GoDaddy Updates Its User Protection Policies

GoDaddy Updates Its User Protection Policies(techcrunch.com)

10 points by derpenxyne 12 years ago | 6 comments

If account ownership verification is your concern, then the digits of a credit card offer relatively little assurance. Fun story: I used to work for a company that utilized the last four of a CC on file for verification. They also let anyone pay an outstanding balance without needing to otherwise verify, and kept the last four of the card on file. So...

rhizome 12 years ago |

Oh heck, let's just verify on the whole card number. Apparently GoDaddy's CSRs have access to it such that management can just arbitrarily increase the number of digits to check.

Not reported: whether PayPal will also increase the number of digits they hand out via social engineering.

Zenst 12 years ago | |

That is not only a valid point, but a major one upon many levels. I would of thought storing the credit card in full (double eek if they also store the 3 digit security code) would be against the PCI compliance guidlines.

I'm aware if the customer gives permision (repeat customer) is an exception. Though in these situations if it is proven that access was your companies fault then you are liable. Which in this situation, whilst no charge to the credit card (we are aware of) was made. The lapse of security did have financial reprocusions.

Zenst 12 years ago |

Fair play for GoDaddy addressing this issue, though I do wonder if the issue was not as vocalised publicly how ling it would of taken to address. We may never know, and it changes nothing in the past.

What I don't know is how this effects the original user who lost there @N twitter account.

    Did he get it back?
    Had GoDaddy now respectfuly owning up to there oversight made any offer to restore things and/or compensation?

So far so good, but still missing the happy ending we all want to see for the user.

JAFTEM 12 years ago | |

He hasn't gotten it back, but the attacker is no longer in possession of that handle having deleted the account. The handle was then apparently unavailable to take [0], but some time later Twitter allowed some random user to pick up the handle as you can see by visiting @N now.

[0] https://twitter.com/N_is_stolen/statuses/428679789491138560

Zenst 12 years ago | | |

Seems ball in Twitters court now.

Nice update from GoDaddy linked there: http://uk.godaddy.com/news/article/godaddy-statement-re-n-is...

Much respect to GoDaddy, certianly handerling it well and being honest and upfront.