CreditCardFraud
Latest
Retailers fight to silence customer data breaches
A consortium of retailers, including Target and Home Depot, vowed to fight a data breach notification bill. The bill, HR 2205 from Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.), would require companies to tell customers when they've been hacked and would also require the encryption of data in both storage and transit. It would hold retailers to the same data-security standards as the financial sector. The large and powerful Retail Industry Leaders Association (RILA) sent a letter on Tuesday to House leadership saying that "it makes no sense to take one industry's regulations and apply it to a large segment of the economy without understanding the consequences."
How Armenian gangsters blew up the fingerprint-password debate
Paytsar Bkhchadzhyan is a woman with a colorful past and a bummer of a present. She arrived this week in news stories with a string of criminal convictions and gained notoriety for pleading "no contest" to felony identity theft early this year. Her iPhone was seized from the home of her boyfriend, one Sevak Mesrobian, a member of Los Angeles-based gang Armenian Power. Her fingerprint then began its long journey to giving civil-liberties fetishists a new storyboard for their "bad touch" role-play scenes.
Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.
Netswipe turns your webcam into a credit card reader, brings POS payments to the desktop
Credit card fraud costs the banking industry billions of dollars every year, and with companies yet to find an entirely secure system for processing payments online, there's no end in sight for unauthorized transactions. Jumio hopes to bring both security and convenience to the world of online payments, however, with its webcam-based Netswipe secure card reader solution. The system replicates the point of sale (POS) transactions you experience when making in-store purchases, prompting cardholders to scan the front on their credit card, then enter their CVV code using a tamperproof mouse-controlled interface. We're not sure how the software is able to distinguish a physical credit card from, say, a photocopy of a card, but it certainly sounds more secure than the standard input form we use today. It also reduces card number theft from insecure forms and website spoofing, by verifying details through a live video stream. Jump past the break for the full press release, along with video overviews of Netswipe and Jumio, which recently secured $6.5 million in initial funding and is backed by Facebook co-founder Eduardo Saverin.
iTunes gifting grifter cleaning out British bank accounts
On January 25th, The Register reported that one unlucky bloke saw his bank account emptied through a series of iTunes monthly gift purchases sent to an unknown Hotmail account. He was informed of the theft by an e-mail from Apple, saying his gift purchase had been confirmed, but alas, he'd already been taken to the tune of £1,000. It's been over a week since the story appeared, but accounts continue to pour into an Apple customer support forum, echoing the accusations made to The Register -- and, boy are people mad. Apparently, customers seeking Apple's help have received a pat response that sounds awfully familiar: cancel your credit card and report the charges to your bank. We've yet to hear of this happening anywhere outside the UK, but we're still interested to see how the great iTunes heist shakes out. If a suspicious Hotmail account is sucking you dry, we want all the sordid details.
UK teen buys $750,000 of his own music from iTunes using stolen credit cards (update)
A UK teen named Lamar Johnson has recently plead guilty to one count of conspiracy to defraud. His crime? It seems that he and his band (both in a musical sense and in a "Robin Hood" sense) used stolen credit cards to purchase something like $750,000 worth of their own music from both Amazon and the iTunes Store between January 2008 and June 2009. There's no telling how much the group would have earned from royalties, and the name of the band hasn't been disclosed (believe us, we looked), but something tells us that they probably recorded dubstep. Also, something tells us that -- since the royalties would have to be paid out to someone with a bank account -- this was a painfully easy case for prosecutors to crack. While Johnson will find his sentence tacked onto the 5-year jail term he is currently serving for grievous bodily harm, the rest of his 12 member "band" will have to wait until they appear in court in January to discover their fate. Update: One of our fine commenters (christianoliff) dug up an article from the Sunday Mercury that discloses a little more info on the perp, including a dashing photo and the name of his MySpace artist page. Apparently his criminal enterprise was more of a 2-step thing.
