We love tearing apart security here at Null Byte. Several years back, upon returning items to Wal-Mart due to a malfunction, I noticed something very peculiar about the way their overall procedure goes. I brought the item up to the desk, and the woman asked if it didn't work, which I responded affirmatively. Without a moment's notice, she takes it right off to the defective items area and asks if I would like cash or store credit.
Does anyone else see anything wrong with this picture?
Great customer service, but if Wal-Mart is at all concerned about protecting themselves, they should probably stop what they're doing. The woman behind the counter not only failed to check if the serial number matched the one on my receipt, but she also didn't ask for any receipt whatsoever! This kind of loophole could allow people to craft all sorts of nasty manipulative tricks. Serial numbers exist for a reason, Wal-Mart...use them!
A team of two people could walk into the store with intentions of scamming Wal-Mart by using the below exploit.
- Person A purchases a $300 knife set.
- Person B grabs a duplicate knife set, and puts it in a secluded location within the store, then texts the other to let them know where it is.
- Person A puts the knife set in their car, then returns to the store, and heads over to the location where the second set is.
- Person A returns the second knife set for a full refund, keeping the original.
This scenario could even be altered to work if Wal-Mart validated serial numbers.
- Person A purchases an item.
- Person B takes the duplicate item and hides it in a mutual location.
- Person A walks over and switches out their purchased one for the non-purchased.
- Person A returns the item to the counter, without the receipt, stating "I lost the receipt, but you just saw me here". They get a full refund.
- Person B uses the receipt and returns the purchased one a few days later to avoid suspicion. He would make it out of the door easily. (After all, he has the receipt.)
- Thieves bask in their $600 profit and Wal-Mart doesn't even know it.
Maybe this will serve as a wake up call to businesses to enforce secure policies and procedures. Validate your receipts, always.
Follow and Chat with Null Byte!
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.