Slashdot Mirror

← Back to Stories (view on slashdot.org)

ID Thieves Target Smaller Businesses

Posted by ryuzaki0 on from the cost-of-shopping-for-the-cheapest dept.

wiredog writes, "The Washington Post writes about real-time credit-card theft from small merchants (registration required). An accompanying Security Fix blog commentary from Brian Krebs describes '...10 hours of lurking I did on a variety of underground chat and Web channels frequented by identity and credit card thieves. From that research, Security Fix confirmed recent data breaches at four online merchants that were unaware that hackers had broken into their databases until we contacted them.' Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?" The article and blog commentary also cast doubt on the efficacy of online "hacker testing" services.

6 of 97 comments (clear)

  1. And up go the prices! by Seiruu · · Score: 2, Insightful

    If the prices of your favorite retailer just went up by 10%, it's not because they've invested more in security, but just in /. articles.

  2. (registration or bugmenot required)? by joe+155 · · Score: 2, Insightful

    It didn't seem to be for me, I guess there's no excuse for not RTFA.

    What I would say on this issue though, and what we should have learnt from AOL is that it's not just the small companies who either get compromised or make huge mistakes, it seems rather harsh to focus just on the small companies as if they are always bad. The best advice that I think that I could give anyone for buying anything online (regardless of who from) would be to use a credit card - then your contract is with the credit card company so it's their issue if your data gets stolen or you don't get your goods... and they have deep pockets ; )

    --
    *''I can't believe it's not a hyperlink.''
    1. Re:(registration or bugmenot required)? by coolgeek · · Score: 4, Insightful

      and they have deep pockets

      This is the most inaccurate idea thrown around about credit card companies. That they have plenty of money and that's how they just forgive various charges on your card when you complain or are defrauded. This is only half true, and that part is that they have plenty of money. Sure, they forgive charges to your cards all the time. But who pays for it? Does anyone really know? Well, any merchant knows that it is the merchant that pays for fraudulent and otherwise disputed charges. That, plus a $30-35 charge just like a returned check fee.

      Sure the credit card companies have a clause if you only ship the goods to the billing address, have AVS verification, make sure the CSC matches, AND have a signature required for the delivery, they claim that they will eat the cost and not pass it on to the merchant. Aside from the fact that shipping only to the billing address will cause one to lose business, in actual experience, I have observed multiple instances of credit card companies claiming the signature was forged for one reason or another. The merchant has no recourse. There is no appeal process. The only recourse is to discontinue accepting transactions from a card vendor, or to accept fraud expenses as part of the cost of doing business, and adjust consumer prices accordingly.

      And to think the article attempts to paint some shade of altruism on these crooks by saying they make a "donation" to charitable causes to verify the card is useable. These crooks are costing these organizations money for the returned charge fees.

      --

      cat /dev/null >sig
  3. Re:Hmmm. by gEvil+(beta) · · Score: 4, Insightful

    If you're doing this you should make sure that you don't have any overdraft protection on your checking account.

    --
    This guy's the limit!
  4. Why is The Washington Post surprised at this? by Ynsats · · Score: 3, Insightful

    This just flat out makes sense. If I am looking to aquire credit card information for identity theft or fraudulent purposes, I want to get it as easily and un-noticed as possible. Big companies like Amazon.com and the like invest large amounts of money into security and fraud prevention. They have trained staff whose only purpose is to stop the baddies. Small companies aspiring to be an Amazon.com don't have the capital to invest and therefore rely on 3rd party vendors liek Yahoo! Shopping to handle thier credit card management. If theey don't then they are an easy target. As my management likes to say, they are "low hanging fruit" and "easy pickings".

    So if I want to steal information, I'm going to go where it is easy to get. It's amazing that it took a study and investigative reporting to "uncover" this whole "conspiracy". Then again, it can apply to brick and mortar stores too where small business can make a dirty habit of tossing credit card signature slips in the trash where an unscrupulous person can make use of them. that's not to say a big chain store wouldn't do that but they might be less likely to so. Maybe The Washington Post should investigate that one too?

  5. Re:e-card by silas_moeckel · · Score: 2, Insightful

    I think your missing the point in the US. Visa makes money on CC fraud it's a $35 fee on every chargeback and the chargeback is for the full ammount not the 2%ish removed. Visa like to make everybody think they are being the nice guy and eating the costs but realy they are just fleecing the vendors that are stuck paying the bill or not accepting CC and loosing that business.

    Now I would love to be able to have ecards they would be perfect if they accepted anything as the billing address (something it took forever to get my bank to do)

    --
    No sir I dont like it.