Sunday, March 26, 2006

 

Credit card online fraud scandal

Credit card on-line use update
Online card use is stealth logged & never secure
March 25th

Before I began using my least popular credit card online, I expected it would be hi-jacked sooner or later.

So the card ceiling was lowered to very low, by telephone.

As expected, after about one year of use, the card was refused for a $19.95 software renewal.

The card company calmly accepted my news that the card had been compromised and promptly offered to open a new account in view of a good credit standing.

Now if a key stroke logger has fed your pin info back to a server bot, then the last thing you want is to use a new card on the same computer. Makes you wonder how deep the heads of the card companies are in the sand.

One refused charge against the card for $400 was made from an UK based server.

Second refused charge against the card for $380 was made in Israel.

Third allowed charge was for $1.19. I found this comical. Frustrated at the two refusals, I could imagine them buying a chocolate bar, just to see if the card had any value at all.

The value open to theft between the $190 owed on the card and the limit, was about $300. The crooks only managed to charge a $35.00 debit to the card, the $400 and $380 were above the approximate $300 limit window.

This card, and most cards in general do not charge fraud debits back to the cardholder. Visa says charges would be barred due to *out of area*.

The key logger thieves know:

[1] The credit card account number.
[2] the expiry date.
[3] the last 3 numbers of the code on the reverse side.
[4] the correct name of the card holder.
I don’t think they know or require the bank related PIN.

That info allows fraudulent use of the card.

Information like mother*s or father*s name for security validation, your sin number, and other sensitive data is not required at the time of on-line card buying.

Usually this info is listed at the bank when you open your card account. Can thieves find this extra info on your computer?

When a credit card is compromised online like this, one has to wonder what additional information they have that could allow the theft of one*s identity.

At the very least , your birthdate, your parent*s name, your birthplace and your postal code would be required. Keep personal info off your *on line* computer.

Data that you do not enter during an online card purchase.

Add to this information the recent news that stealth Trojans can be downloaded through your router firewall and malware software, just by one browser view of a webpage. No button presses from you are required.

============= Conclusion ==============
Credit card use on the internet is no longer secure and we should not do it. The banks would refute this, but you judge for yourself.
====================================

Stealth logger information

Hackers have been using a Trojan – whose sophistication would put professional IT departments to shame – to quietly steal bank-account details on hundreds of thousands of computers worldwide.

For weeks, customers of large banks in the UK, Spain and Germany have been duped by phishing emails into installing the MetaFisher Trojan and putting their machines under the control of one of the most sophisticated *botnets* known so far.

*This is one of those big, under-the-radar threats that we've been concerned about,* said Ken Dunham, director of the rapid response team at VeriSign's iDefense unit. *There has been a trend away from big-bang attacks to very targeted and sophisticated attacks that take place right under your nose. This is one of them.* TG
http://TonyGuitar.blogspot.com

Comments:
This compromise of the credit card is most likely by the keylogger bot method, however, it could also be as a result of the 4 million card holder accounts compromised from a poorly managed Arizona based server service.

Either way, using your credit card online is a form of gambling. TG
10words.ca
 
T,

Thanks for the tip
I use a low amount credit card online as well.
I also always paste in my information so the keystroke goons won't read it.

Cheers,
Duke
 
Excellent idea. I admit to not being that smart. But it's getting better. TG
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Get your Google PageRank