iApplianceWeb.com

EE Times Network
News Flash Appliance Insights Appliance Directory Standards in IA Webcasts


 

Security Sentinel

How safe are you from credit card fraud?

Toni McConnel
iApplianceWeb
(11/05/06, 7:35 PM GMT)

How safe are you from credit card fraud?

Answer: Not at all. 

Early in the morning on November 2, I did my monthly routine check of my Capital One credit card balance (via the Web) and discovered a recent charge of $1866 by Northwest Airlines—but I never made such a charge. I am pleased to report that getting the charge removed, cancelling the credit card to avoid further fraudulent charges, and getting a new card issued was relatively easy. 

Several phone calls later I had this information: my card had been used to make a reservation for someone traveling on Northwest Airlines flight 123 leaving Baltimore for Africa on December 10. Strange. Can’t believe anyone is dumb enough to show up for a flight booked that far in advance on a stolen credit card number, so I suspect the reservation was made just to get the ticket, which will then be sold at a discount, for cash, to some unsuspecting innocent party.

I also found out that the transaction was done via the Web. I asked the Capital One investigation department agent how that can be done when I have the card in my possession and all credit card transactions on the Web require the security code on the back on the card. I received the astonishing information that the person making the purchase can enter any security code they want, and if it is not the one on record it will still go through.

Outraged because I had trusted my belief that the security code was used to assure that the person using the card number was indeed the owner of the card, I asked, “Then what the hell good is the security code?” His answer was that the charge will go through as an ‘unsecure’ transaction, as if this explained everything and made it all right.

That was not the only shocker in this incident. The next day, November 3, Wired Magazine ran a news item about a ring of 17 credit card thieves arrested this week by the FBI. The connection to my experience is that the stolen card numbers used by one suspect were all Capital One accounts. He received the numbers from persons in Romania and used them to purchase items that were then sold for cash. It seems my theory that the reservation made using my credit card was just to get the ticket, which was then sold for cash to some unsuspecting innocent party, is likely correct.

The only place I store my credit card information is in Roboform, the browser add-on vault that stores sensitive info using 128-bit encryption, which is purportedly uncrackable. And because the stolen credit card numbers in possession of the suspects were all Capital One accounts, it is a fairly safe bet that my credit card number was obtained by one of two means: Capital One itself was cracked, suggesting their system is not only insecure but their records are not encrypted, or this was an inside job—which security experts say is more often the case. Regardless of the means used, I have cancelled all my Capital One credit cards (I had three), of course.

The only good news in all this is that there is increasing cooperation between countries to crack down on cyber criminals. In this particular case, Romanian authorities are cooperating with the FBI.

Toni McConnel is executive editor of iApplianceWeb. You can contact Toni by sending email to Toni TechRite-Associates.com, replacing the space with the @ sign, of course.

For more information about topics, issues and technologies mentioned in this story go to the flashing icon in the upper left corner on any page or go to  the iAppliance Web Views page and call up the associatively-linked Java/XML-based Web map of the iApplianceWeb site.

Enter the appropriate key word, product or company name to list
instantly every news and product story, product review and product database entry relating to the topic since the beginning of the 2002.




Copyright © 2004 Appliance-Lab
Terms and Conditions
Privacy Statement