new location without any extra security - surely a recipe for fraud. I can confirm from my own account that they store credit cards used without the option to opt out, but I don't recall whether they at least asked for the card CVC code when placing an order. Surely they must? But then how could a hacker place an order if they just got the account name and password?
In any case, this reminds us once again about bad security practices by online retailers. They should not store your credit card by default, or at least they should let you opt out of that. If they do store it, they should at least have tighter security to use it, like 2FA and requiring the CVC code.
https://www.cbc.ca/news/business/walmar ... -1.6353016
Walmart apparently stores credit cards, doesn't have any 2FA, and allows shipping address to be changed to a new location without any extra security - surely a recipe for fraud. I can confirm from my own account that they store credit cards used without the option to opt out, but I don't recall whether they at least asked for the card CVC code when placing an order. Surely they must? But then how could a hacker place an order if they just got the account name and password?
In any case, this reminds us once again about bad security practices by online retailers. They should not store your credit card by default, or at least they should let you opt out of that. If they do store it, they should at least have tighter security to use it, like 2FA and requiring the CVC code.