Russia, Biggest Ever Credit Card Scam
Date: July 08, 2005Source: Computer Crime Research Center
By:
Barry Edmonds noticed the fraudulent charges after his bank called and alerted him to suspicious activity in Canada, England and China. “I know somebody got it somewhere, somehow. I try to not use it on the Internet and try to get all my receipts and look at them and make sure it’s not the whole number,” Edmonds said.
Edmonds is just one of thousands if not millions of people who has had his credit card data stolen after a hacker gained access to CardSystems Solutions’ network. CardSystems Solutions processes credit card and other payments for banks and merchants.
Credit card data is being bought and sold on what is now a profitable black market. “We saw a lot of chatter in Russian chat rooms over the weekend talking about this as a big win for the good guys, you know, the electrical crime groups,” said John Watters with iDefense.
Sellers of credit card data can make a bundle. Online fraud analysts estimate a basic Mastercard number is worth more than $42. A premium card, such as a platinum or gold card with a high limit, is almost $70.
Barry Edmonds’ bill shows questionable charges credited to foreign accounts. Those prices will most likely drop now that the scam has been made public, Watters said. But for those affected, the damage is already done. Edmonds has a long road ahead to clean up his accounts.
“It’s real frustrating,” Edmonds said. “To eliminate all of it, you got to close every account that you got.” The FBI is investigating what it calls the largest security breach of credit card information.
Visa and Mastercard estimate that 40 million accounts could be affected, but CardSystems Solutions said that less than 68,000 credit cards are at “high-risk”.
Everyone is advised to keep a close eye on their statements and to notify their bank or credit card company as soon as they see anything suspicious. Cardholders can dispute purchases that were not made by them and will not be held liable for any purchases determined to have been made fraudulently.
The compromised data included names, banks and account numbers, but not addresses or Social Security numbers, so the information could be used to steal money, but not identities.
Add comment
Email to a Friend
