Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracker Gains Access to 2.2 Million Credit Cards

Posted by timothy on from the check-yer-wallet dept.

Doctor Sbaitso writes "CNN reports that a hacker bypassed the security system of a company that processes credit card transactions and gained access to approximately 2.2 million Visa and MasterCard credit cards. Fortunately, none of them seem to have been used fraudulently."

6 of 500 comments (clear)

  1. Re:oops, missed the credibility express by T-Ranger · · Score: 4, Informative
    CC companies are constantly scanning there databases for "weird" purchases. Like buying gas in NYC at the same time as buying a DVD player in SF. Companies will respond from terminating the card, or trying to phone the (rightfull) owner..
    Im sure they have prety good mertrics on what normal background fraud is. I doubt the statement means that each and every account has been hand checked, but just that that block of accounts dosent have a abnormal rate of fraud.

    As others have pointed out it dosent realy matter for card holders, but its like any theft from a big company. (shoplifting, insurance fraud, etc) Eventualy it trickles down to the consumer...

  2. Re:OUch by eDogg · · Score: 5, Informative

    Unfortunately, I hold one of those 2.2 million cards. I was thoroughly frustrated when my card was declined Friday, Saturday then again on Sunday. What was even odder is that I could take my bank-issued card to the ATM and withdraw $100 and get a balance statement that showed positive numbers. Finally got the "scoop" from my bank today. They gave me a different story though, said MC alone had 7 million cards compromised. Ended up having to call the "fraud" department at MC, verify my vital information and have my cards re-issued. They also took the time to verify all transactions in the last 4 days to make sure none were fraudulent. On a side note, they did try calling me, but my number had been changed.

  3. Re:It's probably a matter of time... by Ponty · · Score: 4, Informative

    From the article, it appears that Visa is saying that none of the flagged numbers have actually been used after the specified date and time.

  4. Re:We should be moderately safe by phutureboy · · Score: 5, Informative

    Yep.

    My dad lost his card visiting relatives about 100 miles away in Virginia and didn't even realize it. When he got home he got a call from the credit card company, who said their software flagged a $600 purchase made at Home Depot in Virginia which didn't fit his profile, and asked whether he had made it. Sure enough, he checked his wallet and his card was gone. He realized he had left it sitting on top of an ATM or something. He did not have to pay for the Home Depot purchase.

    I was impressed with how well all that worked.

  5. Consumers are protected from fraud? by edb · · Score: 4, Informative
    The article mentioned that both VISA and MasterCard have a "zero-liability policy" so that consumers are not liable for fraudulent charges made with stolen account numbers. Well, yes and no. The federal credit law does limit the liability, but there are limitations on the limits (distance from home, etc.). Usually this is not a problem, and almost always any charge the consumer contests is credited back in full, and charged back to the merchant who made the charge.


    But what usually is ignored is that while the consumer might not have to pay, the merchant who sold the goodies does have to pay. The credit card issuer doesn't pay for fraudulent charges -- they get "charged back" to the merchant who made the charge, and the merchant pays, plus a "chargeback fee" of $15 - $50 per transaction. It's one thing for a software download to go unpaid, it's quite another for a merchant to ship actual physical goods and not get paid for them.


    Eventually the consumer does end up paying for fraudulent credit card charges, but just like insurance premiums, where any individual charges or payments might be small relative to the total public cost of the incident, you can be sure that in the aggregate the fees, interest, and other charges imposed by the credit card issuing banks will cover their losses and still make a profit, and the prices merchants have to charge for goods will, in the long run, certainly have to cover their losses and still make a profit.


    In other words, the cost of credit card fraud is shifted away from the consumer (who is innocent of any single fraudulent charge on their particular card, so of course should not be forced to pay it), and becomes instead just part of the cost of doing business for everyone on the other side of the transaction.

    --
    In theory, practice and theory are the same. In practice, they rarely are.
  6. Re:one way to know. by radish · · Score: 4, Informative

    That's exactly what I'm talking about - EFTPOS. There is a myth that they clear every txn - they simply don't (I've worked in shops using them, and more recently in the financial sector). As I said, most shops (particularly large department stores and supermarkets) cannot clear the required number of txns quickly enough, so they set a limit - anything below that is just approved automatically provided the card is not on a watch list. The actual value of the limit varies by shop and by day and is secret (as knowledge of it would be useful to a fraudster).

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"