Card fraud: how safe are you?
Updated on 18 August 2009
As three men are accused of stealing 130 million credit and debit card numbers, Channel 4 News Online asks how worried credit card users should be.
Three men were charged in the US yesterday over the country's largest ever hacking and identity theft case, Albert Gonzalez, from Miami, and two unnamed Russian hackers, were accused of five corporate hackings targeting businesses including the 7-Eleven retail chain.
Prosecutors said the suspects would seek to sell the data to others who would use it to make fraudulent purchases.
So how worried should credit card users be about this type of crime?
"The simple answer is that, unfortunately, identity theft is far too common but I don't think people should see that as something that stops them using a credit card," said Greg Day, senior security analyst at McAfee.
"The majority of cyber crime is all about making money - stealing banking details or personal information - whatever they choose.
"Credit card fraud has been around for a long time, and as we make more use of technology credit card fraud is moving into cyberspace. It seems scarier now because of the big numbers involved."
Businesses both small and large need to stay up to date with internet security - as a minimum, complying with Payment Card Industry standards.
Although the security systems of a larger company would be expected to be more sophisticated and therefore harder to crack, the potential rewards are greater, says Day.
"In this instance it seems the hackers did their research, picked target, then looked for the vulnerabilities as a bank robber would stake out a bank."
Cyber crime is a global problem, and attacks have happened all over the world. So what can the consumer do to stay safe?
"It's important to keep an eye on your bank statements," said Day. "If anything looks strange, notify your credit card company or bank asap."
It's also worth checking what systems your bank has in place to protect you. For example, how soon might they take action such as calling you if your card has been used abroad unexpectedly.
"Just as someone can clone your card in a petrol station, you need to take precautions when shopping online," said Day. "For example, use a PC you know has not just its anti-virus software up to date, but its full internet security profile.
"I wouldn't buy something online on a computer in an internet café, for instance, where I didn't know what else was running on the machine."
Ben Cohen, Channel 4 News technology correspondent, writes -
It’s the biggest credit card theft of all time, with more than 130 million records believed to have been stolen from major retailers including 7-Eleven.
Former secret service informant Albert Gonzales is already awaiting trial next month in New York for allegedly stealing 40 million customer records of major us stores including T.J.Maxx (known as TKMaxx in the UK) and Barnes and Nobel.
US authorities say that Mr Gonzales used an “SQL injection attack” to steal the personal data. Essentially he was able to run programming commands on websites simply by using the forms that offer functions like registration or search.
Once able to run the commands, he allegedly placed spyware on the servers that recorded and reported back the personal details of people shopping at real world stores including 7-Eleven and supermarket Hannaford Brothers.
The key is that these were not internet shopping transactions but old fashioned credit cards being used in a shop. This in a sense makes the hack rather unusual.
The data was then located in New Jersey, California and Illinois, the Ukraine and Netherlands. It is claimed that he and two unnamed Russian conspirators then intended to sell the details on to criminals.
Just today, using some simple keywords on Google and Bing, I was able to locate criminals offering British credit card details for as little as £1 each.
One website included a discussion between customers of a particular hacker, where they complained that they only managed to make £600 of fraudulent transactions with an individual credit card number. I can’t publish their exact conversation because it will make it relatively easy to locate the forum online.
What’s shocking is the scale of the incident uncovered by the American authorities and the danger that British tourists could have been unwitting victims if they shopped in 7-Eleven, which is found on the street corner in most cities.
At the moment there is no word on whether any of the 130 million credit card details have been sold to other criminals, but it will be worthwhile keeping an eye on credit or debit card bills to spot any suspicious transactions.
