[CTRL] Vast online credit card theft revealed

[Kris Millegan]

-Caveat Lector-   <A HREF="http://www.ctrl.org/">
</A> -Cui Bono?-

from:
http://www.msnbc.com/news/382561.asp?cp1=1#BODY
Click Here: <A HREF="http://www.msnbc.com/news/382561.asp?cp1=1#BODY">Vast
online credit card theft revealed</A>
-----
 By Mike Brunker
� MSNBC         March 17 �  In the largest known case of cybertheft, a
computer intruder stole information on more than 485,000 credit cards from an
e-commerce site and then secretly stored the massive database on a U.S.
government agency�s Web site, MSNBC.com has learned. Credit card companies
notified financial institutions, but many of the compromised accounts remain
open to this day because the banks neither closed them nor notified customers
of the theft.

       THE HEIST occurred in January 1999, but only a few details have
previously been made public.

       The scope of the crime emerged in a letter dated Dec. 27 from Visa USA
to member financial institutions. Jim Macken, a Secret Service spokesman,
confirmed that the incident had occurred and added some details in an
interview on Thursday.

       The Visa letter, a copy of which was provided to MSNBC by a source in
the banking industry, quotes federal authorities as saying that the credit
card information � including expiration dates and cardholder names and
addresses � was stolen from an Internet retail site by a hacker.

�   Will hackers kill credit cards?

�   E-business vs. the perfect cybercrime

�   Internet merchants fight back

�   Credit card fraud � it was easy

       It said the store of data on Visa, MasterCard, American Express and
Discover cards was discovered on an unspecified government computer system
during an audit. The letter did not say when the stolen data was found, but
Macken said it was discovered before March 1999 on the Web site of a U.S.
government agency, which he declined to identify.
       �This government Web administrator noticed that a lot of the memory
was chewed up for no reason, so he checked and found the file (containing the
stolen data),� he said.

NO EVIDENCE OF FRAUDULENT USE
       There was no evidence that any of the cards were used to commit fraud
and some of the accounts were not active, Macken added.
       The letter said that authorities had not identified the thief, but
Macken said investigators have since traced the criminal to Eastern Europe.
The investigation is ongoing and involves diplomatic contacts with the
country in question, he said.
       The Internet retail site from which the data was stolen has also since
been identified, but Macken declined to name it.

�   MSNBC Cable coverage
Watch MSNBC Cable for coverage of this and other stories        It was
unclear why the thief hacked the government Web site and stored the data
there, Macken said, though he allowed that the act might have been the online
equivalent of thumbing one�s nose at U.S. authorities.
       As MSNBC reported last week, U.S. authorities have so far been stymied
in their attempts to prosecute credit card thieves and fraud rings based in
the former Soviet bloc nations and Asia.

 Overseas fraud artists are untouchable

       Secret Service officials testified about some details of the case
before Congress early last year to demonstrate the peril that computer
hackers pose to online commerce, Macken said. Their comments generated little
coverage, however, and the scope of the case is only now becoming clear.

EFFORT TO HIGHLIGHT INACTION    Has recent news about online credit card
fraud made you less willing to make purchases over the Internet?
* 28862 responses
Yes.
 71%

No.
 29%


Survey results tallied every
    60 seconds. Live Votes
    reflect respondents' views
   and are not scientifically
   valid surveys.

       The copy of the letter from Visa was obtained by MSNBC from an
employee at the Navy Federal Credit Union, in Merrifield, Va., the world�s
largest credit union with 19 million members. The letter was provided, the
source said, to highlight the fact that some financial institutions are
failing to act to protect consumers when there is evidence that their credit
card information has been stolen.
       Officials at the credit union took no action to warn customers whose
account numbers were among those stolen by the hacker, said the source, who
spoke on condition of anonymity. Instead, they ordered a �spot check� of 50
to 100 accounts and then decided that no further action was necessary, the
source said.
       The source said the same procedure was followed two weeks later, when
Visa alerted the institution of the theft of data on 300,000 credit cards
from the CD Universe Web site � the biggest theft of credit card data over
the Internet that previously had been made public.
       �It was decided that ... it would be too much of an inconvenience and
too costly to shut down the accounts and issue new numbers,� said the source.
�It was deemed not the credit union�s responsibility.�
       The credit union source said that fraudulent charges have subsequently
appeared on some of the accounts that were compromised, though it is
impossible to definitively link the fraud to the theft.

CREDIT UNION RESPONDS Advertisement



       In a statement issued Friday in response to MSNBC.com�s story, Navy
Federal Credit Union officials did not challenge the assertion that they did
not warn customers of the theft. But they denied that cost or inconvenience
were factors in the decision.
       �When we received notification of this problem from VISA USA, we
reviewed our systems and were confident that all appropriate controls were in
place to protect our members� financial welfare,� said Tom Steele, a credit
union vice president in charge of the credit card division. �Additional
checks of the 1,500 Navy Federal credit card accounts identified by VISA USA
confirmed that the steps we had taken safeguarded every cardholder � we have
also not seen any increase in fraud losses.�
       The statement also indicated that no Navy Federal cardholders have
been victims of identity theft as a result of the heist.
       Calls to American Express and a half dozen major banks seeking
information on their response when notified of the theft were not returned.
       Scott Lynch, a spokesman for Visa USA, said he could not comment on
the case. Nor would he explain why Visa didn�t notify its members of the
theft until December.
       Alicia Zatkowski, a spokeswoman for Discover Financial Services, said
the firm�s fraud investigators were not aware of such a case.
       Vincent DeLuca, vice president of fraud control at MasterCard
International, said, �We are aware of some cases but we�re not at liberty to
talk about any ongoing investigations.�
       .
 Online credit card safety
Following these guidelines will help protect
you from fraud when you shop onlineTip 1
Use only one credit card online to make it easier to identify fraudulent
charges.
Tip 2
Use only a credit or charge card � never a bank debit card � for online
purchases. Under the Fair Credit Billing Act, consumers are liable for a
maximum of $50 if a credit card is used fraudulently and have the right to
dispute charges under certain circumstances and temporarily withhold payment
while the creditor is investigating them. Debit cards don't offer such
protection � using one online puts your entire checking or savings account at
risk.
Tip 3
Be sure to print a copy of your purchase order and confirmation number for
your records.
Tip 4
Check your bills carefully each month and cancel the card immediately if you
find any bogus charges.

 Tip 5
Assume that any credit card you use online can be stolen. It might not, but
that way you�ll have account numbers handy to simplify and hasten the process
of canceling the card.
Tip 6
Use caution when using smaller online retail sites, which tend to use
off-the-shelf e-commerce software and have fewer resources to devote to
security.
Tip 7
Send e-mail to a retail site asking whether users' credit card information is
stored by the company. You can ask the company to remove your data from its
database. Or, if you like the convenience offered by Web sites that keep your
card numbers on file, ask if the site encrypts your personal information
before it's stored. If the answer is "no," you should shop elsewhere.
Tip 8
Don�t provide credit card information in response to a solicitation.
Tip 9
Regularly check your credit history through a credit-reporting company.

       Several financial institutions ordered the wholesale closure and
replacement of cards that were compromised in the CD Universe case, which
also remains under investigation. Such across-the-board replacement programs
were well publicized in an effort to assure online consumers.

 Internet Underground: MSNBC's special report on the darker side of the
Internet

       Banks and credit card companies often point out that consumers are
responsible only for the first $50 of fraudulent online purchases � and that
is nearly always waived.  NBC�s Robert Hager reports on the growing problem
of identity theft

       But stolen credit card information can be used to commit fraud against
unsuspecting Internet merchants, who in most cases bear the cost of the
crime, or for identity theft � a practice in which criminals use personal
data to obtain new credit, borrow money or make big-ticket purchases.

       The Treasury Department on Wednesday held a two-day national summit on
identity theft to focus attention on what Treasury Secretary Lawrence Summers
described as �a growing and major criminal threat.�

       At the session, victims said that while they did not ultimately have
to pay for the losses run up in their names, identity theft is by no means a
victimless crime.

       �It has been sheer hell, and I do mean hell,� said Darlene Zele, a
Rhode Island hospital worker who one of the victims who testified about years
of struggling to repair the havoc wrought on their credit records. �At this
point, after five years, it�s still not over.�

       Got a tip about the use or abuse of credit cards online? Write to
[EMAIL PROTECTED]






    MSNBC  � 2000

-----
Aloha, He'Ping,
Om, Shalom, Salaam.
Em Hotep, Peace Be,
All My Relations.
Omnia Bona Bonis,
Adieu, Adios, Aloha.
Amen.
Roads End

<A HREF="http://www.ctrl.org/">www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are not allowed. Substance�not soap-boxing!  These are sordid matters
and 'conspiracy theory'�with its many half-truths, misdirections and outright
frauds�is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credence to Holocaust denial and
nazi's need not apply.

Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html

http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]

To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]

Om