[Asterisk-biz] CC Fraud

steve steve at 17q.com
Sat Jun 18 17:21:23 MST 2005 

You guys know very little about credit cards.   First, it is true that one
of the largest processors had their system compromised.  

What this means is a lot a credit cards with their security codes have been
stolen.  This is no big deal because most companies will not ship to an
address that is not the billing address of the credit card company.  

Almost everyone uses AVS (Address verification System) to verify the credit
card billing address.   If a thief tries to use a valid credit card with a
valid security code and the wrong billing address then the card will be
rejected.

Now for the real problem, what an educated thief will do is print up his own
credit card with the fraudulent information and present it in person with a
fraudulent identification.   One of the biggest problems is a person who has
a credit card that shows a valid expiration date while the rest of the
information has been canceled.  Using a home computer and a card
scanner/writer one simply puts on the cancel credit card the stolen
information.  Most stores will not check the imprinted information on the
credit card versus the information that is printed on the sales slip.  Smart
people always check the information on the credit card with the information
that the customer signs.

Steve

-----Original Message-----
From: asterisk-biz-bounces at lists.digium.com
[mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of snacktime
Sent: Saturday, June 18, 2005 12:05 PM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: Re: [Asterisk-biz] CC Fraud

On 6/18/05, Andres <andres at telesip.net> wrote:
> 
> >>>
> >>
> >> MasterCard announced yesterday the theft of 40,000,000 credit card
> >> numbers (and associated information, including CVV) from Card
> >> Services Intl, one of the big CC processors.
> >>
> >> So, we know that there are at least 40,000,000 valid card numbers and
> >> CVVs out running around right now.  Even worse, the theft occurred
> >> 5/22 and the FBI got everyone to keep quiet.  (*sigh*)
> >
> >
> > Can you tell us where exactly you saw this announcement?  Thanks,
> >
> OK... I see the announcement but I see the company mentioned is
> "CardSystems", and not "Card Services International".  I believe both
> companies are not related.  Correct me if I am wrong please.
> 
> Furthermore if the theft included CVV records then they are in clear
> violation of MasterCard and Visa policies which explicitly say those
> numbers cannot be stored anywhere.

You might be surprised at how many companies are out of compliance. 
We went through our security audit for visa/mastercard last year, and
the chats I had with the auditor were interesting.  Things like
application level security and asymmetric encryption are not exactly
widespread or even understood.  A lot of companies still rely almost
solely on their firewall for protection.

Chris
_______________________________________________
Asterisk-Biz mailing list
Asterisk-Biz at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-biz

More information about the asterisk-biz mailing list