SoylentNews is people
SoylentNews
I tried to return an item to a nearby carrier-owned store, but they couldn't find my information. They never gave me a printed receipt and couldn't look it up with my phone number or name.
Now here's where it gets fishy: the clerk wanted to log into my e-mail account with the store's computer! When I told him I didn't have a web mail like GMail, etc, he asked another guy, who also said I should just log into it from there and find it.
I'm pretty sure I was giving deer-in-headlights looks while I was there. Flabbergasted is probably the word. Considering their "POS" system is based on Windows and has regular problems, this just seems tailor-made for keylogging, social engineering, or worse. I probably won't use my credit card there again.
So my question: how do I report this? Just calling customer care obviously won't cut it. I have a very hard time believing this is SOP, and that this is probably just this store--and where there's one, there are probably more.
Original Submission
(Score: 0) by Anonymous Coward on Sunday July 19 2015, @05:14PM
Lets say, your grandmother logged in on their POS system, and there was a keylogger. In her email were some emails from her bank since you helped set her up to use billpay. Of course, she uses the same pword for everything because it is too hard to remember all those passwords, but even if she didn't, the keylogger folks would just do a password reset since they had access to her email.
So, this would just be your grandmother's problem, and too bad too sad for her?
How about, if you bought a new phone, handed them your credit card, and the next thing you know, you are stranded on your trip to France with no money, because your credit card was suspended because it was being run up with fraudulent charges? Too bad, too sad?
The submitter is correct, what he/she described is an issue, and he/she is also correct, that having this knowledge comes with the responsibility to protect others too.
Life is too short to be a dick. - me
(Score: 0) by Anonymous Coward on Sunday July 19 2015, @06:06PM
The store offered to use their systems because the submitter didn't have any proof of purchase when he tried to return something. If anything, the problem is that they shouldn't trust the submitter. He might be trying to install a backdoor or a keylogger.
If you tattoo your credit card number on your forehead, then the security problem isn't that people look at it. Likewise, if you use the same password for everything or type it into untrustworthy computers, then it is not the store's problem but yours. If your grandma's data security depends on every store having flawless policy and execution, then she has obviously already lost the game, and if you set it up for her that way, then blame yourself. Don't give people things that they can't handle and can't learn to handle either. Your grandma doesn't need to do online banking.
I used to sympathize with the notion that IT professionals should try and protect the unwashed masses if at all possible. I no longer believe in that. People throw all caution in the wind for next to nothing. "Would you like our website to notify you of new emails? Type your email user name and password here: ____" I have heard an unbelievable number of ridiculously bad passwords because I couldn't say "don't tell me your password" fast enough. Any attempt to change this behavior is an exercise in futility. Instead, catch and lock away the criminals who abuse people's gullibility.
(Score: 2, Insightful) by Anonymous Coward on Sunday July 19 2015, @10:07PM
So, this would just be your grandmother's problem, and too bad too sad for her?
Yes. Anyone that relies on something that they don't understand, on at least a basic level, is an idiot. Idiots deserve what they get, but if your grandmother's an idiot and you don't try to protect her from herself, then you're a terrible person.
How about, if you bought a new phone, handed them your credit card, and the next thing you know, you are stranded on your trip to France with no money, because your credit card was suspended because it was being run up with fraudulent charges? Too bad, too sad?
Damn straight. You're stranded by your own personal choices, which apparently included not providing for debit card access to your bank account, a second credit card (which is good for your credit rating, anyhow), or some extra Euros stuck in your sock.
The submitter is correct, what he/she described is an issue, and he/she is also correct, that having this knowledge comes with the responsibility to protect others too.
Ignoring your terrible examples, this is still true. If you allow your own shit to get fucked up, it's your fault, too bad....but if you see something that makes it easier for other people to fuck their own shit up and you don't try to do anything about it, then you've acted immorally.
(Score: 0) by Anonymous Coward on Monday July 20 2015, @12:21AM
Wow! Your are one angry and bitter person. I hope never to meet you in person, but still I hope life gets better for you.