Sir Knight
New member
I'm not sure where is the best place to put this. If this is not the correct forum for it, I would ask the staff to move it accordingly .....
I always liked dealing with the Sportsman's Guide. Purchased a lot of interesting things from them including some pretty good deals on ammo and extra gun magazines and just fun stuff that I didn't even know existed. However, I was less than pleased when I came across the following website ...
http://www.sportsmansguide.com/net/OrderStatus/OrderDisplayNew.aspx
... If you know a person's last name and zip code, you can bring up their entire order history. What they purchased, when purchased, when sent, when received, etc.
I see this as a HUGE security risk. Using common last names, I was able to bring up several orders in a matter of a few minutes. Uisng common last names from a local phone book would result in an even higher success rate. Imagine what a less than honest person could do with this information ...
Hello Mr. Smith, we noticed you ordered a xxxxx (obtained from the website) from us. We were having a problem processing your credit card. Can you verify it ends in (randonly make up a number) 2932. That's not it? That could be the problem. Let's start verifying your information is correct.
Your address is xxxxxxxx (obtained from the website)
The Item ordered was xxxxx (obtained from the website)
and what is your credit card number?
Thank you sir. On behalf of sportsman's guide, Have a nice day.
... given the fact that they had your home address and knew exactly what you ordered, how many folks would not give them their credit card number thinking that it was a legitamite [sp] call?
I always liked dealing with the Sportsman's Guide. Purchased a lot of interesting things from them including some pretty good deals on ammo and extra gun magazines and just fun stuff that I didn't even know existed. However, I was less than pleased when I came across the following website ...
http://www.sportsmansguide.com/net/OrderStatus/OrderDisplayNew.aspx
... If you know a person's last name and zip code, you can bring up their entire order history. What they purchased, when purchased, when sent, when received, etc.
I see this as a HUGE security risk. Using common last names, I was able to bring up several orders in a matter of a few minutes. Uisng common last names from a local phone book would result in an even higher success rate. Imagine what a less than honest person could do with this information ...
Hello Mr. Smith, we noticed you ordered a xxxxx (obtained from the website) from us. We were having a problem processing your credit card. Can you verify it ends in (randonly make up a number) 2932. That's not it? That could be the problem. Let's start verifying your information is correct.
Your address is xxxxxxxx (obtained from the website)
The Item ordered was xxxxx (obtained from the website)
and what is your credit card number?
Thank you sir. On behalf of sportsman's guide, Have a nice day.
... given the fact that they had your home address and knew exactly what you ordered, how many folks would not give them their credit card number thinking that it was a legitamite [sp] call?