The Economy of Online Crime 119
hdtv writes "You might call the thugs or thieves, but on their own closed forums and referral-only Web sites, they value honesty and reputation. Fortune magazine looks into the black market for stolen credit card numbers and identities. What's interesting is that so few of the criminals retrieve their information via breaking into online stores." From the article: "Gaffan says these credit card numbers and data are almost never obtained by criminals as a result of legitimate online card use. More often the fraudsters get them through offline credit card number thefts in places like restaurants, when computer tapes are stolen or lost, or using 'pharming' sites, which mimic a genuine bank site and dupe cardholders into entering precious private information. Another source of credit card data are the very common 'phishing' scams, in which an e-mail that looks like it's from a bank prompts someone to hand over personal data."
pharming? (Score:3, Informative)
Re:The Problem Is The Credit Card (Score:1, Informative)
Re:Rumpelstiltskin (Score:5, Informative)
For reference, see this link [zug.com]
In my own life, I have my daughter sign the credit card bill (and compute the tip, if necessary) and since she's an art student she has been coming up with some pretty creative signature designs.
Amazing complexity (Score:5, Informative)
Re:The Problem Is The Credit Card (Score:4, Informative)
Re:The Problem Is The Credit Card (Score:4, Informative)
I do systems work for a major card issuer.... (Score:5, Informative)
- I don't know how things were "back in the day", but these days, if a family member racks up a credit card bill without permission, and the cardholder won't press criminal charges and file a police report, the cardholder is stuck with the bill. That said, if a merchant just gets approval from "the cardholder's wife", then it's no wonder the merchant got stuck holding the bill and with a penalty to boot. Both are part of the agreement you signed that allowed you to accept credit cards. You did read that, right? Just askin'.
-Banks are actually very serious about stopping fraud. Not only do banks end up covering a fair amount of the tab because the hoops you have to jump through to get Visa/MC to cover it get harder and harder (and in the world of banking, profits are generated by pennies a transaction, so even $50 of fraud is significant in terms of lost profits), but all the major issuers understand that no one wants to be the next one caught with their security wanting. The bad press associated with lost laptops, wayward tapes and hacked websites is something no one wants - and, in fact, it practically killed CardSystems. We are under major pressure to make sure our bank isn't next - because you do lose a lot of customers from this sort of thing. And reissuing cards to a swath of cardholders is both expensive and time-consuming. The bank I work for hasn't been involved in any of this so far, but we make a point not to brag about it - it just invites trouble.
-You DO sign the receipt as a verification. Signatures are not necessary for certain types of transactions, or for transactions under a certain fairly low limit, but if there is fraud or a dispute, the merchant has to produce the signature. Or they lose the dispute. This is why many merchants now use the CVV2, although, as you can probably infer from the story, it also is not perfect.
-Why the cheap price for high-limit cards? Because actually using them is much riskier than stealing them. Either you need your ill-gotten gains shipped somewhere, or you need to show up somewhere in-person. Or you go for fairly small stuff. In any case, it's a lot more risky than the number theft, and if you steal numbers, you probably sell a batch at a time. With the risk goes the reward, so to speak.
-Phishing, we're working on that too. All the major issuers have places on their websites where you can report phishing activities. Do so, whenever you see it. And the major issuers are also all conducting informational campaigns, trying to teach people what a legitimate communication looks like.
Overall, though, massive card number theft is unusual. Most people lose their information by losing their wallet, being careless with their info (like with phishing), or by a family member/friend up to no good.
Re:Phising getting more and more "important" (Score:3, Informative)
About the worst they could have done was order 500 romance novels in your name and have them delivered to you. The modern equivalent of the "you ordered a pizza" gag.
Re:Why so cheap? (Score:3, Informative)