Re: UKNM: Credit card fraud

[Sajid Mohammed]

As far as I am aware, the only way to read an encrypted credit card

number would be to use a 'brute force' technique, which requires a

vast amount of processing time. I wonder if there are any friendly

computer science types who could work out how long it would take one

solitary hacker with a top of the line Pentium to do this? If people

were made aware of how much time it takes to crack *one* credit card

number, I am sure their fears would be allayed.


The other problem with credit card transactions is general fraud,

where stolen cards are used to purchase goods. To all of you who

manage e-commerce sites I would ask: what safeguards are you

implementing?


If the general public are made aware that not only are credit card

transactions safe but that the web is not some kind of safe haven for

fraud, then this will go a long way to allaying fears. The truth will

indeed set you free - and create a much needed revenue stream for your

site.


The following article is from http://www.virtualpromote.com/ and is

very interesting reading, especially if you are running your own

e-commerce site.



Sajid Mohammed

--

VirtualPROMOTE Gazette - Issue #46 - March 27, 1998

E-COMMERCE FRAUD - IS IT REAL?


In my previous articles I have discussed the alarming increase in the

amount of online credit card fraud we have seen over the last 8 months

or so. I have also outlined specific steps you can take to eliminate a

lot of this fraud.  My previous articles are archived on the Virtual

Promote website and also on our http://antifraud.com site under the

"Prevention Tips" page.


After my previous articles I received numerous messages from many

Gazeteers stating how the information I presented had saved them a lot

of money due to fraudulent orders they would have otherwise processed.

Now, I need a favor.


My company recently applied for the Better Business Bureau's Online

program. They easily approved two of our domains but would not approve

antifraud.com for the following reason:  They do not believe that

online credit card fraud committed against merchants is really a

problem or, more specifically, is on the increase.  They believe the

claim that such is true is exaggerated and misleading.  They said they

would reconsider their position if I could provide statements

confirming this problem other than my own.  So, here is the favor I

ask -


If any of you are so inclined, would you please email me at

&

tjwalkerantifraud [dot] com

 and outline, explain, expound upon your

personal experience with this situation. Specifically indicate if you


have seen an increase in the number of stolen or fraudulent credit

card orders over the last year or so, etc.  I will then forward your

messages to the BBB to demonstrate that this situation all E-commerce

merchants face is real.  I would very much appreciate your efforts.


Now, let me bring you up to speed on the current trends we are seeing

regarding this type of online fraud.


In my last article I described 3 types of criminals with one of those

types being the rank amateur.  This month I have seen a big increase

in orders being placed with stolen credit cards by rank amateurs -

especially from Europe and Australia. Perhaps this new "fad" is just

now arriving in those countries with many not understanding how easy

it is to track them down.


Regardless, it makes it a little more difficult for merchants as you

have to pay very close attention to every order to look for

indications of fraud. In brief, I have received several orders from

Denmark and Australia from standard ISP issued Email addresses

(usually a good sign because the more experienced criminal would

either use a free, non-traceable Email address or the real pros

actually establish a domain on the net for the sole purpose of

committing fraud).


Following my standard procedure, I went to a browser and put a 'www.'

in front of the Email domain.  Sure enough, they all came up as

legitimate ISPs - so far, so good. But wait, what's this?


An order from

cbmpopx [dot] dk

 (Denmark) using a credit card from someone

in Richmond, VA? A quick call to our credit card processor with a

"code 10" gave us the name and phone number of the issuing bank. A

quick call to the issuing bank confirmed this card was just reported

stolen. A quick WhoIS of popx.dk and the IP number this individual was

using http://antifraud.com/ipcheck.htm put us in Email contact with

the ISP.  Within hours, the issuing bank was in contact with the ISP.

I think one particular, not so honest individual is in for a little

surprise.


Then, just a few days ago we received two separate orders from a

how888ozemail [dot] com [dot] au

 (OzEmail is a very large ISP in Australia). Both

orders contained the same name and address. However, the orders were

for different software products and each order used a different credit

card. Why would someone place two orders only hours apart using two

different credit cards? Possible? Yes. Suspicious? Definitely!


I sent an Email to my Australian contact who is the Internet Fraud

Control Coordinator that works with all Australian credit card

issuers. Within 24 hours he had replied.  One of the cards was

definitely stolen and he was waiting to hear from the issuing bank on

the other.  Good enough for me - both orders went into the trash. 

Again, I sent a message to OzEmail alerting them to the illegal

activity of one of their members.  I put them in touch with my contact.


I just love the joy of giving.  It those little, unexpected surprises

that mean so much!  Until next time -


T.J. Walker

supportsoftwaresolutions [dot] net

SoftwareSolutions.Net http://softwaresolutions.net

The Best in Web Software and Services




--- Jim's .02 --- I would ask all of you with any information about

credit card fraud, or personal experience with it, to reply to TJ's

request. The fact that an organization like the Better Business

Bureau, which has in the past been in the forefront of merchant

rights, can have fallen so far out of touch with the realities of

virtual business does not bode well for the future of many of our old

line organizations. If we want them to survive we have to let them in

on what is happening in the real world of business. If they don't

catch up they will remain a company that sells placques for your wall

and nothing more. ---


_________________________________________________________

DO YOU YAHOO!?

Get your free @yahoo.com address at http://mail.yahoo.com