Slashdot Mirror
Reporting Stolen Credit Card Lists?
harlows_monkeys asks: "I just received a spam, at both home and work, both sent through trojaned Windows machines, offering to sell me a credit card database stolen from camcontacts.net.
Included was a link to a sample of the database (no, I'm not providing a link!). I downloaded the sample, and it appears legit. There are 13000 numbers. I picked one of the Visa numbers, went to Visa's web site, and entered it in a form to sign up for fraud protection, and it accepted it, and identified the issuing bank. It was accepted. All indications are that this stuff is real.
So, the question arises--what is the correct way to deal with this?
"I called Visa, and after they spent a while figuring out what department was responsible, all they could suggest was call local law enforcement, and if I wanted to talk to Visa's security people, call back at 9am when they get in.
American Express didn't even suggest calling local law enforcement. They just suggested calling back when their security people got in in the morning.
I then called the FBI. They said to call the Secret Service and gave the number.
At the Secret Service, I ran into an answering machine that gave their office hours.
It seems to me that there should be -someone- who would be interested in a widely-sent spam that links to 13000 credit card numbers, with expiration date and customer name and zip code, so as to stop these from being fraudulently used, but it escapes me who that would be--I struck out with all my candidates.
Is it just me, or does the indifference of Visa and Amex to this shock anyone else?"
American Express didn't even suggest calling local law enforcement. They just suggested calling back when their security people got in in the morning.
I then called the FBI. They said to call the Secret Service and gave the number.
At the Secret Service, I ran into an answering machine that gave their office hours.
It seems to me that there should be -someone- who would be interested in a widely-sent spam that links to 13000 credit card numbers, with expiration date and customer name and zip code, so as to stop these from being fraudulently used, but it escapes me who that would be--I struck out with all my candidates.
Is it just me, or does the indifference of Visa and Amex to this shock anyone else?"
If you were calling them outside business hours its no surprise they were unresponsive. I'm not saying that I condone their handling of it they should jump on it in an instant however if their security people are not available chances are there is no one there with the knowledge to help.
Everyone is stupid, it is just the degree that varies
Of the credit card companies. They don't give a rat's ass about credit card fraud. Why? Because they don't loose money on it. They chargeback the merchant that accepts the stolen card.
That's the way the system works. I know firsthand. Every merchant that does non face-to-face transactions will eventually get bit and when it happens, all the credit card company cares about is getting their money back from the merchant. They are not interested in fraud investigation. Why should they? That costs money. It's much easier to make the merchant cover the costs. He has to in order to keep his account.
It's a terribly broke system, but the people with the gold make the rules. Sorry I sound so bitter, but I learned a $1700 lesson on this one...
"Eve of Destruction", it's not just for old hippies anymore...