Wouldn't the AVS system used by the credit card companies catch this kind of hack? The AVS system does a rudimentary check to make sure that the billing address given on a order is correct one for the credit card.
Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason Coombs Sent: Tuesday, February 18, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts So, anyone know whether this was a simple "real-time credit card processing oracle" attack where a tool throws fake orders at sites that provide real-time credit card authorizations until a valid card number and expiration date are found? Any third-grader with a copy of Microsoft .NET or Java 2 class libraries could whip up the code needed to bang away at the typical e-commerce site logging rejected orders due to invalid credit card payment and revealing card numbers and expiration dates that can be used for fraud in a variety of ways. There must be such credit card "hacking" tools circulating for the benefit of script kiddies -- anyone looked into this before? If so, will you share some references? Jason Coombs [EMAIL PROTECTED] -- Hackers View Visa/MasterCard Accounts Mon February 17, 2003 11:17 PM ET NEW YORK (Reuters) - More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card associations. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
