Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One...

from the just-assume-someone-else-has-your-cc-info dept

Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there's apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it's getting silly to have static credit card numbers, since it seems like we're replacing our cards every few months anyway.

Filed Under: credit cards, data breach
Companies: mastercard, visa

May Have A New Winner In The Largest Security Breach Ever Department

from the and-it-will-get-larger,-I'm-sure dept

In the past, we've joked about how with pretty much every security breach, there's an initial estimate of the damage done, followed much later by a second report that admits the breach impacted many more people. It happened with the VA. It happened with Choicepoint. And, it happened with TJX, who raised the bar on being the worst security breach ever not once, but twice to impact nearly 94 million people. Who could top that?

Step up to bat, Heartland Payment Systems. Chris writes in to point out that Heartland appears to have picked a pretty good day to announce a security breach that may impact over 100 million people. Everyone's off paying attention to the inauguration, so they might miss the news as it comes out today -- but they're likely to hear about it soon enough. It appears that Heartland's own computers were infected with malware which passed on information about transactions to some scammers.

Heartland is now claiming that this really isn't that big a deal, because personal information wasn't included in the breach -- meaning the data was useful for creating new cards with bogus data, but not useful for "card not present" transactions such as internet transactions or creating fake cards of real people. Because of this, Heartland doesn't think that it should need to offer credit monitoring services to impacted users, which has become the somewhat standard penance for those caught leaking credit card info.

Of course, some are already questioning the timing of announcing the breach. Considering they figured out what happened a week ago, it does seem a bit of interesting timing to wait until the inauguration was underway to disclose this information.

Still, given the history of so many earlier breaches turning out to be much worse later on, what's the over-under on the next announcement about how much worse this breach actually was?

Filed Under: credit cards, security breach
Companies: heartland payment systems

Study Says Lots Of Kids Are Making Sneaky Purchases Online With Parents' Cookied Credit Card Info

from the cookies-are-for-kids dept

Plenty of online shopping sites let customers store their credit card info to make it easier to purchase stuff in the future. And, for most home users, that is a convenient feature -- as it seems unlikely that a third party would access your computer and use your credit cards to order stuff. Except, apparently, a lot of parents forget about their kids being able to do that. A study in the UK found that plenty of kids were buying stuff online without their parents' knowledge or approval, using the stored credit card info on certain web shopping sites. Of course, if parents checked over their credit card statements regularly (or received the packages when delivered), you would think they would notice such activity.

Filed Under: credit cards, kids, purchases

Dear Verizon: I Haven't Been An MCI Customer In Four Years

from the customer-service dept

About five or six years ago, I had landline phone service from MCI. In the age before VoIP was common, MCI had a service called "The Neighborhood" which was like many VoIP services today, but without the VoIP part. Unlimited calls for a single flat rate and such advanced (at the time!) features as emailing you your voicemails. It wasn't a bad deal, and I used it for a year or two, until I was getting ready to move. VoIP services had become popular, so I transferred that phone line to a VoIP account and canceled the MCI service in 2004. And that was that. Or so I thought. In 2006, Verizon bought what was left of a scandal-ridden MCI, and as far as I knew, the MCI brand had pretty much gone away.

Yet, in the last couple of weeks, I've received a barrage of robocalls from MCI, letting me know that my credit card is expiring, and I need to log into mci.com to update the card. The call notes that my bill is automatically charged to this credit card and if I want to "continue enjoying this convenience" I need to update soon. The call is correct in that the credit card I used back when I had MCI expired this month, but is it that hard for Verizon (or whoever it is) to recognize that the very phone number they're calling me on hasn't been connected to MCI service in four years and that the company has not, in fact, billed me during that time? And, honestly, why did they hang onto my credit card info for so long? And, finally, why call me three times a day with no way for me to tell them to knock if off? I thought perhaps this was a new form of phishing, but the call directs you to log into mci.com itself, so it sounds like it's legit. Either way, it raises plenty of questions about MCI (and now Verizon's) data handling practices.

Filed Under: credit cards, customer service, robocalls
Companies: mci, verizon

Massive Stolen Credit Card Number Site Shut Down

from the good-work dept

It took quite some time for authorities around the world to recognize the extent to which organized crime was using the internet for various scams and frauds, but in the last year or so, it seems like many agencies around the world really are looking to go after the criminals. The latest example is that Darkmarket, an invitation-only secretive forum for buying and selling credit card numbers, has been shut down, and 60 people involved with the site have been simultaneously arrested. This is definitely a step up from what we were hearing just a couple of years ago, where the best authorities could do was arrest kids messing around with phishing scams, rather than actually going after the organized criminals who were the real issue. Cracking down on one site and arresting 60 individuals isn't going to stop these scammers, but it's at least good to see authorities trying to focus on the real problem cases, rather than just the small fry. Update: As was pointed out in the comments, it appears the original BBC article we relied on has the story a bit wrong. The site itself was actually an FBI-run honeypot. So, while the site was taken down, the story of how the whole process worked is quite different than what was implied in the first article.

Filed Under: arrests, credit cards, darkmarket, forums, organized crime, scams

Don't Complain To WalMart About The Empty Laptop Box You Bought With Stolen Credit Cards

from the scammer-vs.-scammer dept

Well here's one for the dumb criminals series. Apparently, some guys with a bunch of forged credit cards and stolen credit card numbers went to Wal-Mart and bought a laptop. Except, somehow someone at Wal-Mart scammed them... and sold them an empty box. The guys got pissed off and went back to Wal-Mart to complain. Not surprisingly, the Wal-Mart employees thought the guys were trying to scam the Wal-Mart -- not with the fake credit cards -- but with the empty box. So they called the police, and hilarity ensued, as one guy tried to run away and dropped a bunch of the stolen credit cards. But, of course, the real kicker is that the guys weren't lying. Wal-Mart had accidentally sold them an empty box. Still, it makes you wonder what the hell the guys were thinking when they went back to complain about the empty box that had been sold to them using stolen credit cards.

Filed Under: credit cards, empty box, scammers
Companies: wal-mart

Forget Credit Cards, Scammers Now Want Your VoIP Accounts?

from the worth-more-money dept

Last month, we pointed out that the market for stolen credit card data was so saturated that prices were falling. Of course, that just inspired scammers to go looking for other types of data that was a bit harder to find: VoIP accounts. According to the BBC, scammers selling VoIP account info are now able to get higher prices than those selling credit card data. Of course, it's not at all clear how widespread this really is. The info seems to be coming from a company trying to sell a solution to deal with this -- which already makes it somewhat suspect. Also, you have to wonder how valuable VoIP account data really can be compared to credit card numbers which have much wider applicability. Either way, it will be interesting to see how the market deals with the "glut" of credit card data out there, and where else data scammers turn.

Filed Under: credit cards, identity fraud, voip