credit card & gift card fraud (from today's comp.risks).
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Thu Jan 10 15:13:06 EST 2002
other postings and recent info from comp.risks:
http://www.garlic.com/~lynn/aadsm9.htm#carnivore3 Shades of FV's Nathaniel
Borenstein: Carnivore's "Magic Lantern"
http://www.garlic.com/~lynn/2002.html#19 Buffer overflow
http://www.garlic.com/~lynn/2002.html#20 Younger recruits versus
experienced veterans ( was Re: The demise of compa
http://www.garlic.com/~lynn/2002.html#35 Buffer overflow
http://www.garlic.com/~lynn/2002.html#37 Buffer overflow
http://www.garlic.com/~lynn/2002.html#39 Buffer overflow
========================================================
Date: Mon, 07 Jan 2002 20:07:25 -0500
From: David Farber <dave at farber.net>
Subject: Credit-card cloners' $1B scam
Homemade machines costing about $50 are being used to read credit-card
mag-stripes, without having to steal the cards. The information is then
e-mailed abroad, where cloned cards are fabricated. This has become a
billion-dollar-a-year enterprise.
[PGN-ed from Monty Solomon's e-mail to Dave's IP, subtitled Terrorists,
mobsters in on hacking racket, by William Sherman, *NY Daily News*
http://www.nydailynews.com/today/News_and_Views/City_Beat/a-137421.asp]
[The gadget was first demonstrated in maybe 1960s at Caltech as part of a
demo on how poor the mag-striped credit cards were. In spite of that,
they
won. Dave]
------------------------------
Date: Sat, 29 Dec 2001 09:59:00 -0600
From: Tim Christman <tjc at wavetech.net>
Subject: Mag-stripes on retail gift cards
Here's a link to an article on MSNBC that I found interesting --
http://www.msnbc.com/news/598102.asp?0dm=C216T&cp1=1
Many retailers are replacing paper gift certificates with small plastic
cards containing magnetic stripes, similar to credit cards. Ideally, the
purchase of a gift card would result in a database being updated to reflect
the balance associated with the card's unique account number.
Some retailers are using sequential account numbers and have no provisions
to protect against a thief using a mag-stripe reader/writer to re-program a
stolen card or small denomination card so that it matches the account
number
of a larger valued card purchased by someone else. Many retailers even
provide a convenient 1-800 number so that the thief, knowing many valid
account numbers, can "shop" for a card of significantly greater value.
The RISK: A form of fraud, difficult to trace, involving a minimal
investment in equipment by the thief. Also note that the thief only
requires the ability to query the back-end database (through the toll-free
number), not the ability to manipulate the records. Perhaps more
ominously,
the risk is angry family members who find a zero balance on their gift
cards!
Solutions: One retailer, mentioned in the article, uses optical bar-coding
which can't be re-encoded without defacing the card. Another follows a
technique used by many credit card companies -- extra check digits are
included in the mag-stripe that are not visible on the face of the card.
It
seems astounding that this isn't being done by all.
------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list