How Credit-Card Numbers Are Stolen on the Web LONDON — The credit-card details of thousands of Britons are being sold in Internet chat rooms by criminals who hack into company computer systems and steal information in order to commit identity fraud. Every day at least 400 credit-card numbers, along with other personal information including three-digit security codes, PINs and dates of birth, are sold by the gangs, The Times has learned. Other pieces of information routinely taken include phone numbers, e-mail and street addresses and mother's maiden names. A credit card number sells for $1, while a card with a three-digit code fetches $5. Additional security information, such as a mother's maiden name, can add $10 to a card's value, and a working PIN can push the price up as high as £100 ($175). The thieves target both companies whose customers buy online and those that take orders by more conventional means, demonstrating that it is not just Internet-based companies that are at risk, but any organization that holds personal information about consumers. The Times contacted 14 customers whose details had been passed to it by a U.S. company that monitors such chat rooms. They were astonished when a reporter read out their credit-card numbers. The names had been taken from unidentified British servers. By calling the individuals on each list and checking which purchases they had made on the day the details were stolen, The Times was led to two reputable companies — one a supplier of travel goods based in Amesbury, Wiltshire, with a database of more than 20,000 customers, the other a computer sales company in Sheffield. Neither company was aware that its systems had been targeted. The names were among hundreds that were sold during a single night's trading in the chat rooms. The British government's Serious Organised Crime Agency said that cybercrime was "among its priorities" but declined to comment on the methods and resources being used to combat it. Alun Michael, the e-Commerce Minister, said: "These findings are disturbing and we will look at them very seriously." Banks are planning to address the problem by issuing card numbers which are valid for single transactions only, meaning that if the number is subsequently stolen from a company database, the risk to the cardholder is substantially reduced.
This points out the dangers of Every momand pop enterprise and his dog setting up databases..people find it easy to ask for all kinds of personal info ("mandatory fields") please correct the highlighted field and resubmit your order..radio shack lost my business inthe 80's because of their practice of interrogating you when you made any purchase( for thier catalog mailing: i.e. name addresss phone# zip.One day I just said No, I'm not giving you all this personal info. Here;'s $3.50 for my transistors and solder, ring me up or keep 'em( I was henceforth known as "that paranoid guy").You tube wants your birthday for their "age verification/certification". Problem is somebody gets your name here, birthday there, address from a third,even if all the info isn'tcollected in one site...its dangerous.I've accepted a certain level of risk on this because I wanto use the 'net for shopping.
I've been reading an interesting book that ties into this topic. It's called The Art of Deception by Kevin Mitnick. Cheap used copies can be found at Amazon Amazon.com: The Art of Deception: Controlling the Human Element of Security (0723812237128): Kevin D. Mitnick, William L. Simon, Steve Wozniak: Books@@AMEPARAM@@http://ecx.images-amazon.com/images/I/41M4PVHt%2BRL.@@AMEPARAM@@41M4PVHt%2BRL
