Malware Inside the Credit Card Machine

(Update, July 2009: A BusinessWeek article puts the company’s side; maybe I was a little too harsh on them in this post.) This gives you an idea of how bad malware is getting, and how much we’re underestimating it: a U.S.. company that processes credit card transactions has just revealed that malware inside its computers …

Continue reading ‘Malware Inside the Credit Card Machine’ »

Goertzel, Rugby and the Sweet-talking Scam

The South China Morning Post reports (I’ve got the hard copy here; everything there is behind a subscription wall, so no full link I’m afraid) of a clever scam where the bad guys steal just enough stuff — cards + identity — from a victim to be able to social engineer their way into trust, …

Continue reading ‘Goertzel, Rugby and the Sweet-talking Scam’ »

Sideswiped by Skype

I love Skype and I write about it a lot, because I think it’s a great tool, especially for people in places where phone calls cost a lot. But those places tend to be developing countries where monopolies are powerful. Just those kind of places where credit card fraud is a problem. Like, say, Indonesia. …

Continue reading ‘Sideswiped by Skype’ »

How Long Did The ‘Biggest Data Theft In History’ Go Unreported?

I continue to be intrigued, but somewhat perplexed, by the CardSystems security breach that happened nearly two months ago now. Who knew it first, and who told who, and when? And why did it take so long to tell the rest of us? A U.S. company claimed it was its software that first spotted the …

Continue reading ‘How Long Did The ‘Biggest Data Theft In History’ Go Unreported?’ »

Phishing And The U.S.-Europe Link

A 23–year old man called Daniel A. Defelippi in the U.S. has pleaded guilty to three years of phishing and identity fraud, according to the the Democrat & Chronicle: A Rochester man admitted Tuesday that he engaged in widespread identity theft, pilfering credit card numbers through fake Web sites and even collaborating with computer hackers in Eastern European …

Continue reading ‘Phishing And The U.S.-Europe Link’ »

Napster’s Sleazy Front Door

I’m trying out some of the online music sites, and am presently playing around with Napster. What ticks me off about these services is they try to confuse the novice into handing over their credit card details before they can get into the service, even if they have already bought a pre-paid card. The offer …

Continue reading ‘Napster’s Sleazy Front Door’ »

Banks, Phishing And A Dereliction Of Responsibility

Online commerce suffers from one major flaw: It’s online. That means we need to use computers (or computer-like devices, such as cellphones). It means we need to use the Internet. Together this is a lethal cocktail. And for online banking, it just may mean it is fatal. Online banking, for example, is not like using …

Continue reading ‘Banks, Phishing And A Dereliction Of Responsibility’ »

A Glimpse Of A Tentacle From The Phishing Monster

Gradually the tentacles of the Russian gangs behind phishing are appearing. But we still have no idea how it really works, and how big the beast is. The Boston Herald reports today on the arraignment of a “suspected Russian mobster” on multiple counts of identity fraud, having allegedly obtained personal information from more than 100 victims …

Continue reading ‘A Glimpse Of A Tentacle From The Phishing Monster’ »

Credit Card Fraud And Keeping The Customer In The Dark

Banks have failed customers over credit card fraud; why should they do any better over phishing? Further to my piece on how banks had failed customers over phishing by continuing to communicate with them by email and failing to warn customers about possible breaches of security, here’s an example from the world of credit card …

Continue reading ‘Credit Card Fraud And Keeping The Customer In The Dark’ »