Telflora Security Breach

[kt4ye]

Teleflora has a Valentine's promotion called "Diamonds and Roses."

Part of the promotion involves the recipient going to a website -- diamondsandroses.com -- and entering a gamepiece number as well as the Name and TELEFLORA ID NUMBER of the florist that supplied the product.

Where does the consumer get the ID number? Well, they are requiring the TF florist to put their Name (OK) and TF ID number (NOT OK) on each game piece that is sent out!

THIS IS A TERRIBLE BREACH OF SECURITY.

Over the years, and in spite of a fairly alert staff, we have been "hit" with several fraudulent incoming telephone wire orders from crooks that have "obtained" a valid TF or FTD ID Number and used it to get FREE FLOWERS.

We called TF HQ and they don't seem to be concerned that the general public will have access to OUR PROPRIETARY INFORMATION.

What are they thinking about?!

 

[BOSS]

While all the directories are available on Ebay... Helping them out is not a good idea....

If they can only get the piece at a retailer, then why do they need the number anywho?

 

[kt4ye]

I suspect they added the ID number to reduce the likelihood that STOLEN gamepieces can't be used.

There are a whole bunch of alternate ways to verify that the gamepiece came from a legitimate supplier. But asking a florist to PUBLISH his proprietary information ain't one of 'em!

 

[Chezbloom]

I'm sorry but this is just pure stupidity, although, I am hardly surprised.
Teleflora, seriously.....we know you read Flower chat....What gives?

 

[kt4ye]

Solved?

Our TF rep just called. She said that in lieu of the TF ID number, we should use our local telephone number.

She said that TF HQ just hadn't thought about the security implications. Supposedly, TF sent out a GEN message on this, but I have not seen it.

 

[Kobe0007]

I heard the same thing. After seeing this post and remembering about those cards (through them in a drawer till I could get to them), I sent my rep an email and he responded saying yesterday Teleflora changed it so that phone numbers can be used instead.

 

[kt4ye]

Just a quick follow up.

TF communication authorizing the use of a phone number instead of the ID number has been verbal only.

ALL of their written communication still asks the florist to supply her ID number.

I know this will come as a tremendous SHOCK to all, but TF doesn't really give a rats --- about their "members."

 

[Ken]

Message Received Over The Dove

Our shop received a message over the Dove to use the shop telephone number instead of the shop code. The message was received a couple of weeks ago.

 

[Kobe0007]

Yeah, the day after my last post we received the same dove message.

 

[kt4ye]

Yeah! It turns out that my bride (of 20 years -- if we make it through Mother's Day) put the TF memo in our VDAY file without showing it to me.

I am SO RELIEVED that TF REALLY DOES CARE!