Slashdot Mirror

← Back to Stories (view on slashdot.org)

ID Thieves Target Smaller Businesses

Posted by ryuzaki0 on from the cost-of-shopping-for-the-cheapest dept.

wiredog writes, "The Washington Post writes about real-time credit-card theft from small merchants (registration required). An accompanying Security Fix blog commentary from Brian Krebs describes '...10 hours of lurking I did on a variety of underground chat and Web channels frequented by identity and credit card thieves. From that research, Security Fix confirmed recent data breaches at four online merchants that were unaware that hackers had broken into their databases until we contacted them.' Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?" The article and blog commentary also cast doubt on the efficacy of online "hacker testing" services.

5 of 97 comments (clear)

  1. Hmmm. by The+Living+Fractal · · Score: 4, Interesting

    Here's what I wonder...

    Say I happen to like this online retailer, and they happen to have good prices. Say they might cut corners on security so they can pass the savings on to me, the consumer. Then also say that in my account with them I offer no social security number and pay with a check card. Furthermore, let's assume that in using my check card I transfer only the money I need to use to the checking account from the savings account (this is done easily online with my bank), thus after using said money anybody who did happen to get my card details won't be finding any money in the account anyway.

    So, how exactly am I at risk? I have a bank account that stays at basically zero balance except during the exact moments I intend to use the money. Call it a safety net... I mean this as a serious question. How am I at risk? Looks like I'm the one saving money here.

    --
    I do not respond to cowards. Especially anonymous ones.
    1. Re:Hmmm. by rascanban · · Score: 3, Interesting

      Well, for one, you are assuming that this series of activities is going to be available to you every time you want to purchase something online. This involves at least one additional step on your part. Remember Murphy's Law? One extra piece in the puzzle means one more thing can go wrong. The "bad guys" can monitor your account, set up bots to do it, or even guess that in the holiday season you may be using your card more than in March or August. The human factor can help them write code to get your money, even with such steps in place. And, I don't know about you, but my time and brain capacity can be better used that remembering to do the steps you outlined above. And, finally, time is money. Money is power. You spending time on this decreases power, transitively.

      --
      "Beauty is the ultimate defense against complexity." - David Gelernter
  2. e-card by Big+Nothing · · Score: 5, Interesting

    I know this is a bit off topic; presenting a solution (sort of) instead of bitching about the problem, but here goes nothing:

    Living in Sweden, I am using an "e-card" system offered (for free, as in beer) by my bank for all my online purchases requiring credit card information. I bet this system is available for you yanks as well as in most other industrial countries, but for those of you who are unfamiliar with the concept, here's a description:

    * On any online shop, when you've finished stuffing your shopping basket and head for the counter, you chose "credit card" just like you normally would.
    * Instead of using your ordinary credit card, you generate a time limited, amount limited virtual credit card. For all intents and purpose, this "electronic Visa" is no different from a regular Visa card.

    The advantage is that - even if a man-in-the-middle-attack - intercepts your order, the amount limit would hinder the culprit from stealing any money. And you don't have to worry about the shop losing the database containing your CC number; it's only valid for a month - and doesn't contain any money anyway.

    I've used this solution for a few months now, ordering from companies in Sweden and USA, by online order form and phone order. It works like a charm each time - no fuzz.

    --
    SIG: TAKE OFF EVERY 'CAPTAIN'!!
  3. Re:(registration or bugmenot required)? by Rob+T+Firefly · · Score: 3, Interesting

    The way I prefer to do online shopping is with a checking account that has a Visa/MC debit card linked to it. That way, I can use online banking to transfer the precise amount I want to spend into my designated "e-commerce-only" account before I do it. It adds an extra step to each transaction, but it's worth it to me since even if someone had the complete CC info for that card, chances are the charge would be denied. And, if you set it up at the right bank, it's all totally free.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  4. cc fraud by Feyr · · Score: 4, Interesting

    on a related note, credit card thieves in africa are using non-profits "donation" pages (those who accept CCs) to test their newly stolen cards. one of our customer has multiple occurences of one scammer doing 3 transactions within a few minutes, two times for small amounts (1-2$) and one larger amount (~50$)