Slashdot Mirror
Massive Porn Buyer Info Leak
Anonymous Guy wrote to mention a Wired article that covers the release of information for millions of customers onto the Internet. From the article: "The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included. The breach has broad privacy implications for the victims. Until it was brought low by legal and financial difficulties, iBill was a top credit-card processor for adult entertainment websites."
Woohoo! Free porn for everyone!
The theft of card data won't stop until both the merchants and card issuers incur sufficient liability to wake up and make changes. 1. It should be illegal for merchants to store card numbers after an approval code is received. Buyers should be required to resubmit their card number for new transactions and refunds. It's not that big of an inconvenience to reenter numbers. 2. Reoccurring transactions should be process by submitting the card number to the merchant. The merchant should in turn apply for a reoccurring number that is only valid between that merchant and the card-clearing house. They should be charged a higher fee for the liability of saving that custom number. This number would be worthless to the thieves. 3. The addition of a one time password (federated OATH type token) would also go a long way to solving these problems especially for card not present transactions.