This incident, which police are still investigating, raises the issue of associate training. Preliminary information given to police by Wal-Mart did not indicate that the caller gave the associate any reason to believe he really was from Wal-Mart IT. Nor was any reason offered as to why an IT person would make such a request. Was the thief assuming the 1 AM crew might be more accommodating and less suspicious?
How many chains have IT authentication procedures, including passwords or callback mechanisms? For that matter, why not have rules forbidding associates from divulging of sensitive information to anyone on the phone unless specifically instructed to do so by the store's general manager?
The irony is that IT spends millions on sophisticated encryption and protection techniques, all of which can be circumvented by a persistent thief doing rudimentary social-engineering scams. How many Wal-Mart stores did the thief have to call before finding a cooperative associate in Columbus?
The incident reportedly happened on September 5 at the Westpointe Plaza Wal-Mart near Columbus, said Columbus Police Detective Susan Collins, who added on Wednesday (Sept. 22) that Wal-Mart had yet to indicate how it arrived at the very specific fraud figure of $11,054.60. Nor did the retailer say how many—or the nature of—the transactions involved. A Wal-Mart spokesperson on Wednesday (Sept. 22) also said she had yet to hear back from store officials about the incident's particulars.
