credit card fraud
Latest
Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.
Netswipe turns your webcam into a credit card reader, brings POS payments to the desktop
Credit card fraud costs the banking industry billions of dollars every year, and with companies yet to find an entirely secure system for processing payments online, there's no end in sight for unauthorized transactions. Jumio hopes to bring both security and convenience to the world of online payments, however, with its webcam-based Netswipe secure card reader solution. The system replicates the point of sale (POS) transactions you experience when making in-store purchases, prompting cardholders to scan the front on their credit card, then enter their CVV code using a tamperproof mouse-controlled interface. We're not sure how the software is able to distinguish a physical credit card from, say, a photocopy of a card, but it certainly sounds more secure than the standard input form we use today. It also reduces card number theft from insecure forms and website spoofing, by verifying details through a live video stream. Jump past the break for the full press release, along with video overviews of Netswipe and Jumio, which recently secured $6.5 million in initial funding and is backed by Facebook co-founder Eduardo Saverin.
Scott Hartsman says gold farming hurts our games more than we know
Gold buying is one of those aspects of MMO culture that is seemingly universally denounced, yet enough people partake in the practice to keep the wheels of this grey market activity going. Scott Hartsman may be saying the obvious when he denounced gold farming and selling to Gamasutra, but apparently it is still something we need to hear. The Trion Worlds general manager shared a glimpse of just how hard these activities hit games, and how concerned he and other studio execs are about the proliferation of credit card fraud that results: "It's those kinds of things where people laugh and go, 'Oh, that never happens.' No. It happens. It happens a s**tload. To the point where, over the last three or four years, I would dare anybody to ask an exec at a gaming company how much they've had to pay in MasterCard and Visa fines, because of fraud. It happens a lot." According to Hartsman, the more these events take place, the more money studios spend on paying fines and dealing with them instead of reinvesting funds into the games themselves -- all because of the "jerks" perpetuating the crimes.
Talking Sony and identity protection with LifeLock
As Sony continues to struggle to restore service to both the PlayStation Network and Sony Online Entertainment's MMOs following a hacking intrusion that resulted in millions of customer identities being compromised, players are understandably concerned about how secure their information is with similar companies. Even though Sony promised to provide a year's worth of identity theft protection for affected customers, part of the responsibility for safeguarding against such theft lies with us. As such, we spoke with Mike Prusinski, the Senior Vice President of Corporate Communications for LifeLock, an identity theft protection service. We asked him about what we should be doing to protect our identities online -- and what Sony could have done better in the first place. Massively: What are the most common ways that people have their identities stolen? Mike Prusinski: Though there are no statistics that point to one way over another, consumers get their personal information lost through stolen laptops, hackers, stolen mail, trash, skimming devices, scams (email, phone calls and personal visits), peer-to-peer networks and public websites.
iTunes gifting grifter cleaning out British bank accounts
On January 25th, The Register reported that one unlucky bloke saw his bank account emptied through a series of iTunes monthly gift purchases sent to an unknown Hotmail account. He was informed of the theft by an e-mail from Apple, saying his gift purchase had been confirmed, but alas, he'd already been taken to the tune of £1,000. It's been over a week since the story appeared, but accounts continue to pour into an Apple customer support forum, echoing the accusations made to The Register -- and, boy are people mad. Apparently, customers seeking Apple's help have received a pat response that sounds awfully familiar: cancel your credit card and report the charges to your bank. We've yet to hear of this happening anywhere outside the UK, but we're still interested to see how the great iTunes heist shakes out. If a suspicious Hotmail account is sucking you dry, we want all the sordid details.
UK teen buys $750,000 of his own music from iTunes using stolen credit cards (update)
A UK teen named Lamar Johnson has recently plead guilty to one count of conspiracy to defraud. His crime? It seems that he and his band (both in a musical sense and in a "Robin Hood" sense) used stolen credit cards to purchase something like $750,000 worth of their own music from both Amazon and the iTunes Store between January 2008 and June 2009. There's no telling how much the group would have earned from royalties, and the name of the band hasn't been disclosed (believe us, we looked), but something tells us that they probably recorded dubstep. Also, something tells us that -- since the royalties would have to be paid out to someone with a bank account -- this was a painfully easy case for prosecutors to crack. While Johnson will find his sentence tacked onto the 5-year jail term he is currently serving for grievous bodily harm, the rest of his 12 member "band" will have to wait until they appear in court in January to discover their fate. Update: One of our fine commenters (christianoliff) dug up an article from the Sunday Mercury that discloses a little more info on the perp, including a dashing photo and the name of his MySpace artist page. Apparently his criminal enterprise was more of a 2-step thing.
Bobby Kotick talks about what Blizzard can do for Activision
The Wall Street Journal sat down to interview Activision CEO Bobby Kotick, and our little World of Warcraft game got a nice bit of face time (one wonders why no one's asking Blizzard CEO Mike Morhaime about, say, Guitar Hero, but who are we to question the corporate structure?). Kotick says that Activision closely examined what everyone else was doing with MMOs and online gaming, and saw that the only real winner in the market was Blizzard. Rather than investing in their own franchise, then, they decided to just buy Blizzard from Vivendi (and as you know, that's what happened). Kotick says what's so difficult about running these online games is just the scale -- you've got to handle credit card fraud, keep thousands of servers up and running (and patched), and still provide a good experience for millions of players at a time.Kotick also talks about the way that WoW is sold in Asia (there, instead of paying a monthly fee, many people in Internet cafes pay per hour in cash), and says that Blizzard's experience with setting up a viable pay model may come in handy with other Activision properties overseas, Guitar Hero being his first choice.We're still not exactly clear on how all of this relationship works -- while both Blizzard and Activision have said in the past that it's hands off, you have to think that even though things are buddy-buddy now while the money's flowing, but what happens when the two sides start to disagree?
Another blow in the keylogging experience
Thank you all for the encouragement I received in response to my recent keylogging experience. As a whole the experience was just dreadful. As I mentioned on last week's WoW Insider Show podcast, I am still afraid every time I log in that I will get the "The information you have entered is not valid" error. For the most part things have settled down, but the fear remains. The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse. I got more bad news in my email box the other day:
