Credit card frauds
One of the world’s foremost experts on computer security, Bruce Schneier, writes on his blog about the recent theft of 130 million credit card numbers:
Yes, it’s a lot, but that’s the sort of quantities credit card numbers come in. They come by the millions, in large database files. Even if you only want ten, you have to steal millions. I’m sure every one of us has a credit card in our wallet whose number has been stolen. It’ll probably never be used for fraudulent purposes, but it’s in some stolen database somewhere.
Years ago, when giving advice on how to avoid identity theft, I would tell people to shred their trash. Today, that advice is completely obsolete. No one steals credit card numbers one by one out of the trash when they can be stolen by the millions from merchant databases.
I had read in the past about online thieves selling credit card data for a few cents per thousand cards, but I did not realize that things were so bad.
What is also interesting is that you do not need to use credit cards in online transactions, or in some fraud prone South East Asian country for your card number to land up in a stolen database. The number gets stolen from large retail chains in the best of countries.
Of course, Schneier is talking only about credit card numbers, so with the increasing use of two factor authentication, it may take something more to actually use the card, but that something more is often surprising little.
Posted at 11:54 am IST on Fri, 28 Aug 2009 permanent link
Categories: fraud
Comments