Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicWarehouse online sending CVV number in confirmation email
isaacmercer

6 posts

Wannabe Geek


#295866 30-Apr-2022 16:27
Send private message

Just ordered something from warehouse online and got my confirmation email just before.

I was shocked to find the first 6 and last 2 digits of my card, plus the full expiry date and the full CVV number just printed in plain text at the bottom. Considering most other stores send only the last 4 (if anything) it'd be pretty easy to work out the whole card from this email.

Surely this is insanely bad practice... Thoughts...

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

gzt

gzt
17111 posts

Uber Geek

Lifetime subscriber

  #2908674 30-Apr-2022 16:33
Send private message

Surely this is insanely bad practice

It is. It probably breaks your card company's processing terms too. Is the warehouse or the market & an associated retailer?



isaacmercer

6 posts

Wannabe Geek


  #2908794 30-Apr-2022 17:50
Send private message

gzt: Is the warehouse or the market & an associated retailer?

 

Just the gol ol' thewarehouse.co.nz

alasta
6703 posts

Uber Geek

Trusted
Subscriber

  #2908795 30-Apr-2022 17:53
Send private message

Report it to Visa or Mastercard. The Warehouse Group seems to be quite dysfunctional, and this is the only way they'll learn. 



xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2908802 30-Apr-2022 18:44
Send private message

Recent order I placed with Warehouse didnt have all that info...

 

 

 

 

First few digits, last 2, name and expiry and that was it.

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

Linux
11413 posts

Uber Geek

Trusted
Lifetime subscriber

  #2908806 30-Apr-2022 19:02
Send private message

Should only need to be last 4 digits of card used

neb

neb
11294 posts

Uber Geek

Trusted
Lifetime subscriber

  #2908814 30-Apr-2022 19:52
Send private message

alasta:

Report it to Visa or Mastercard. The Warehouse Group seems to be quite dysfunctional, and this is the only way they'll learn. 

 

 

The issue has been passed on to the appropriate folks at the Warehouse.

Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #2909541 3-May-2022 01:37
Send private message

Incidentally, the first six digits are called the BIN, and all they identify is the issuer and card type (i.e. that it's an ASB Visa Debit or Westpac Business Mastercard for example). Those first few characters aren't really a secret because anyone who sees the card can instantly guess what they are just based on the branding - even without seeing the number. Having the first six and last two still means there are eight missing digits, which is too many to calculate given that technically you only have seven of the digits (the last digit is a checksum). Including the CVV is an unforgivable violation of PCI-DSS though.

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.
0x994c1d
5 posts

Wannabe Geek


  #2909595 3-May-2022 10:37
Send private message

Hey man,

 

 

 

Is this from an online order? or the email they send you after you make your order?

MikeAqua
7779 posts

Uber Geek


  #2909618 3-May-2022 12:03
Send private message

*makes note to self not to online shop at The Warehouse.




Mike

isaacmercer

6 posts

Wannabe Geek


  #2909669 3-May-2022 14:38
Send private message

Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

Cancelled my card because the numbers are now, by the looks of it, circulating among quite a few people at TWG working on this issue - hopefully will hear something a bit more concrete back soon.

Nate001
640 posts

Ultimate Geek


  #2909671 3-May-2022 14:44
Send private message

xpd:

 

Recent order I placed with Warehouse didnt have all that info...

 

 

 

 

First few digits, last 2, name and expiry and that was it.

 

 

 

 

What is the point of including this in the confirmation email? Seems unnecessary unless I'm missing something.

Detruire
1771 posts

Uber Geek


  #2909678 3-May-2022 15:14
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

 

My TW confirmation emails show (partial) number/name/expiry, so I think it's more likely that the CVV was in both fields. While an incorrect CVV leads to a failed payment, an incorrect name doesn't seem to matter (in most cases) IME: I usually put my initials in the name field, and I've only had a few payments denied (seemingly) because of this.




rm *

Inphinity
2780 posts

Uber Geek


  #2909688 3-May-2022 15:38
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

Cancelled my card because the numbers are now, by the looks of it, circulating among quite a few people at TWG working on this issue - hopefully will hear something a bit more concrete back soon.

 

 

 

For reference, storing the CVV in any form after authorization is a breach of PCI DSS compliance requirements.

freitasm
BDFL - Memuneh
79263 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2909745 3-May-2022 16:15
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

 

 

They should not store the CVV anyway. If you have a screenshot showing they have the CVV in their database, report to your credit card company ASAP.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

richms
28172 posts

Uber Geek

Trusted
Lifetime subscriber

  #2909754 3-May-2022 16:40
Send private message

Now the card is cancelled can you put what the email looked like? I havent seen it on any I have had, but TBH I dont trust them so have used zip on all my recent orders since they got rid of paypal.




Richard rich.ms

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright