Merchant: FBI probes major credit card scam
Computerworld - The CEO of a Los Angeles-based novelty company, Spitfire Ventures Inc., said the FBI is investigating a major credit card scam involving 140,000 fraudulent credit card transactions at the company's Web site, TalkingTP.com.
Spitfire's CEO, Paul Hynek, said he was told by the company's credit card processor, Online Data Corp. in Westchester, Ill., that the scam may have affected as many as 25 other companies. But Online Data President John Rante said he believes only 15 to 20 merchants were affected and that a total of 100,000 fraudulent credit card transactions were involved.
The FBI couldn't be reached for comment.
According to Hynek, Online Data approved more than 60,000 of the false charges, worth $5.07 each, on Sept. 12. Online Data is a reseller of Mountain View, Calif.-based VeriSign Inc.'s credit card payment gateway services, which actually performed the authorizations.
Although about $300,000 in charges were approved by VeriSign, the company stopped the transactions before they were completed, so no money was ever transferred to Spitfire, according to Hynek. However, the authorizations let the thieves know that those credit cards were valid.
As soon as Online Data became aware of the problem, Rante said, the company worked closely with VeriSign to notify the credit card companies, which then deactivated the cards. Rante said the credit card companies are cooperating with federal authorities investigating the fraud.
If the scam hadn't been detected, Hynek said, thousands of dollars in fraudulent charges could have been racked up before cardholders became aware of any problem.
Spitfire, whose products include a talking toilet paper holder, learned of the scam when customers who noticed false charges on their accounts began calling the company, Hynek said.
Hynek, Rante and VeriSign spokesman Tom Galvin all said they believe thieves most likely got the credit card numbers by cracking the passwords of the affected merchants.
But Dan Clements, a credit fraud expert at Malibu, Calif.-based CardCops.com, disagreed.
"The real story here hasn't been told yet," he said. "Since they had 140,000 cards, they probably have a lot more."
Clements said he believes the crooks may have exploited a hole in the customer database of a large Internet merchant that didn't properly secure its Web site.
According to Clements, during their investigations, the credit card companies involved will pull information on the accounts of some of the affected cardholders looking for common denominators.
"Say, if Amazon.com showed up on all their statements, then that's most likely where the credit cards came from," he said. "These numbers were not randomly generated.This was not a crapshoot."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- Protecting Point of Sale Systems from Targeted Attack
- If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on...
- From the Frontline - Preventing APT
- Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command...
- Stop Hackers Before They Attack
- Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn...
- The four rules of complete web protection
- As an IT manager you've always known the web is a dangerous place. But with infections growing and the demands on your time... All Cybercrime and Hacking White Papers
- WikiLeaks: How am I Affected?
- The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn... All Cybercrime and Hacking Webcasts