I posted the same thing as well in another thread in the "Store Forums." No one seems to believe it.

Apparently some people believe only what they want to believe.

Have you tried proving that? Try it. I did before I posted earlier. I assure you that statement is 100% untrue. Maybe that's why you don't see it as a bigger deal. Be sure and post your findings.

I am not reading this entire topic but, as I wrote on another thread, No one can change your information!!!, No one can change your address, name, email or whatever!!

This is clearly posted on DDD's personal information page:

For security reasons, any changes to your account information require that your credit card number to be updated.


You do not have that number nor can you obtain it.

Can't speak to why the site is still up but I am sure there is a reason.

Sleep tight people, you are worrying wayyy too much about nothing.

That isn't true at all.

You can change your account's information without having to have the credit card number. Go and try it for yourself and you'll see what I mean.

It may so so differently on DDD, but it's not true at all.

As I also posted on the other thread:

Have you tried proving that? Try it. I did before I posted earlier. I assure you that statement is 100% untrue. Maybe that's why you don't see it as a bigger deal. Be sure and post your findings.

Just the fact that they have that statement on their site, when it isn't true at all, is enought go make me steam.

I was able to change both the shipping address, email address, password, and subsequentally log in and out using the new information all without affecting my credit card info in the slightest.

Maybe DDD doesn't consider any of those things "account information."

No you cannot.
Kayak is exactly right.
I know, because I've bought DVDs and had them shipped to someone else in a different city; and each and every time I've gone into "Account Information", I've been forced to re-type the full 16-digit credit card number into the appropriate box. You cannot get around it.

So, anyone thinking they can "pull a fast one" and change someone else's Ship-To address to their own & garner free DDD products is mistaken. Can't be done -- unless, of course, that person is Kreskin and just happens to guess the correct 12 digits of a particular person's CC number (the last 4 numbers are visible, of course....so they'd have to GUESS at the first twelve digits...which is virtually impossible without a really, really good crystal ball).

This will go back and forth forever, because you CAN change the information. Go and try it right now, then come back and post here. You might have needed to put in your CC information in the past, but not as of right now.

Follow-up to my last post above ..............................

DDD shows this blurb whenever you change anything in your "Account" settings ............

>> "For security reasons, any changes to your account information require that your credit card number to be updated."

Maybe that's the way it used to be, and because I have an open mind, I tried again. I changed the ship to in account information to my parents address, and this time went so far as to place an order, and was not challenged once for new credit card info. Same went for email address and password. For my account, at this day and time, DDD's claim is a fiction.

This does assume you have a credit card saved in your account information ahead of time, which many, many repeat customers do (I know, because I saw many of their accounts and turned it off for them). I would be interested if you get different results, because then my account has another problem which yours does not have.

Edit:

Thanks for following up davidvp. Sort of puts a new spin on this non-issue, doesn't it?

well I just changed my ship to info to reflect my new location of 1234 Pepsi st. in Mountain Dew, MI.

this is not cool.

I'm unfamiliar with the "Bill me later" option, but is it necessarily a better option than yusing a credit card?

Say someone is able to hack into your account and ship a shitload of merchandise around, and then you get the bill later...

What kind of security is in place to protect the victim in such an event? At least with a credit card, a fraudulent charge is taken care of by the card issuer, and they presumably double-check the bill/ship addresses when the card is charged, so any suspicious activity would likely raise a flag. Does the "bill me later" option offer any kind of security like this?

An odd thing I encountered while playing around with the account settings 1st time --- I had to re-type the password in the "Verify Password" box, but not in the Password box just above it. One letter was missing in the "verify" box. Weird (again).

Anybody else encounter this added level of Password "weirdness" in this "DDD Odyssey Of Madness"??

Crap -- Now it won't let me Logout!! Geesh!

Does anyone think that a hacker could have changed the settings to allow for the address to be modified without entering the credit card information?

If you cannot logout delete your cookies.

Loss of business and the legal threats of individuals aside, DDD really needs to be worried about the credit card companies and their merchant account bank. As a business owner who sells merchandise online, I can tell you that they have very strict regulations and rules about the use of credit card numbers. If I am shown to have been negligent in my care of credit card information and my negligence results in fraudulent charges, I could be fined up to $15 per transaction and likely lose my merchant account.

As has been discussed here, having a glitch is understandable. Leaving the site up and operating with full knowledge of the glitch is negligence. Regardless of customer reaction to this incident, if DDD falls from grace with the CC companies, they're dead.

Sure sounds that way, LASER.
Because, per DDD's own policy, you're supposed to be forced to change the full CC number each time. Which, of course, is an excellent policy, security-wise.

That is a good question. Looks to me like it's their own revolving credit account (though admittedly in order to get this posted I have not read it all). It also appears that if you haven't already set it up, your are OK, so selecting it as default in your account to remove your CC info should be just fine. If you actually have used "Bill me Later," you might still have a problem.

From the site:

What is Bill Me Later®?
Buy Fast and Feel Secure with Bill Me Later®:
Bill Me Later® is a convenient and secure new payment method designed for purchasing on the web or over the phone. As a credit account, Bill Me Later® provides you with the flexibility to purchase without using your credit card.

To request a Bill Me Later® account, you do not have to complete a lengthy application prior to making a purchase. Simply select Bill Me Later® at checkout to complete your request.
There are no account numbers to enter, just top-of-mind information such as date of birth and the last four digits of your social security number. This information is easy to provide and helps us protect you against fraud.
Bill Me Later® offers “zero fraud liability” protection which means you are not responsible for unauthorized charges.
After you use Bill Me Later®, you will receive a billing statement.
Bill Me Later® offers flexible repayment options: you can choose to pay the entire balance with no additional charges or pay a portion of the balance and regular interest charges apply.
Bill Me Later® is offered through CIT Bank and is only available to US customers who are at least 18 years of age. Subject to credit approval.

Scroll down for Bill Me Later® FAQs

Bill Me Later® Frequently Asked Questions

Do I need to be approved prior to selecting Bill Me Later® at check-out?
No, you do not need to complete an application or get approval prior to shopping. To request a Bill Me Later® account, simply select Bill Me Later® at checkout. A separate page will appear in which you: 1) verify the billing address you’ve already provided the merchant, 2) supply your date of birth and last four digits of your Social Security Number for verification purposes, 3) Review and agree to the E-sign Consent, and 4) review and approve the Bill Me Later® Terms and Conditions to request a Bill Me Later® account.

Is there an Annual Fee?
No. There is no annual fee for using Bill Me Later®.

What is the Annual Percentage Rate?
The Annual Percentage Rate is 17.99%. Of course, you can choose to pay your entire balance by the payment due date and pay no finance charges.

Does Bill Me Later® protect me from unauthorized charges?
Yes, Bill Me Later® provides “zero fraud liability” protection; the same protection provided by most major credit cards. This means you are not responsible for unauthorized charges.

And Bill Me Later® has been designed with other features to help protect against unauthorized use of your account. Your identity is validated with top-of-mind information such as date of birth and last four digits of your Social Security Number. This means there is no account number that can be lost or stolen.

What does Subject to Credit Approval mean?
Bill Me Later® is a credit account that you can use to make purchases. CIT Bank will review and consider your credit report and other credit related information prior to approval.

Does CIT Bank review my credit report every time I make a purchase?
CIT Bank does not review your credit report for each transaction. However, your credit report may be reviewed for some transactions and periodically to provide you with the maximum buying power possible.

Do I have a credit line and how much is it?
CIT Bank does not issue a credit line. To enhance your convenience, security and buying power, CIT Bank approves and extends credit for each transaction.

Where else can I use Bill Me Later®?
A growing network of merchants accept Bill Me Later®. A complete list of merchants who accept Bill Me Later® is provided on our website at www.bill-me-later.com.

How can I contact Bill Me Later® to find out more about this payment method?
Web: you may visit our website at www.bill-me-later.com or email your questions to [email protected].
Phone: you may call 1-866-528-3733 Monday - Friday from 9:00 am to 11:00 pm Eastern time to speak with a Customer Care representative.
Click here to view the Bill Me Later® Terms and Conditions. These Terms and Conditions will be provided to you again after you select Bill Me Later® at checkout.

The "Bill me later" option is really some sort of charge deal through CIT Bank, where you use your birth date and last 4 digits of your SSN for verification. I haven't figured out how you sign up with CIT Bank before you use it, though.

I tried logging in and out multiple times with Firefox (XP and FreeBSD) and IE (XP), and never saw anyone else's account.

If this truly was a hacker, then it makes me wonder how safe our credit card information was. If DDD has that unsafe of a security system, and someone really did manage to basically rewrite their site and caused this... It isn't that much of a leap to wonder if someone might be running around with a bunch of our CC numbers.

Given DDD's absolutely unacceptable communication and course of action thus far, I doubt they'll ever bother admitting what the true cause was. Guess I'll just have to keep an eye on my credit card statement over the next couple of months.

Okay, to satisfy the paranoid, I went in twice, obtained TWO separate names, tried to change some of their information. Tried names, did not work, tried addresses, did not work, tried email address, did not work.

Perhaps you change your own, and who gives a **** if you can do that but you cannot change that of another person and they cannot change yours!!

Sheesh, hopefully a new crisis will erupt so some of you can take a break.

Interesting...

Thanks for the moment of clarity. Some just don't get it or just enjoy being argumentative. Look, it sucks all the way around. I really like DDD, and wish this could get properly managed quickly.

Yes, just for you Mr Needle. I have tried it. I cannot change another persons nor can you. You may change yours but you cannot change that of another.