[Cryptography] Walmart fooled by non-authenticated web pages

Florian Weimer fw at deneb.enyo.de
Sat Nov 22 08:12:41 EST 2014

* Jerry Leichter:

> The only unusual thing here is that Walmart apparently believed that
> someone else was selling a popular, in-demand device for a quarter
> the going price.

I expect that Walmart doesn't disclose the margins on individual items
to each store.  The clerk who approved the discount is unlikely to
have all relevant information.  Usually, when it comes to discounts,
companies have policies specifying which discounts can be granted by
which employees.  It would be easy to restrict local approval directly
in the store to, say, 10% or $50 at most, and require approval from
higher up (presumably with access to real information) for everything

On the other hand, maybe Walmart looked at their numbers, figured out
that the price-matching offer wasn't really used all that much, and
estimated that developing a policy (and staffing the approval process)
would cost more than the occasional blunder.

Even in this case, the popularizing its price-matching offer, and the
underlying message that Walmart is a trusting supplier who treats
customers fairly even to a fault, is likely worth far more than the
money they have lost because of the erroneous discounts.

More information about the cryptography mailing list