Comments on: Spanish Credit Card Fraud

By: inaequitas

inaequitas — Thu, 23 Mar 2006 23:10:48 +0000

I get e-mails everyday from the dataloss mailing list over at attrition.org regarding loss of, well, data. You would be surprised on how many ’safe’ companies lose personal data of customers through various means, about half of which are caused by crackers. Deloitte and Ernst & Young are just the most recent names to come to mind. These companies have blocks of CC numbers, not just one or two. This, then, explains how your number got to Spain.

People that have CC information will usually trade them overseas. They will then write out white-cards and proceed to cash-out at the nearest bank machines. Sometimes they will order goods, but that’s too risky. Much easier to go with 20 cards at an ATM in a shady convenience store, pop a grand or 500 from each and leave. Some people make a lot of money out of cash-outs like these.

Of course liability should fall on those companies that do not use enough protection on their systems, physical, digital and otherwise.

By: brettbum

brettbum — Fri, 17 Mar 2006 23:32:17 +0000

I used to work for an electronics company. Last summer the companies online store was targeted by fraudsters in NJ. The basic scam was that they had bought numbers online somewhere. They didn’t have the correct name as printed on the card, nor the three digit code on back. They did have the expiration date, but no addresses.

So our site which flagged for cc number, expiration date, 3 digit code, billing address & phone number kept haulting the transactions. But the fraudsters kept trying different variations on names and addresses. Ergo J S Smith, John S Smith, Jon Smith.

They would try different combinations for small amounts trying to get a preliminary authorization. If they got an authorization they would put in a large order (several thousand dollars) if it was rejected for limit reasons they would try and scale it down.

What they did not know was that our company would not ship large orders via cc, so we never processed/charged the cards, and we were able to see the trend of what they were doing and turn it over to the NJ police.

The NJ internet police however thought that this particular area of NJ was to dangerous to stake out so nothing ever came of it.

Sounds like the fraudsters in Spain had some but not enough info to put through on the site, and you were protected in part by Chase and in part by the merchant service company and in part maybe by the controls of the online store.

By: mg

mg — Wed, 15 Mar 2006 03:30:39 +0000

About two months ago I got a credit card from Chase Bank. On 3/6/06 my husband noticed that we had a charge from Arteoptica in Spain. They also tried to purchase something else but it did not go through. I am very upset about reading about the same thing happening to other people with a Chase Card to the same place Arteoptica. What’s going on here? Why the same place with the same bank? Confused……..

By: Denis de Bernardy

Denis de Bernardy — Wed, 15 Mar 2006 03:04:03 +0000

Could be all sorts of reasons. Unless I’m mistaking, a massive amount of CC numbers were stolen in the past year or so. Could be that yours was among them.

It could also be that your card got copied while you made an offline order. My ex-girlfriend experienced this in Quebec: She purchased something with her card there, and the next week her bank account got emptied.

By: Mary Ann

Mary Ann — Mon, 13 Mar 2006 14:45:56 +0000

Interesting. My Chase card used to be a Bank One card before the merger. On four occasions Bank One security called me before authorizing a charge. Once it was me shopping out of town, Once it was me buying something out of character (remember the old ad showing a guy in bluejeans buying a tux?) Twice it was unauthorized users making large purchases. There was no need to replace my card. In the cases of the two fradulent charges, they simply didn’t authorize the charge. I’m hoping Chase has the same diligent security Bank One had.