[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: Re: UKNM: Credit card fraud
From: Sajid Mohammed
Date: Thu, 25 Jun 1998 14:10:02 +0100

As far as I am aware, the only way to read an encrypted credit card
number would be to use a 'brute force' technique, which requires a
vast amount of processing time. I wonder if there are any friendly
computer science types who could work out how long it would take one
solitary hacker with a top of the line Pentium to do this? If people
were made aware of how much time it takes to crack *one* credit card
number, I am sure their fears would be allayed.

The other problem with credit card transactions is general fraud,
where stolen cards are used to purchase goods. To all of you who
manage e-commerce sites I would ask: what safeguards are you

If the general public are made aware that not only are credit card
transactions safe but that the web is not some kind of safe haven for
fraud, then this will go a long way to allaying fears. The truth will
indeed set you free - and create a much needed revenue stream for your

The following article is from http://www.virtualpromote.com/ and is
very interesting reading, especially if you are running your own
e-commerce site.

Sajid Mohammed
VirtualPROMOTE Gazette - Issue #46 - March 27, 1998

In my previous articles I have discussed the alarming increase in the
amount of online credit card fraud we have seen over the last 8 months
or so. I have also outlined specific steps you can take to eliminate a
lot of this fraud. My previous articles are archived on the Virtual
Promote website and also on our http://antifraud.com site under the
"Prevention Tips" page.

After my previous articles I received numerous messages from many
Gazeteers stating how the information I presented had saved them a lot
of money due to fraudulent orders they would have otherwise processed.
Now, I need a favor.

My company recently applied for the Better Business Bureau's Online
program. They easily approved two of our domains but would not approve
antifraud.com for the following reason: They do not believe that
online credit card fraud committed against merchants is really a
problem or, more specifically, is on the increase. They believe the
claim that such is true is exaggerated and misleading. They said they
would reconsider their position if I could provide statements
confirming this problem other than my own. So, here is the favor I
ask -

If any of you are so inclined, would you please email me at
&tjwalkeratantifraud [dot] com and outline, explain, expound upon your
personal experience with this situation. Specifically indicate if you

have seen an increase in the number of stolen or fraudulent credit
card orders over the last year or so, etc. I will then forward your
messages to the BBB to demonstrate that this situation all E-commerce
merchants face is real. I would very much appreciate your efforts.

Now, let me bring you up to speed on the current trends we are seeing
regarding this type of online fraud.

In my last article I described 3 types of criminals with one of those
types being the rank amateur. This month I have seen a big increase
in orders being placed with stolen credit cards by rank amateurs -
especially from Europe and Australia. Perhaps this new "fad" is just
now arriving in those countries with many not understanding how easy
it is to track them down.

Regardless, it makes it a little more difficult for merchants as you
have to pay very close attention to every order to look for
indications of fraud. In brief, I have received several orders from
Denmark and Australia from standard ISP issued Email addresses
(usually a good sign because the more experienced criminal would
either use a free, non-traceable Email address or the real pros
actually establish a domain on the net for the sole purpose of
committing fraud).

Following my standard procedure, I went to a browser and put a 'www.'
in front of the Email domain. Sure enough, they all came up as
legitimate ISPs - so far, so good. But wait, what's this?

An order from cbmatpopx [dot] dk (Denmark) using a credit card from someone
in Richmond, VA? A quick call to our credit card processor with a
"code 10" gave us the name and phone number of the issuing bank. A
quick call to the issuing bank confirmed this card was just reported
stolen. A quick WhoIS of popx.dk and the IP number this individual was
using http://antifraud.com/ipcheck.htm put us in Email contact with
the ISP. Within hours, the issuing bank was in contact with the ISP.
I think one particular, not so honest individual is in for a little

Then, just a few days ago we received two separate orders from a
how888atozemail [dot] com [dot] au (OzEmail is a very large ISP in Australia). Both
orders contained the same name and address. However, the orders were
for different software products and each order used a different credit
card. Why would someone place two orders only hours apart using two
different credit cards? Possible? Yes. Suspicious? Definitely!

I sent an Email to my Australian contact who is the Internet Fraud
Control Coordinator that works with all Australian credit card
issuers. Within 24 hours he had replied. One of the cards was
definitely stolen and he was waiting to hear from the issuing bank on
the other. Good enough for me - both orders went into the trash.
Again, I sent a message to OzEmail alerting them to the illegal
activity of one of their members. I put them in touch with my contact.

I just love the joy of giving. It those little, unexpected surprises
that mean so much! Until next time -

T.J. Walker supportatsoftwaresolutions [dot] net
SoftwareSolutions.Net http://softwaresolutions.net
The Best in Web Software and Services

--- Jim's .02 --- I would ask all of you with any information about
credit card fraud, or personal experience with it, to reply to TJ's
request. The fact that an organization like the Better Business
Bureau, which has in the past been in the forefront of merchant
rights, can have fallen so far out of touch with the realities of
virtual business does not bode well for the future of many of our old
line organizations. If we want them to survive we have to let them in
on what is happening in the real world of business. If they don't
catch up they will remain a company that sells placques for your wall
and nothing more. ---

Get your free @yahoo.com address at http://mail.yahoo.com

  Re: UKNM: Credit card fraud, Craig Pickup

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]