Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


isaacmercer

6 posts

Wannabe Geek


#295866 30-Apr-2022 16:27
Send private message

Just ordered something from warehouse online and got my confirmation email just before.

I was shocked to find the first 6 and last 2 digits of my card, plus the full expiry date and the full CVV number just printed in plain text at the bottom. Considering most other stores send only the last 4 (if anything) it'd be pretty easy to work out the whole card from this email.

Surely this is insanely bad practice... Thoughts...

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2

gzt

gzt
15200 posts

Uber Geek

Lifetime subscriber

  #2908674 30-Apr-2022 16:33
Send private message

Surely this is insanely bad practice

It is. It probably breaks your card company's processing terms too. Is the warehouse or the market & an associated retailer?

 
 
 
 

Lenovo computer and accessories deals (affiliate link).
isaacmercer

6 posts

Wannabe Geek


  #2908794 30-Apr-2022 17:50
Send private message

gzt: Is the warehouse or the market & an associated retailer?

 

Just the gol ol' thewarehouse.co.nz


alasta
6232 posts

Uber Geek

Trusted
Subscriber

  #2908795 30-Apr-2022 17:53
Send private message

Report it to Visa or Mastercard. The Warehouse Group seems to be quite dysfunctional, and this is the only way they'll learn. 




xpd

xpd
aka Fast Raccoon !
13017 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2908802 30-Apr-2022 18:44
Send private message

Recent order I placed with Warehouse didnt have all that info...

 

 

 

 

First few digits, last 2, name and expiry and that was it.

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree -   kiwiblast.co.nz - Lego and more

 

       Support Kiwi music!   The People   Black Smoke Trigger   Like A Storm   Devilskin

 

                                            NZ GEEKS Discord______________________________

 

 


Linux
10294 posts

Uber Geek

Trusted
Lifetime subscriber

  #2908806 30-Apr-2022 19:02
Send private message

Should only need to be last 4 digits of card used

neb

neb
8906 posts

Uber Geek

Trusted
Lifetime subscriber

  #2908814 30-Apr-2022 19:52
Send private message

alasta:

Report it to Visa or Mastercard. The Warehouse Group seems to be quite dysfunctional, and this is the only way they'll learn. 

 

 

The issue has been passed on to the appropriate folks at the Warehouse.

Kyanar
3874 posts

Uber Geek

Trusted
Subscriber

  #2909541 3-May-2022 01:37
Send private message

Incidentally, the first six digits are called the BIN, and all they identify is the issuer and card type (i.e. that it's an ASB Visa Debit or Westpac Business Mastercard for example). Those first few characters aren't really a secret because anyone who sees the card can instantly guess what they are just based on the branding - even without seeing the number. Having the first six and last two still means there are eight missing digits, which is too many to calculate given that technically you only have seven of the digits (the last digit is a checksum). Including the CVV is an unforgivable violation of PCI-DSS though.




0x994c1d
5 posts

Wannabe Geek


  #2909595 3-May-2022 10:37
Send private message

Hey man,

 

 

 

Is this from an online order? or the email they send you after you make your order?


MikeAqua
7616 posts

Uber Geek


  #2909618 3-May-2022 12:03
Send private message

*makes note to self not to online shop at The Warehouse.





Mike


isaacmercer

6 posts

Wannabe Geek


  #2909669 3-May-2022 14:38
Send private message

Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

Cancelled my card because the numbers are now, by the looks of it, circulating among quite a few people at TWG working on this issue - hopefully will hear something a bit more concrete back soon.

Nate001
607 posts

Ultimate Geek


  #2909671 3-May-2022 14:44
Send private message

xpd:

 

Recent order I placed with Warehouse didnt have all that info...

 

 

 

 

First few digits, last 2, name and expiry and that was it.

 

 

 

 

What is the point of including this in the confirmation email? Seems unnecessary unless I'm missing something.


Detruire
1611 posts

Uber Geek


  #2909678 3-May-2022 15:14
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

 

My TW confirmation emails show (partial) number/name/expiry, so I think it's more likely that the CVV was in both fields. While an incorrect CVV leads to a failed payment, an incorrect name doesn't seem to matter (in most cases) IME: I usually put my initials in the name field, and I've only had a few payments denied (seemingly) because of this.





rm *


Inphinity
2759 posts

Uber Geek

Subscriber

  #2909688 3-May-2022 15:38
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

Cancelled my card because the numbers are now, by the looks of it, circulating among quite a few people at TWG working on this issue - hopefully will hear something a bit more concrete back soon.

 

 

 

For reference, storing the CVV in any form after authorization is a breach of PCI DSS compliance requirements.


freitasm
BDFL - Memuneh
76364 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2909745 3-May-2022 16:15
Send private message

isaacmercer: Just an update on this, heard back from warehouse support over the weekend and they're investigating but they of course said it's not normal to have sent this info out in the order confirmation email. Their response also contained a screenshot of their order system to verify which details they're storing - which also happened to have my CVV in plain text.

Thought it was potentially because my name and CVV were in the wrong way around - but the payment has been made and approved so can't have been.

 

 

They should not store the CVV anyway. If you have a screenshot showing they have the CVV in their database, report to your credit card company ASAP.





Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


richms
26402 posts

Uber Geek

Trusted
Subscriber

  #2909754 3-May-2022 16:40
Send private message

Now the card is cancelled can you put what the email looked like? I havent seen it on any I have had, but TBH I dont trust them so have used zip on all my recent orders since they got rid of paypal.





Richard rich.ms

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33


Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48


Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38


Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21


Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50


Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45


Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38


Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17


Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42


Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56


Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18


Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49


HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47


Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43


Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







MyHeritage