WSEX security messure ...unbelievable

[jfk]

[ QUOTE ]
[ QUOTE ]
It's normal for sportsbooks to do this because the "old system" was phone betting. Obv now this is dying they should really replace it, but this is what you get for playing at a site that doesn't care.

[/ QUOTE ]

In my experience, WPEX support is second best in the industry after Stars. Which is to say, the only other site besides Stars that actually has pretty good support.

[/ QUOTE ]

I agree with mjkidd. The support at WPX is usually of a very high quality. This is not just in comparison to other poker sites, their level of service compares well to any business.

When I had to change my account info it was a surprise to have them ask me for my password. Its natural to have misgivings. Just change your password once you've completed your transaction with the WPX rep on the phone.

[M.B.E.]

It’s mainly for “meta” reasons that this is a terrible security measure. If clients are aware that WSEX in some circumstances asks for your password over the phone, then it makes it easier for fraudsters to call up and obtain your password.

Changing your address should involve an Internet component (where you enter your password obviously) and a telephone verification, where you have to talk to them on the phone and give your new address as well as some detail about your account history that only you would be likely to know (but not your password).

[Mitch Evans]

[ QUOTE ]
It’s mainly for “meta” reasons that this is a terrible security measure. If clients are aware that WSEX in some circumstances asks for your password over the phone, then it makes it easier for fraudsters to call up and obtain your password.

[/ QUOTE ]

While I agree that there should be no need to tell a support rep your password, I don't see how a fraudster could obtain your password by calling support.

[R*R]

Unless the fraudster was support. hmmmm.

[Bobo Fett]

[ QUOTE ]
[ QUOTE ]
It’s mainly for “meta” reasons that this is a terrible security measure. If clients are aware that WSEX in some circumstances asks for your password over the phone, then it makes it easier for fraudsters to call up and obtain your password.

[/ QUOTE ]

While I agree that there should be no need to tell a support rep your password, I don't see how a fraudster could obtain your password by calling support.

[/ QUOTE ]
I think he means the fraudster would call YOU, not support.

[Mitch Evans]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
It’s mainly for “meta” reasons that this is a terrible security measure. If clients are aware that WSEX in some circumstances asks for your password over the phone, then it makes it easier for fraudsters to call up and obtain your password.

[/ QUOTE ]

While I agree that there should be no need to tell a support rep your password, I don't see how a fraudster could obtain your password by calling support.

[/ QUOTE ]
I think he means the fraudster would call YOU, not support.

[/ QUOTE ]

Yeah, that's probably what he meant. I would hope no one is dumb enough to give out personal information regarding anything to anyone that calls you. That's even more obvious than knowing not to click a link in a paypal email.

[M.B.E.]

[ QUOTE ]
I would hope no one is dumb enough to give out personal information regarding anything to anyone that calls you. That's even more obvious than knowing not to click a link in a paypal email.

[/ QUOTE ]
It really isn’t an issue of being ‘dumb’; but merely naïve about computer security issues.

This applies especially to people older than 40 or so who can be rather unsophisticated and gullible about that sort of issue although very intelligent in other areas of life.

It is preferable if all businesses that involve any sort access to an account via the Internet would have a policy that the password is never to be given over the phone. That way it becomes easier to educate the security-naïve group of people: just say ‘never give any Internet password over the phone’.

[Mitch Evans]

I can understand people being naive about computer security, such as phishing links and so forth especially for older people, but phone phishing has been going on for far longer than the internet has been around, and that's what you're talking about here. People posing as banks wanting you to verify credit card numbers or social security numbers, etc.- this is no different. The first time anyone received a debit/ATM card their bank told them to never tell anyone their pin or to write it down. All I'm saying is I hope people would apply that same logic to someone calling and asking for their password.

You're right though, every internet business should send periodic emails to their customers informing them that no representative would ever contact them requesting personal data by phone (or email) and to never give that information to anyone.

[mustmuck]

You should never have to give your password to a support person. It's not just for the phishing reasons above, but also because the support people shouldn't have access to your password at all as it causes all sorts of security problems. Usually support would be able to change your password, not view it.

I'm pretty surprised that WSEX works like this. They should really start implementing changes here.

[Benjamin]

Another WSEX security issue is that the default login at www.wsex.com is not encrypted.

Encryption should be standard, obviously.

Until then, everyone should remember to click the 'secure login' link before logging in.

And, as jfk mentioned, everyone should log on and change their password if it's integrity is lost by disclosing it to a WSEX rep.

Just commonsense good security measures to take. I agree WSEX should enter the modern era of computer security and eliminate these avenues for compromised password integrity.