Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

ID Thieves Target Smaller Businesses 97

wiredog writes, "The Washington Post writes about real-time credit-card theft from small merchants (registration required). An accompanying Security Fix blog commentary from Brian Krebs describes '...10 hours of lurking I did on a variety of underground chat and Web channels frequented by identity and credit card thieves. From that research, Security Fix confirmed recent data breaches at four online merchants that were unaware that hackers had broken into their databases until we contacted them.' Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?" The article and blog commentary also cast doubt on the efficacy of online "hacker testing" services.
This discussion has been archived. No new comments can be posted.

ID Thieves Target Smaller Businesses

Comments Filter:
  • by Anonymous Coward
    Only through art can we emerge from ourselves and know what another person sees.
  • by Seiruu ( 808321 )
    If the prices of your favorite retailer just went up by 10%, it's not because they've invested more in security, but just in /. articles.
  • by joe 155 ( 937621 ) on Thursday September 28, 2006 @11:32AM (#16230253) Journal
    It didn't seem to be for me, I guess there's no excuse for not RTFA.

    What I would say on this issue though, and what we should have learnt from AOL is that it's not just the small companies who either get compromised or make huge mistakes, it seems rather harsh to focus just on the small companies as if they are always bad. The best advice that I think that I could give anyone for buying anything online (regardless of who from) would be to use a credit card - then your contract is with the credit card company so it's their issue if your data gets stolen or you don't get your goods... and they have deep pockets ; )
    • by Rob T Firefly ( 844560 ) on Thursday September 28, 2006 @11:40AM (#16230403) Homepage Journal
      The way I prefer to do online shopping is with a checking account that has a Visa/MC debit card linked to it. That way, I can use online banking to transfer the precise amount I want to spend into my designated "e-commerce-only" account before I do it. It adds an extra step to each transaction, but it's worth it to me since even if someone had the complete CC info for that card, chances are the charge would be denied. And, if you set it up at the right bank, it's all totally free.
      • with a checking account that has a Visa/MC debit card linked to it

        My personal favorite is to use a virtual credit card number provided by my bank (but which still bills to my existing account). I can set a dollar and/or time limit on the validity of the number, and the number can only ever be used by a single merchant account. If the number is ever compromised, the thief could only ever use it at the same merchant, and only if I set the maximum value significantly higher than my purchase price.

    • The best advice that I think that I could give anyone for buying anything online ... would be to use a credit card...

      Better yet, some credit cards offer the ability to create virtual cards for specific amounts and defined time periods. The "cards" validate just like the real thing and are linked to your real card, but are only valid for a defined period, amount, or number of transactions.

      • by Amouth ( 879122 )
        I wish more places did this.. It is a great thing.
      • The best advice that I think that I could give anyone for buying anything online ... would be to use a credit card... i'm agree with that phrase.. it have a good point on credit card where the account created based on credit card it's never ever have a link with any cash account for any user. it's like a dummy where in the account actually doesn't have any cash. the usage of the credit card is depend on the specific amount. so user don't have to worry because if the usage is about near over limit of specif
    • by coolgeek ( 140561 ) on Thursday September 28, 2006 @12:18PM (#16231155) Homepage
      and they have deep pockets

      This is the most inaccurate idea thrown around about credit card companies. That they have plenty of money and that's how they just forgive various charges on your card when you complain or are defrauded. This is only half true, and that part is that they have plenty of money. Sure, they forgive charges to your cards all the time. But who pays for it? Does anyone really know? Well, any merchant knows that it is the merchant that pays for fraudulent and otherwise disputed charges. That, plus a $30-35 charge just like a returned check fee.

      Sure the credit card companies have a clause if you only ship the goods to the billing address, have AVS verification, make sure the CSC matches, AND have a signature required for the delivery, they claim that they will eat the cost and not pass it on to the merchant. Aside from the fact that shipping only to the billing address will cause one to lose business, in actual experience, I have observed multiple instances of credit card companies claiming the signature was forged for one reason or another. The merchant has no recourse. There is no appeal process. The only recourse is to discontinue accepting transactions from a card vendor, or to accept fraud expenses as part of the cost of doing business, and adjust consumer prices accordingly.

      And to think the article attempts to paint some shade of altruism on these crooks by saying they make a "donation" to charitable causes to verify the card is useable. These crooks are costing these organizations money for the returned charge fees.
      • by whimmel ( 189969 )
        The merchant has no recourse. There is no appeal process. The only recourse is to discontinue accepting transactions from a card vendor, or to accept fraud expenses as part of the cost of doing business, and adjust consumer prices accordingly.
        The merchant actually does have the ability to respond to a chargeback and re-present a transaction they can prove is valid.
        • Yes, this is true. If you read what I posted, I am enumerating multiple instances where we have responded to chargebacks with copies of signatures for deliveries to the billing address on the card. We told we could not prove it was the cardholders' signature, and were charged back the money anyway. Probably because one of their latchkey kids made the charge, and signed for the package. There is no appeal in such a case.
      • Well, any merchant knows that it is the merchant that pays for fraudulent and otherwise disputed charges.

        To lump all merchants together oversimplifies the situation. Retailers who wish to accept credit cards must open a merchant account with a bank, and it is the terms of that merchant account which dictate what happens in cases of fraud and chargebacks. These terms can and do vary from merchant to merchant, which is why some places (Starbucks, Chipotle, etc) can accept credit charges under a given value wi

  • by tygerstripes ( 832644 ) on Thursday September 28, 2006 @11:37AM (#16230349)
    Maybe it's the "services" themselves you should be worrying about...

    Okay, that's a bit of a cheap stab, but it's important to remember that white-hats and black-hats are only separated by the particular direction their careers took them (consider that "security consultant" guy in NZ who narrowly escaped a conviction).

    There's no such thing as a completely secure system. A security cracking service for testing your systems is paid to identify weaknesses, but there's no way they could make sure you were completely secure - their motivation is to do a decent job and get paid, which means identifying obvious flaws and telling you how to fix them. They're not going to spend their waking lives figuring out how to breach it.

    If a black-hat of a similar caliber really wants to, they'll find a way into your system. It just might take time. Mostly though, they want into the easiest systems they can penetrate, so getting a white-hat in to make their job harder is worthwhile - it's just not a guarantee.

  • Hmmm. (Score:5, Interesting)

    by The Living Fractal ( 162153 ) <banantarr@YEATShotmail.com minus poet> on Thursday September 28, 2006 @11:38AM (#16230379) Homepage
    Here's what I wonder...

    Say I happen to like this online retailer, and they happen to have good prices. Say they might cut corners on security so they can pass the savings on to me, the consumer. Then also say that in my account with them I offer no social security number and pay with a check card. Furthermore, let's assume that in using my check card I transfer only the money I need to use to the checking account from the savings account (this is done easily online with my bank), thus after using said money anybody who did happen to get my card details won't be finding any money in the account anyway.

    So, how exactly am I at risk? I have a bank account that stays at basically zero balance except during the exact moments I intend to use the money. Call it a safety net... I mean this as a serious question. How am I at risk? Looks like I'm the one saving money here.
    • Re: (Score:3, Interesting)

      by rascanban ( 732991 )
      Well, for one, you are assuming that this series of activities is going to be available to you every time you want to purchase something online. This involves at least one additional step on your part. Remember Murphy's Law? One extra piece in the puzzle means one more thing can go wrong. The "bad guys" can monitor your account, set up bots to do it, or even guess that in the holiday season you may be using your card more than in March or August. The human factor can help them write code to get your mo
      • I am not sure how they can monitor my account. They'd need more than just the card info to see available balances. At the very least they'd need the PIN and if they wanted to access the online portion with bots they'd need my account password, which is a pretty strong one that would take some brute force approach to crack since it is not related to anything personal of mine.

        And I would think that malicious identitiy thieves are more hit-and-run, not hang-out-and-wait types. They wouldn't likely continue
        • What if your online banking is not available at the time of purchase?
          • Then I'm pretty much screwed.

            Luckily my bank is rarely unavailable.

            But as one person replied, using a credit card with fraud protection is probably the best method. My problem is I just avoid using credit cards altogether except for emergencies. And even though you have fraud protection on a credit card you are unlikely to get the protection without having to spend a certain amount of time actually communicating with the credit company, something which I find is akin to torture.
    • Re:Hmmm. (Score:5, Insightful)

      by gEvil (beta) ( 945888 ) on Thursday September 28, 2006 @11:47AM (#16230549)
      If you're doing this you should make sure that you don't have any overdraft protection on your checking account.
    • How often do you do this? And, are you in the US?

      Just recently, after many years of putting it off (I'm 22 now), I ended up switching the custodial savings account I had over to my name. During that process, one of the things they mentioned very specifically is that if you transfer money from savings to checking more than six (I think) times in a month, the account get closed. This warning is repeated, although somewhat differently, on the online banking funds transfer page: "Federal Regulation D limit

    • Thats a whole lot of work and account management.

      Personally, I have one credit card that I only use for online transactions. Because it is a credit card, your exposure is limited and you have fraud protections. With a debit card, all of the money you have in your bank is exposed.
      • Because it is a credit card, your exposure is limited and you have fraud protections. With a debit card, all of the money you have in your bank is exposed.

        ...unless, of course, you do business with one of the better banks. Mine offers excellent, zero-liability fraud protections on my debit card, which leads me to believe that many of the horror stories I've heard could have rather easily been avoided by devoting a relatively negligible amount of time to researching bank policies on things like fraudulent c

        • Your still out the cash until you discover the fraud and report it. Cardinal rule is to never expose your own pile of money.
          • Your still out the cash until you discover the fraud and report it.

            ...which takes about ten minutes, at least with my bank. They put the funds from disputed charges back into the account immediately, and ask questions later.

            Cardinal rule is to never expose your own pile of money.

            If, by that, you mean one's entire pile of money, then doing so it roughly equivalent to putting all of your money into your checking account. That would just be silly, and would negate the purpose of a savings account. I like th

  • e-card (Score:5, Interesting)

    by Big Nothing ( 229456 ) <big.nothing@bigger.com> on Thursday September 28, 2006 @11:40AM (#16230401)
    I know this is a bit off topic; presenting a solution (sort of) instead of bitching about the problem, but here goes nothing:

    Living in Sweden, I am using an "e-card" system offered (for free, as in beer) by my bank for all my online purchases requiring credit card information. I bet this system is available for you yanks as well as in most other industrial countries, but for those of you who are unfamiliar with the concept, here's a description:

    * On any online shop, when you've finished stuffing your shopping basket and head for the counter, you chose "credit card" just like you normally would.
    * Instead of using your ordinary credit card, you generate a time limited, amount limited virtual credit card. For all intents and purpose, this "electronic Visa" is no different from a regular Visa card.

    The advantage is that - even if a man-in-the-middle-attack - intercepts your order, the amount limit would hinder the culprit from stealing any money. And you don't have to worry about the shop losing the database containing your CC number; it's only valid for a month - and doesn't contain any money anyway.

    I've used this solution for a few months now, ordering from companies in Sweden and USA, by online order form and phone order. It works like a charm each time - no fuzz.

    • by houghi ( 78078 )
      I am with Citibank and they have this system as well (At least in Belgium) for online payments. The disadvatage is that you first have to go to the online store to see what the total amount will be, including all costs, then go to the site, log in, set up the account with the correct amount, go back.

      By that time several online stores have given you a timeout, which means you need to fill all out again. I only use it with sites that I do not know. and then only the first time. Otherwise I just use my normal
    • by mike2R ( 721965 )
      The reason why this is not a real solution to the problem is that there is little incentive to use it.

      Theft of card details may cause you a temporary inconvenience while it is sorted out, but there is no way on earth that you will ever be liable for the losses if someone uses your card to make a fradulent mail-order/ecommerce transaction - which is all someone can do with the details you gave when making such a transaction.

      The victim of mail-order/ecommerce fraud is the merchant (the card companies also
    • To the best of my knowledge, I think the US is way behind the times on this. I can't say I am familiar with the practices of every bank in the US, but I know that neither of the two I use have ANYTHING even remotely resembling this brilliant "temp card" scheme. As yet, my bank doesn't even offer electronic transaction protection on my debit/check card, only on my credit card.
    • Re: (Score:3, Insightful)

      I think your missing the point in the US. Visa makes money on CC fraud it's a $35 fee on every chargeback and the chargeback is for the full ammount not the 2%ish removed. Visa like to make everybody think they are being the nice guy and eating the costs but realy they are just fleecing the vendors that are stuck paying the bill or not accepting CC and loosing that business.

      Now I would love to be able to have ecards they would be perfect if they accepted anything as the billing address (something it took
    • Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?"

      Let me guess.......since we talk about the security part,so the answer must be the one and only,they are cutting on the security cost... Yes!10marks for me!

      This is the most interesting topic for me to talk about,since i'm now taking data security and e-business subject...So I know a little bit about e-business and security.

      Since that I'm still a student and a student cant have a credit card.
    • by using e-card system, i think it is quite interesting and good for us because nowadays there are many consequences and disadvantages if we buy things and paying by cash ..
    • Have you guys ever heard about Time-of-Check to Time-of-Use Errors?? To understand the nature of this flaw, we should consider ourself as the main culprit in this kind of scenario.
      This is really basic, but: Keep an eye on your card. You might be rushed, or distracted by your kids, or involved in an interesting little chat with the clerk;). Whatever. Keep an eye on your card and make sure it goes back in your wallet. My dad typically leave his wallet on the counter or restaurant table, with his hand on top
  • cc fraud (Score:5, Interesting)

    by Feyr ( 449684 ) on Thursday September 28, 2006 @11:41AM (#16230429) Journal
    on a related note, credit card thieves in africa are using non-profits "donation" pages (those who accept CCs) to test their newly stolen cards. one of our customer has multiple occurences of one scammer doing 3 transactions within a few minutes, two times for small amounts (1-2$) and one larger amount (~50$)
    • I've had one of those weird donations happen to me. Got $5 from a Muslim Charity in Switzerland. Why would they want to give me money? I'm an atheist for all the gods' sake...
      • "I've had one of those weird donations happen to me. Got $5 from a Muslim Charity in Switzerland. Why would they want to give me money? I'm an atheist for all the gods' sake..."

        Are you ironic as well?
    • by kabocox ( 199019 )
      on a related note, credit card thieves in africa are using non-profits "donation" pages (those who accept CCs) to test their newly stolen cards. one of our customer has multiple occurences of one scammer doing 3 transactions within a few minutes, two times for small amounts (1-2$) and one larger amount (~50$)

      Oh, well my CC company would deny that payment quickly because they know that I'd never give to any non-profit. Some times it actually pays for the CC to know everything about you. On the other hand if
    • i agree. they will try to spam through email and cheat people that they trying making any "donation" or helping someting.
  • I guess that means they really aren't passing on those cost savings on to us huh?

    Disturbing, but it makes complete sense.
    • Oh, and btw, as others have said... many credit cards offer programs to protect your information from potential online predetors. My credit card company (which shall go un-named) has a function that allows you to create a temporary credit card number and put a max available balance on it.

      So if I make a purchase for $9 from an online merchant, I put $10 on a temporary card # and if a hacker gets in he/she would have a max of about $1 on that. That puts me in a great position because I don't have to run aroun
  • by Chacham ( 981 )
    Very interesting.

    I imagine bricks and mortars once had similar problems. But, they've been around for enough time that security has been improved and common tricks will not usually work on them.

    The Internet is still young, and many people are using it who simply do not know what it is about. If attacks like this keep happening, and keep being reported, people will take have a better general knowledge, and real-world protection (burglar alarms, security monitoring, etc) will become more common, and slowly bu
    • Re: (Score:3, Interesting)

      by peragrin ( 659227 )
      nope still get that kind of problem ia brick and motar store. Routinely i get emails asking for me to send 500+ smoke detectors to some place overseas.

      Recently I got an IRC(internet relay call for deaf people)about a couple of random items plus 800 smokes. I gave the guy my email address, and thinking it was legit but suspiscous we passed one email back and forth and he forked over three credit card numbers just like that. Asked me to spilt the down paymet up between the three. I told him I couldn't do i
      • by Chacham ( 981 )
        I don't think i meant quite what you are referring to. But your comment is interesting nonetheless. :)
    • It's not just that brick-and-mortar stores have had longer to learn about security (though that's true)--it's that there's a whole different level of audacity (for want of a better word) involved in standing in line, paying for an item, and then brazening it out when the cashier asks to see ID.

      Sitting in your parent's basement hacking databases there are layers of obscurity between you and the "scene" of the crime. For a careful hacker, there can be enough layers of indirection that getting caught borders o
      • by Chacham ( 981 )
        Thanx for the reply. I appreciate the couterpoints.

        But, i must disagree.

        the retailer has to figure out they've been hacked

        The brick and mortar retailer also has to figure out they were broken into.

        Breaking in to an office, copying sensitive data (even off a local computer) is not always easily detectable.

        Don't compare stealing information with stealing objects.

        you have to make a mistake that leaves tracks for the authorities to trace

        This item is slightly misleading. You mean that the cracker has attempted t
  • I seen many of the credit card holder today, have to knowlegde how to keep save of their credit card. Credit card thieves can just easily used the money without the owner knowledge. Credit card thieves has many advance(with latest technology) to tranfer and steal money easily. So, to all credit card holder, please used your credit card when necassry only and always keep track of your acount bank balance.
    • Yup...I agree with that, it's self awareness people...don't just use the credit card like your life depends on it, it's just a piece of plastic, surely do you think plastic got a very though security? Duh...
  • Of course they're going after the small fry; small business owners often have only a rudimentary IT capacity, if any at all, more often relying on an outside firm to handle these things. A Fortune 500 company has all sorts of resources to prevent this kind of thing (which begs the question why so many of them still have problems with it), while a small business owner doesn't and by the they find out it's a problem, it so pervasive that it gets expensive to fix.

    • yerps true...they can't afford to fix those gaping loopholes in their security features, if they'd spent all that money on fixing it, then they'd lost their edge as being the cheaper alternative compared to the big companies they'd been trying to compete as the price would have to be increased to cover the rising costs, basically that's how business works...hey most us are aware that the security features of these small businesses aren't up to par but coz the things they sell are so damn cheap, we dont thin
  • Lesson: Don't buy online from the cheapest retailers. Guess where they are cutting costs to be the cheapest?"

    Add :" Dont Donate just about anywhere & everywhere" also.

  • by Ynsats ( 922697 ) on Thursday September 28, 2006 @12:09PM (#16230985)
    This just flat out makes sense. If I am looking to aquire credit card information for identity theft or fraudulent purposes, I want to get it as easily and un-noticed as possible. Big companies like Amazon.com and the like invest large amounts of money into security and fraud prevention. They have trained staff whose only purpose is to stop the baddies. Small companies aspiring to be an Amazon.com don't have the capital to invest and therefore rely on 3rd party vendors liek Yahoo! Shopping to handle thier credit card management. If theey don't then they are an easy target. As my management likes to say, they are "low hanging fruit" and "easy pickings".

    So if I want to steal information, I'm going to go where it is easy to get. It's amazing that it took a study and investigative reporting to "uncover" this whole "conspiracy". Then again, it can apply to brick and mortar stores too where small business can make a dirty habit of tossing credit card signature slips in the trash where an unscrupulous person can make use of them. that's not to say a big chain store wouldn't do that but they might be less likely to so. Maybe The Washington Post should investigate that one too?
  • Most retailers offer great prices because they are big not the other way round. Have you ever heard of newegg? Economies of scale.

    The word "cheap" may mean small startup businesses, however, and if you are supplying your credit card info directly to Uncle Joe's Hardware and Pottery, then you deserve to get phished.
    • by bcmbyte ( 996126 )
      Nobody deserves to get Phished, not now, not ever, no matter how stupid they might be (especially since I find myself in the stupid category way too often) That's like saying, "You left your car parked on the road, you deserve to have it stolen."
      • Well actually, if you left your car parked overnight on the road with the doors open and the keys in the ignition, then you deserve to get robbed very much in my humble opinion. Just send me your address and I'll do the honors. I mean, the POLICE aren't there to protect that kind of people. We have rapists on the street..muggers and drug cartels and money launderers..

        The world doesn't have time for this kind of stupidity. You're wasting our resources, man. Think of the children.

  • The virtual credit number feature is a god send for online shopping. I use the one from Citibank. The virtual card number has a one month expiration date, and is tied to a single merchant (and can have a set spending limit). You can even close the number early if you have to. This is also especially helpful for doing "free trials" since you can close the virtual account after using it so they will never be able to "mistakenly" charge you later. Discover and MBNA also have similar features. I believe D
    • Agreed. I even use VANs with retailers I trust. The only ones I regularly use my regular CC number for are Newegg and Amazon, purely for historical reasons (I gave them my number before VANs were available).

      In fact, the only rule even more important than this one (in my book, anyway) is to never use a debit card.

    • by s31523 ( 926314 )
      I agree. vCC are great, and I use them as well, BUT, if the theives have your card number they might have your other personal information as well, even your password for that site. With this information they could potentially do more damage then run up a credit card balance, like get their own credit card in YOUR name, or hack into other accounts (like your bank!) using the personal information they gathered. vCC are a step but it can also present a false sense of security.
  • Does this means that there's no guarantee at all when we are doing the business online? In what sense does the HackerGuardian (with HackerSafe logo) and Scan Alert are there for? And the funny part is, the cases aren't being report? "..only about two percent of all data thefts from online merchants get reported.." Now I see why this data breaches still can't be prevented. Further more, there still exist bunch of people who use the vendor supplied default password for their activity. This does not differ
  • This is why I ALWAYS use one time credit card numbers for all transactions (online, and many times even when I call in something). A lot of credit card companies offer this service for free. Mine does (MBNA - just recently merged with BankofAmerica). When I want to buy something, I log into my account, click on "ShopSafe" set the number of months the number should be valid (i leave it at 2) and the limit, normally i put 5 bucks over what the cost should be. It then gives you a credit card number that is tie
  • There is no reason I can think of for a mechant to store CC data in their e-commerce application's database. All they need is to go to their CC gateway's
    console, and they can deal with all of their transactions.

    Need to reprocess the card due to a glitch? Pick up the phone, your customers
    will appreciate the personal touch.

    Storing card numbers is like stockpiling nukes. A bad accident waiting to happen.

    No thanks.
    I have enough worries having to maintain a password file for customers who want to have "accoun
    • I wouldn't appreciate this at all. I'd wonder what kind of retailer this was that couldn't get my order right the first time and wouldn't give them my information because I would have no way to verify the retailer is calling. I would consider their call a phishing scheme.
      • Right. Because nothing ever goes wrong on the internet.

        So the merchant calls you to tell you that something went squirrely,
        and even though they know you purchased a pallet of adult diapers,
        an "I'm with stupid ^" t-shirt and three year subscription to
        "Soldier of Fortune" magazine, and know the exact time you did your
        transaction, and ask you whether you want them to run the tx for you,
        or if you want to redo your order, you're going to decide it's phishing?

        It's called customer service. You're just not used to
  • that is our real world now..thieves are everywhere.. looking for us..stealing for us..even everything we can get just using our nails, but we must remember and make sure and also try to avoid that from happening.. never easily trust everything that we found.. safety and security must be the one BIG thing in our mind... vulnerability of the application has been doubt...!!! be smart users...
  • Rather than blaming the website, we should be laying the responsibility at the feet of the outsourcing services and data security will not be a deciding feature of the service contract. and yeah, we got what we pay for..the cheaper price with risk for data breach.. i wonder if the FTC (Federal Trade commission) sue this small companies for having inadequate data security practices in violation of federal law..

  • "Most of these merchants that get hacked do not have updated versions of the software that runs their business, they're just trying to sell widgets," said Dan Clements, co-founder of CardCops.com.
    Graham Paul and Co, for chartered accounts has announced that businesses should forward any enquiries to their appointed tax agent.
    Businesses should be made aware that they have no obligation to enter into discussion or correspondence with the Revenue as this is not a formal tax investigation. The Revenue ha
  • I can't seem to digest the picture that is (I think) offered here:

    Small firms cut corners on security to save money!

    It is human nature to take "calculated risks" to save moeny, which often turn out to be big mistakes, at least in terms of "cutting" back on security. I am personally much more concerned with human nature's tendency not to look further than it's own proverbial nose and thus have an overconfidence of their existing security or of the honesty of their potential client base.

    Meaning that most of
  • that the reality... cheapest retailers..because they cut cost on something else.. beware..they get what they want..and we are the one who lost something.. crackers are sniffing and waiting for it..
  • I really, really hate it when people refer to it as "identity theft," as if something has somehow been stolen from the person who was impersonated. They should simply call it called it what it really is - credit card fraud. Instead of making any sort of rudimentary effort to verify that the people they hand thousands of dollars over to are actually who they claim to be, credit companies shift the burden onto everyone else by insisting that we should treat our personal information like secret nuclear launch
    • This pushes responsibility where it belongs. Whether this means credit card companies tighten up their procedures or makes the retailers do it should be their problem, not ours.

      Of course, we have to persuade the Federal legislators they pwn to see it this way and write this into law.
  • hurm....do these online merchants use PayPal instead??or do they never heard of such names..:p
  • FTA, 'Wonderfulbuys.com customer service manager Frank Joseph initially said the site was "unhackable" after being contacted by a washingtonpost.com reporter.'.

    Here is a reporter contacting you with evidence that data from your website is being trafficked on forums associated with identify theft/credit card trading and your first instinct it to say its impossible. With that attitude no wonder that website didn't have good controls in place.

    However, a subsequent manual review by ScanAlert determined that hac
  • Why smaller business? smaller business usually have a less security when come to online business.. they cannot afford to have a full scale security features. So, for the thieves, instead trying to catch those bigger fish in such a big, hard cage, let's just take smaller fish that freely available outside the cage and in such a big amount of them..
    • Not really what you have just said. Not only the small business is vulnerability but many systems include the huge one could be vulnerable to anyone who is interested to that system. May be that ID thieves just want to test their knowledge with the small business first before they move on to other business. May be they do it just for their fun. So that, the percentage for they to attack the small businesses are more higher than the big businesses.
    • I don't think that's necessarily true.

      Security (btw, someone should really define the term "secure" here, since I don't think any company can offer full security to their clients) in online businesses aren't always measured by the size of the corporation. Big or small, the 'security experts' in said companies must be smart enough to ensure that their system behaves predictably in accordance to their defined purpose (and do nothing else, of course) under any condition at all times. Any company successfull
  • before ordering from the cheapest retailers, make some research first.also...choose web sites that are more commenly use such as e-bay.another lesson is...go buy the product physically you lazy bump!!!get some exercise!!
  • ID thieves are going corporate. Assuming the identity of consumers to obtain loans and credit cards under assumed names has become the US's fastest growing crime. Now fraudsters are applying similar tricks against potential enterprise victims. How come all these things happen??
  • hm.. this makes me wonder.. how can the buyer know exactly, which retailer to trust? should they trust a certain retailer because of the price, or because of something else.. if i were to buy goods online, i'd like the goods to be cheap(who doesnt?), credit card transfering must be convenient, goods must be delivered on time, and most importantly; i get what i'd paid for.. the thing is, how can i be sure that this is safe? how do they work(paying online)? is there any guarantee to all of these? the retail
  • Today we find ourselves dependent on cellphones, computers and electronic diaries and we wonder how we managed without them. The more dependency and the utility of them in day to day work have given birth to the darker side of internet age. Network crimes are the most unpredictable calamity on the cyber world. Unauthorized access, hacking, spreading of viruses, smashing computer networks on very large scale, the brutal weapons like e-mail bombing, logic bombs resulting into the disrupt behavior of computer
  • A couple of years ago, my personal credit card account number was compromised. Did this stop me from continuing online transactions? No way. In my case, while an unauthorized party gained my account details, no transactions were made. The bank's fraud department were understandably hesitant in releasing details of the compromise, but they were very quick in taking action. I'm not even sure that the offending party was an online merchant, hacker or traditional retailer. The media in general have fed the p
  • The Internet makes this type of crime even more efficient. With "phishing" scams, criminals send out bogus e-mails telling recipients that they need to confirm certain account details to reactivate their accounts or claim prizes. The messages appear to come from a reputable business and often include logos and text lifted from company e-mails and websites. But the links actually go to phony but convincing websites set up solely to gather information, whether it's ISP passwords or Social Security numbers.
  • At first glance, it seems you can't do a lot if your company is targeted by a phishing scam, in which a phisher spoofs your company's identity in an effort to gather personal information about your customers. (See "Gone Phishing," right.) "It's pretty difficult" to deal with, admits the Anti-Phishing Working Group's Jevans. "You can say, we will never send you e-mail, or do not click on a URL in e-mail, but that makes it difficult to do any kind of e-commerce." What's more, when a bogus website is reported
  • Got employees? Then you have information that could be used for identity theft, and nothing will help as much as just being good at your job in the first place. We're talking data hygiene 101: firewalls, background checks and security policies. "The reason that a CSO should be concerned over identity theft is because it fits in with so many other elements of a good security program," says Richard Lefler, the former vice president of worldwide security for American Express. For instance, he says, backgroun
  • ALways ask "What harm could it do?" Being constantly aware of where your ID is and what information-in the wrong hands-could hurt you is your best defenses against social engineering. Shred all of your mail no matter how innocuos it may look to you. Be ever-vigilant for where your SS# is in print (You'll be amazed how public it is) I advise cutting up those creidt cards that are "key chain-sized" that banks send automatically now as we all lose our cards. Keep your eyes open for your own ID, listen to
  • Yes, identity theft. And I'm not talking about this petty nonsense either. I'm talking big time, purchases made in my name with my debit card number--which is tied directly to my checking account. Shady purchases like a telephone forwarding service. This thief wasn't planning on having the best prom ever. I was balancing my checkbook last night and came across two charges from within the last two weeks that, after a little head scratching, I determined I did not make. Neither were especially significant in
  • The shape of identity crime means that impacts encompass - -the deeply personal (parents of dead children discovering that someone has appropriated their child's identity) -erosion of someone's good name (use of an email address for spam) without direct economic impact -evasion of behavioural restrictions (using a doctored ID card to enter a nightclub while underage) illegal receipt of welfare benefits -scams against consumers and businesses (eg a forged cheque or stolen credit card) that result in direct
  • Identity Fraud, an associated offence, has attracted less media attention. It can take two forms Most commonly, it involves an individual 'massaging' data: adding a degree or two, deleting a conviction or a divorce, adding a few years of age (popular among teenagers facing age-based access restrictions) or taking a few years off once the individual reaches a certain age. As such it is popular among all classes, from highschool kids enhancing ID passes to get into nightclubs through to company directors an

Promising costs nothing, it's the delivering that kills you.