Credit Cards & Identity Theft - Online Fraud
Category: Online Payments | Date: 2002-08-20 |
Recently, my personal credit card account number was compromised. Is this going to stop me from continuing online transactions? No way. This article is about basic credit card security and what to do if you find your number is hacked. It also contains information about identity theft.
In my case, while an unwanted party gained my account details, no transactions were made. The bank's fraud department were understandably hesitant in releasing details of the compromise, but they were very quick in taking action. At this point in time I'm not even sure that the offending party was an online merchant, freelance hacker or traditional retailer.
The media in general have fed the netizen community paranoia levels regarding online transactions. Yes, credit card numbers are stolen and yes, there are victims who suffer financial loss. But submitting your credit card details online is no different to handing your card to a shop assistant that you don't know or a waiter you have never met before. There is very little stopping merchants we carry out transactions with on a face to face basis from gathering detailed lists of account numbers to be sold off on the black market.
The media have also fed the xenophobic cold war attitudes of years gone by by focusing on certain countries. Credit card number hackers are "Russian", true. They are also American, Australian and English. Every country in the world has a community of identity theives, scammers and spammers.
If you own a credit card and don't carry out online transactions, it doesn't mean you are safe. We need to remember that most of the world's information systems are now connected somehow to the Internet. All your vital details are now available online; regardless of whether or not you are a Internet user. It's all down to usernames, passwords and IP addresses. If you have ever collected a welfare payment, taken out an insurance policy or registered a vehicle - congratulations! You are now part of the World Wide Web, like it or not. You can now emerge from your identity fortress as resistance is futile. That's the reality of our modern lives.
So, now after having blown away your misconceptions of your privacy, and your false security of being safe from identity theft, let's deal with reality!
Identity theft and credit card fraud is on the increase, such is the nature of an online world. How do we as netizens and webmasters protect ourselves and our clients as best as possible? It boils down to a number of simple guidelines.
Passwords - Know that little window that pops up and politely asks you if you want your computer to remember certain user names and passwords? Don't tick it! Most passwords are stored in a special file on a Windows 95/98/ME system and every half baked pimply would-be hacker knows what it is. If you are not using a firewall, it is pretty easy for these people to snatch your password file and then crack it at their leisure using freely available programs.
Password length can also add as extra protection. Those extra few numbers and letters make all the difference. Read the article:
Safety in numbers and letters
http://www.tamingthebeast.net/articles/safetyinnumbers.htm
Web masters, if you are keeping user information on your web server, ensure it is stored in the proper directory with the proper permissions. Better still, wherever possible, store minimum client information on your server. Even better, ensure that all sensitive details that your visitors may submit occur over an SSL connect. A web server is the equivalent of a 7/11 store - open all hours for valid and non-valid customers. There is NO 100% guaranteed safe system
Firewalls - A personal firewall is now a necessity, not a luxury. The script kiddie problem is increasing. A script kiddie is someone who fancies themselves as a hacker and utilises freely available programs to compromise your system via the Internet. Script Kiddies have caused major problems over recent years and have been known to post up credit card numbers for all to see. Why? Bragging rights, a great deal of the time. There are over 60 000 points of entry on your PC. You can read more about the issue and gain an overview of personal firewalls by reading the articles:
Script Kiddies - Vermin of the Internet
http://www.tamingthebeast.net/articles/scriptkiddies.htm
Script Kiddies - An advice to parents
http://www.tamingthebeast.net/articles/scriptkiddies2.htm
Script Kiddies 3 - Grill a Kiddie
http://www.tamingthebeast.net/articles/kiddies3.htm
========
Who are you? - Before you click the submit button for that ezine that you really gotta have; how much information are you having to give away? A name and email address should be all that's needed in most cases. Even if you aren't having to submit credit card numbers, you are still giving away information that enables people to build profiles on you which then make it easier for identity theft to occur. It's amazing how much information you can access just knowing somebody's date of birth. If a service provider is asking you for more than your name and email address; I strongly advise checking them out before submitting.
Web masters; you need to be able to supply freely available details about your organisation if you want visitors to sign up for your services. An applied and publicised privacy policy along with an "about us" page will serve to put your visitors minds at rest. You can read more about developing these vital pages here:
Bio Benefits:
http://www.tamingthebeast.net/articles/biobenefits.htm
Reassuring your visitors:
http://www.tamingthebeast.net/articles/reassurance.htm
=========
In the clear = danger - When you are asked to submit sensitive details such as credit card numbers, check your browser address bar. Does the address begin with https:? If it doesn't, you will be submitting details "in the clear" - unprotected. The https signifies a secure line of communications using inbuilt browser encryption, these days it is about as secure as you can hope for.
========
If you have the ability to bank online; it's probably wise to log in every couple of days to review transactions. The major banks, while quick to sniff out fraudulent activities these days, don't always pick up on fraudulent transactions. If you do see something that looks suspicious in your transaction history, don't panic, but immediately contact your bank who may freeze your account while they investigate. In the majority of cases, you won't be liable for the invalid transactions. But I will say that having your account compromised is very frustrating as it can take a week or two to reissue cards. And if, like me, you utilise online services frequently you'll find it a time consuming ordeal while contacting your suppliers to tell them of the changes.
The other major issue is identity theft. Why steal another persons credit card numbers when you can get your own under an assumed identity. I watched a disturbing report a few weeks ago concerning the head of a security firm; who incidentally refused to have an Internet connection at home, or carry out any personal transactions online. He challenged workers within the organisation to see how much information they could collate regarding him; using only the Internet as a tool.
The pile of documentation that was gathered within a couple of weeks was frightening. The file he was presented with was over two inches thick and contained amongst other things a certified copy of his birth certificate. With that type of information, a person could obtain a credit card, a drivers license, etc. etc. and happily build up huge bills under his name. There are many documented cases of identity theft and it has ruined innocent people's lives.
There are many "spy" services out there, that for only a few bucks are quite willing to provide anyone with enough information to begin building a usable personal profile. It's legal to provide this sort of information which includes court records, bankruptcy details, marriage and birth certificates. Even more disturbing is that a number of these services are provided by our Governments.
If you should start receiving strange bills for items you didn't order from companies you have never heard of, don't disregard them as billing mistakes. You may be the victim of identity theft. Contact your bank manager and law enforcement authorities immediately; it's better to be safe than sorry.
Whether netizen or web master, we can't stop credit card fraud or identity theft, but we can minimise it by being aware and taking responsibility for the amount of information we give away or store. This may cut down on the number of Script Kiddie type activities we are currently witnessing on the Internet.
To the Script Kiddies; if you think that credit card fraud, identity theft and other amateur hacking activities is kinda exciting and cool, just wait until it lands you in jail and see how exciting and cool that's gonna be! You will be caught; it's just a matter of time. I've been having a lot of fun lately busting you guys for port scanning. I'm sure the police will find a lot of other interesting details on your computers that you've been hiding from your parents.
To the scammers and spammers that have been trying to get me to open bank accounts, participate in illegal MLM and "surplus oil money" schemes; watch this space... your names and details will appear here soon! I'm more than happy to use the same technology you have used to target me to make your details public.
To the merchant that supplied not only my details but thousands of others illegally; it was comforting to hear that you have been caught and face a hefty jail sentence. May you live in interesting times.....
About the Author
Michael Bloch
tamingthebeast.net
Tutorials, web content and tools, software and community. Web Marketing, eCommerce & Development solutions.
michael@tamingthebeast.net
http://www.tamingthebeast.net
In my case, while an unwanted party gained my account details, no transactions were made. The bank's fraud department were understandably hesitant in releasing details of the compromise, but they were very quick in taking action. At this point in time I'm not even sure that the offending party was an online merchant, freelance hacker or traditional retailer.
The media in general have fed the netizen community paranoia levels regarding online transactions. Yes, credit card numbers are stolen and yes, there are victims who suffer financial loss. But submitting your credit card details online is no different to handing your card to a shop assistant that you don't know or a waiter you have never met before. There is very little stopping merchants we carry out transactions with on a face to face basis from gathering detailed lists of account numbers to be sold off on the black market.
The media have also fed the xenophobic cold war attitudes of years gone by by focusing on certain countries. Credit card number hackers are "Russian", true. They are also American, Australian and English. Every country in the world has a community of identity theives, scammers and spammers.
If you own a credit card and don't carry out online transactions, it doesn't mean you are safe. We need to remember that most of the world's information systems are now connected somehow to the Internet. All your vital details are now available online; regardless of whether or not you are a Internet user. It's all down to usernames, passwords and IP addresses. If you have ever collected a welfare payment, taken out an insurance policy or registered a vehicle - congratulations! You are now part of the World Wide Web, like it or not. You can now emerge from your identity fortress as resistance is futile. That's the reality of our modern lives.
So, now after having blown away your misconceptions of your privacy, and your false security of being safe from identity theft, let's deal with reality!
Identity theft and credit card fraud is on the increase, such is the nature of an online world. How do we as netizens and webmasters protect ourselves and our clients as best as possible? It boils down to a number of simple guidelines.
Passwords - Know that little window that pops up and politely asks you if you want your computer to remember certain user names and passwords? Don't tick it! Most passwords are stored in a special file on a Windows 95/98/ME system and every half baked pimply would-be hacker knows what it is. If you are not using a firewall, it is pretty easy for these people to snatch your password file and then crack it at their leisure using freely available programs.
Password length can also add as extra protection. Those extra few numbers and letters make all the difference. Read the article:
Safety in numbers and letters
http://www.tamingthebeast.net/articles/safetyinnumbers.htm
Web masters, if you are keeping user information on your web server, ensure it is stored in the proper directory with the proper permissions. Better still, wherever possible, store minimum client information on your server. Even better, ensure that all sensitive details that your visitors may submit occur over an SSL connect. A web server is the equivalent of a 7/11 store - open all hours for valid and non-valid customers. There is NO 100% guaranteed safe system
Firewalls - A personal firewall is now a necessity, not a luxury. The script kiddie problem is increasing. A script kiddie is someone who fancies themselves as a hacker and utilises freely available programs to compromise your system via the Internet. Script Kiddies have caused major problems over recent years and have been known to post up credit card numbers for all to see. Why? Bragging rights, a great deal of the time. There are over 60 000 points of entry on your PC. You can read more about the issue and gain an overview of personal firewalls by reading the articles:
Script Kiddies - Vermin of the Internet
http://www.tamingthebeast.net/articles/scriptkiddies.htm
Script Kiddies - An advice to parents
http://www.tamingthebeast.net/articles/scriptkiddies2.htm
Script Kiddies 3 - Grill a Kiddie
http://www.tamingthebeast.net/articles/kiddies3.htm
========
Who are you? - Before you click the submit button for that ezine that you really gotta have; how much information are you having to give away? A name and email address should be all that's needed in most cases. Even if you aren't having to submit credit card numbers, you are still giving away information that enables people to build profiles on you which then make it easier for identity theft to occur. It's amazing how much information you can access just knowing somebody's date of birth. If a service provider is asking you for more than your name and email address; I strongly advise checking them out before submitting.
Web masters; you need to be able to supply freely available details about your organisation if you want visitors to sign up for your services. An applied and publicised privacy policy along with an "about us" page will serve to put your visitors minds at rest. You can read more about developing these vital pages here:
Bio Benefits:
http://www.tamingthebeast.net/articles/biobenefits.htm
Reassuring your visitors:
http://www.tamingthebeast.net/articles/reassurance.htm
=========
In the clear = danger - When you are asked to submit sensitive details such as credit card numbers, check your browser address bar. Does the address begin with https:? If it doesn't, you will be submitting details "in the clear" - unprotected. The https signifies a secure line of communications using inbuilt browser encryption, these days it is about as secure as you can hope for.
========
If you have the ability to bank online; it's probably wise to log in every couple of days to review transactions. The major banks, while quick to sniff out fraudulent activities these days, don't always pick up on fraudulent transactions. If you do see something that looks suspicious in your transaction history, don't panic, but immediately contact your bank who may freeze your account while they investigate. In the majority of cases, you won't be liable for the invalid transactions. But I will say that having your account compromised is very frustrating as it can take a week or two to reissue cards. And if, like me, you utilise online services frequently you'll find it a time consuming ordeal while contacting your suppliers to tell them of the changes.
The other major issue is identity theft. Why steal another persons credit card numbers when you can get your own under an assumed identity. I watched a disturbing report a few weeks ago concerning the head of a security firm; who incidentally refused to have an Internet connection at home, or carry out any personal transactions online. He challenged workers within the organisation to see how much information they could collate regarding him; using only the Internet as a tool.
The pile of documentation that was gathered within a couple of weeks was frightening. The file he was presented with was over two inches thick and contained amongst other things a certified copy of his birth certificate. With that type of information, a person could obtain a credit card, a drivers license, etc. etc. and happily build up huge bills under his name. There are many documented cases of identity theft and it has ruined innocent people's lives.
There are many "spy" services out there, that for only a few bucks are quite willing to provide anyone with enough information to begin building a usable personal profile. It's legal to provide this sort of information which includes court records, bankruptcy details, marriage and birth certificates. Even more disturbing is that a number of these services are provided by our Governments.
If you should start receiving strange bills for items you didn't order from companies you have never heard of, don't disregard them as billing mistakes. You may be the victim of identity theft. Contact your bank manager and law enforcement authorities immediately; it's better to be safe than sorry.
Whether netizen or web master, we can't stop credit card fraud or identity theft, but we can minimise it by being aware and taking responsibility for the amount of information we give away or store. This may cut down on the number of Script Kiddie type activities we are currently witnessing on the Internet.
To the Script Kiddies; if you think that credit card fraud, identity theft and other amateur hacking activities is kinda exciting and cool, just wait until it lands you in jail and see how exciting and cool that's gonna be! You will be caught; it's just a matter of time. I've been having a lot of fun lately busting you guys for port scanning. I'm sure the police will find a lot of other interesting details on your computers that you've been hiding from your parents.
To the scammers and spammers that have been trying to get me to open bank accounts, participate in illegal MLM and "surplus oil money" schemes; watch this space... your names and details will appear here soon! I'm more than happy to use the same technology you have used to target me to make your details public.
To the merchant that supplied not only my details but thousands of others illegally; it was comforting to hear that you have been caught and face a hefty jail sentence. May you live in interesting times.....
About the Author
Michael Bloch
tamingthebeast.net
Tutorials, web content and tools, software and community. Web Marketing, eCommerce & Development solutions.
michael@tamingthebeast.net
http://www.tamingthebeast.net
Copyright © 2005-2006 Powered by Custom PHP Programming