Results 1 to 16 of 16
  1. #1
    Newbie
    Join Date
    January 18th, 2005
    Posts
    10
    More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card associations.

    Early indications were that none of the information, which would include credit card numbers, was used in a fraudulent way, according to the representatives.

    The associations said they could not provide a timeline of when the breach took place or details on how it was accomplished because it involved a third party processor used by merchants and not Visa or MasterCard systems. The associations said they could not disclose the name of that processor.

    Visa and MasterCard are associations made up of financial institutions who issue the cards.

    MasterCard said it began to notify its members the week of Feb. 3 that more than 2 million MasterCard accounts had been broken into after the processor told it about the problem, MasterCard spokeswoman Sharon Gamsin told Reuters.

    About 3.4 million Visa accounts also have been accessed in the incident, according to spokesman John Abrams.

    "Visa's fraud team immediately notified all affected card issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion," the association said in a statement.

    Neither Visa nor MasterCard would disclose which institution were involved.

    "This is not something regional, it was throughout the nation and could be any bank," Abrams said.

    Both associations said no customer would be liable for any charges incurred as a result of fraud. They said the processor was working with law enforcement officials on the matter.

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Simple for those 3rd world programmers making BHO's to access secure CC servers. Any infected merchant's system when they login to the secure CC server to fetch orders carries in the BHO which can then access all the CC info and call home from the trojan horse backdoor. The theftware frontend can be just a ruse as the offshore perps bought the technology from the hacker community.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  3. #3
    ABW Ambassador CrazyGuy's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,463
    Mike obviously knows more about this than he's letting on. I hope he passes this on to the authorities so at least they don't waste any time looking for criminals in any developed countries.

    In fact, he's probably got a photofit he can give them of public enemy number one: a datafeed website builder from a developing nation. Hang on - I fit that description. Time to don a disguise.



    They'll never find me now ...

    Are you Crazy?

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Say hello to chargebacks.

    This is where they start. I just caught four fraudulent tranasactions tonight. Fun.

    I am so glad I do not sell a physical item.

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    OH you can bet the anti Cyberterrorists have a working copy of all spyware/adwarez programs on their systems.You database wizzards ought to already know the BHO just rides on into the secure area via the infect system and reads everything. How else can it trigger a popup during the checkout process. Every secure cart program has a URL to their administration screens. Once inside the sniffer portion can harvest and write the files to the local hardrive and call home the info. Anyone wanting to pay for 500,000-10 million CC#'s know where to go to purchase them on the black market.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  6. #6
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    3 more. BLARG!!!!!!!

    This is why people do not ship to indonesia. Checking the accounts this guy opens, he is charging stuff and having them mail it to him in indonesia. Watches and lighters.

    Since we don't need to ship anything - we just need the address to match the charge card. This is so sophisticated, they actually hack/spoof whatever, ip address to use from the area the card is from. So the card is valid, it avs matches and the ip matches the location of the charge card. HOW DO YOU CATCH THAT!?!?!

    I know in our case, now. But ugh!!!!!! Ugh! Piss! Crap! Crud! And many other words.

    I called all the merchants that were used and had sent emails back. Most people don't ship to indonesia, some caught it etc. The porn sites? Sorry guys.

    I am too frustrated to sleep, work, or even watch tv. Time to go kill in BF1942.

    And for those wondering about merchants and reversals, not one of these charges was caught by wells fargo's credit fraud, one of the better in the country. That means if I was paying affiliates, and I was not proactive about checkig fraud - I would be reversing these 30-45 days from now.

    Oof.

    Chet

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,916
    How do you know they're invalid.

    ----
    -J
    Merchants: Do you realize that some of your affiliates are being paid commission on sales which you have paid for via PPC, offline advertising, and your targeted mailings?

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    Yugo,
    Would you mind posting a link to that article?

    EDIT: Nevermind, found one on CNN

    TH Media-Web Solutions For The Small Business
    Check Out The TH Media Affiliate Program

  9. #9

  10. #10
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Monuit,

    I studied all the ones we knew were true and looked for usage patterns and then applied that to the smtp logs (since we have 75,000 members, searching thru actual boxes would take too long) and were able to identify a pattern.

    Some of my life is spent data mining for other companies, it came in handy here. Because once the pattern was identified we caught 100% true, no false positives. We then spot checked by phone verifying orders over the past 2 weeks and all of those we thought clean were clean.

    And if you ship physical products, you are insane to ship them to indonesia.

    There are so many compromised CC's out there right now, it is impossible for regular fraud protection to catch them. This story made news, but how many didn't report it? Or even worse how many don't even know?

    Chet

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Early indications were that none of the information, which would include credit card numbers, was used in a fraudulent way, according to the representatives. <HR></BLOCKQUOTE>

    This is what i mean. These idiots will not inform the card holder because they want to keep those people's "TRUST", but six months from now these hackers will start plowing thru these cards and merchants will pay. And affiliates will be pissed at all the reversals.

    And MC/VISA will just look around and say - "There haven't been any hacks in past months, couldn't be us!!!"

    Chet

  12. #12
    Domain Addict / Formerly known as elbowcreek Thomas A. Rice's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,468
    Eh, I just had to close a CC out, someone started using it. I'd really like to know how they got ahold of it, whether it was from one of the online advertisers or PPCs or whether they got into my PC somehow.

    Time Is A Parasite's Friend

  13. #13
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    One thing I've found handy is blocking entire countries from accessing our order forms. Never had a legit order come in from Indonesia and with a lot of the reputation for fraud, I wouldn't feel comfortable hosting a site for someone there....

    On that note, when I do come across an order that is fraudulent, I'll call the number with the order (as pointed out, fraud orders contain the right information). Most of these folks have no idea their card was stolen but they certainly do appreciate the phone call.

    TH Media-Web Solutions For The Small Business
    Check Out The TH Media Affiliate Program

  14. #14
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    We also block cards from many countries that generate a lot of fraud and maintain an override for customers from those countries who prove to be legitimate.

    This (an other tactics) have cut our chargeback rate by around 80%.

    Mark......

    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals

  15. #15
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> Mike obviously knows more about this than he's letting on <HR></BLOCKQUOTE> Your right CrazyGuy, Mike told me in strict confidence and even supplied me with a photo of the guy concerned (see image below). Seeing as it is such a serious offence I feel I have to go behind Mikes back and publish the photo.

    Sorry Mike but the good of 5 Million hard working credit card holders must come first.

    Please forgive me.



    Travel safe
    Gordon
    YouTrek

    [This message was edited by Gordon on February 19, 2003 at 02:56 PM.]

  16. #16
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    When we stopped accepting international orders, they just started using domestic accounts. Somewhere, some little group has targetted our system. For $25 a year you get 150 email accounts, so they would sit there an open multiple paypal and other accounts all from this one account.

    I hate to say it, but for now we just stopped accepting credit cards. We have zero fraud in our hosting business, and now running 30% fraud in the email. I can't let the email jack up our % with the CC company.

    I am so disgusted with people today. When we closed all CC ording today and posted a notice why - we got a DOS attack.

    I am not a violent man. But if I ever caught these jerks, I would break every bone in their bodies, one bone at a time.

    Chet

  17. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Suit against Visa, MasterCard,Amex and Discover
    By Farrukh - Arabian Bazaar in forum Midnight Cafe'
    Replies: 4
    Last Post: June 17th, 2003, 03:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •