Slashdot Mirror

← Back to Stories (view on slashdot.org)

ID Thieves Target Smaller Businesses

Posted by ryuzaki0 on from the cost-of-shopping-for-the-cheapest dept.

wiredog writes, "The Washington Post writes about real-time credit-card theft from small merchants (registration required). An accompanying Security Fix blog commentary from Brian Krebs describes '...10 hours of lurking I did on a variety of underground chat and Web channels frequented by identity and credit card thieves. From that research, Security Fix confirmed recent data breaches at four online merchants that were unaware that hackers had broken into their databases until we contacted them.' Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?" The article and blog commentary also cast doubt on the efficacy of online "hacker testing" services.

5 of 97 comments (clear)

  1. Hmmm. by The+Living+Fractal · · Score: 4, Interesting

    Here's what I wonder...

    Say I happen to like this online retailer, and they happen to have good prices. Say they might cut corners on security so they can pass the savings on to me, the consumer. Then also say that in my account with them I offer no social security number and pay with a check card. Furthermore, let's assume that in using my check card I transfer only the money I need to use to the checking account from the savings account (this is done easily online with my bank), thus after using said money anybody who did happen to get my card details won't be finding any money in the account anyway.

    So, how exactly am I at risk? I have a bank account that stays at basically zero balance except during the exact moments I intend to use the money. Call it a safety net... I mean this as a serious question. How am I at risk? Looks like I'm the one saving money here.

    --
    I do not respond to cowards. Especially anonymous ones.
    1. Re:Hmmm. by gEvil+(beta) · · Score: 4, Insightful

      If you're doing this you should make sure that you don't have any overdraft protection on your checking account.

      --
      This guy's the limit!
  2. e-card by Big+Nothing · · Score: 5, Interesting

    I know this is a bit off topic; presenting a solution (sort of) instead of bitching about the problem, but here goes nothing:

    Living in Sweden, I am using an "e-card" system offered (for free, as in beer) by my bank for all my online purchases requiring credit card information. I bet this system is available for you yanks as well as in most other industrial countries, but for those of you who are unfamiliar with the concept, here's a description:

    * On any online shop, when you've finished stuffing your shopping basket and head for the counter, you chose "credit card" just like you normally would.
    * Instead of using your ordinary credit card, you generate a time limited, amount limited virtual credit card. For all intents and purpose, this "electronic Visa" is no different from a regular Visa card.

    The advantage is that - even if a man-in-the-middle-attack - intercepts your order, the amount limit would hinder the culprit from stealing any money. And you don't have to worry about the shop losing the database containing your CC number; it's only valid for a month - and doesn't contain any money anyway.

    I've used this solution for a few months now, ordering from companies in Sweden and USA, by online order form and phone order. It works like a charm each time - no fuzz.

    --
    SIG: TAKE OFF EVERY 'CAPTAIN'!!
  3. cc fraud by Feyr · · Score: 4, Interesting

    on a related note, credit card thieves in africa are using non-profits "donation" pages (those who accept CCs) to test their newly stolen cards. one of our customer has multiple occurences of one scammer doing 3 transactions within a few minutes, two times for small amounts (1-2$) and one larger amount (~50$)

  4. Re:(registration or bugmenot required)? by coolgeek · · Score: 4, Insightful

    and they have deep pockets

    This is the most inaccurate idea thrown around about credit card companies. That they have plenty of money and that's how they just forgive various charges on your card when you complain or are defrauded. This is only half true, and that part is that they have plenty of money. Sure, they forgive charges to your cards all the time. But who pays for it? Does anyone really know? Well, any merchant knows that it is the merchant that pays for fraudulent and otherwise disputed charges. That, plus a $30-35 charge just like a returned check fee.

    Sure the credit card companies have a clause if you only ship the goods to the billing address, have AVS verification, make sure the CSC matches, AND have a signature required for the delivery, they claim that they will eat the cost and not pass it on to the merchant. Aside from the fact that shipping only to the billing address will cause one to lose business, in actual experience, I have observed multiple instances of credit card companies claiming the signature was forged for one reason or another. The merchant has no recourse. There is no appeal process. The only recourse is to discontinue accepting transactions from a card vendor, or to accept fraud expenses as part of the cost of doing business, and adjust consumer prices accordingly.

    And to think the article attempts to paint some shade of altruism on these crooks by saying they make a "donation" to charitable causes to verify the card is useable. These crooks are costing these organizations money for the returned charge fees.

    --

    cat /dev/null >sig