Credit Card Theft a Major Risk
Date: October 15, 2003Source: Computer Crime Research Center
By:
... implementing systems that require some real-world physical component when shopping online. Smart cards, which identify the user through encrypted information embedded on the chip, must be inserted into a 'card reader' attached to the computer. That means the card can't be used for e-commerce unless the purchaser is currently holding it. A PIN number is also required, so a thief needs to physically have the card and a security code in order to use it. That's not an insurmountable hurdle, but a far more difficult one than using 'a number and a date.'" The last phrase alludes to a quote by a teenage thief listed in Sullivan's article, who said that "A number and a date and you can buy anything you want with it."
Another current setback is that merchants often store customers' credit card numbers on their computers, leaving them open to hackers. Sullivan wrote that "Today, merchants are forced to act like banks. They are acquiring and storing personal financial record -- namely, credit cards." In some cases, such with the CD Universe case, it might be the merchant's fault. In "Credit card fraud -- it was easy," written by Sullivan, it was questioned whether CD Universe had used available technology called ICVerify that could be used to encrypt consumers' information, or whether the company just had an easy-to-access database of information. Even still, the article quotes a hacker named Maxus as saying the company which owns ICVerify system is "lame," stating that the files are still easy to hack into.
In the future, though, it is hoped that merchants will be freed from the need to even know the credit card numbers. "Can hackers kill credit cards" states that "SET [secure electronic transactions] and any of the various smart card proposals can take this banking role away from retailers. In these new systems, consumers who hit 'submit' on a Web site can send their purchase request to their own bank." The article later quotes an industry vice president, "The best place for the card to be is to remain in the banking system."
Also, "E-business vs. the perfect cybercrime" states that "This new breed of international cybercriminals are aided by the fact that the address-verification used by merchants to compare billing and delivery information in the United States is useless overseas. It also has emerged that these criminals have thus far proven to be untouchable by U.S. law enforcement, which is hampered by the patchwork of laws on white-collar crime in other countries, jurisdictional questions, the indifference of some governments and the fact that investigation of such crimes is both time-consuming
Add comment
Email to a Friend
