Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Merchant: FBI probes major credit card scam

September 17, 2002 12:00 PM ET

Computerworld - The CEO of a Los Angeles-based novelty company, Spitfire Ventures Inc., said the FBI is investigating a major credit card scam involving 140,000 fraudulent credit card transactions at the company's Web site, TalkingTP.com.
Spitfire's CEO, Paul Hynek, said he was told by the company's credit card processor, Online Data Corp. in Westchester, Ill., that the scam may have affected as many as 25 other companies. But Online Data President John Rante said he believes only 15 to 20 merchants were affected and that a total of 100,000 fraudulent credit card transactions were involved.
The FBI couldn't be reached for comment.
According to Hynek, Online Data approved more than 60,000 of the false charges, worth $5.07 each, on Sept. 12. Online Data is a reseller of Mountain View, Calif.-based VeriSign Inc.'s credit card payment gateway services, which actually performed the authorizations.
Although about $300,000 in charges were approved by VeriSign, the company stopped the transactions before they were completed, so no money was ever transferred to Spitfire, according to Hynek. However, the authorizations let the thieves know that those credit cards were valid.
As soon as Online Data became aware of the problem, Rante said, the company worked closely with VeriSign to notify the credit card companies, which then deactivated the cards. Rante said the credit card companies are cooperating with federal authorities investigating the fraud.
If the scam hadn't been detected, Hynek said, thousands of dollars in fraudulent charges could have been racked up before cardholders became aware of any problem.
Spitfire, whose products include a talking toilet paper holder, learned of the scam when customers who noticed false charges on their accounts began calling the company, Hynek said.
Hynek, Rante and VeriSign spokesman Tom Galvin all said they believe thieves most likely got the credit card numbers by cracking the passwords of the affected merchants.
But Dan Clements, a credit fraud expert at Malibu, Calif.-based CardCops.com, disagreed.
"The real story here hasn't been told yet," he said. "Since they had 140,000 cards, they probably have a lot more."
Clements said he believes the crooks may have exploited a hole in the customer database of a large Internet merchant that didn't properly secure its Web site.
According to Clements, during their investigations, the credit card companies involved will pull information on the accounts of some of the affected cardholders looking for common denominators.
"Say, if Amazon.com showed up on all their statements, then that's most likely where the credit cards came from," he said. "These numbers were not randomly generated.This was not a crapshoot."



Jump to comments

Cybercrime/Hacking

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.