Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PAYPAL security, hundred or thausend of buyers under cc fraud
From: "Mary Landesman" <mlande () bellsouth net>
Date: Tue, 11 Oct 2005 11:32:47 -0400

There are also reports in that same thread of several others involved in
conjunction or separate from Digital Age. I don't know much about credit
card fraud or merchant accounts in general, but it seems to me that if it
were Digital Age themselves, they'd be shutdown quickly (I believe there is
always a traceable merchant number involved in all credit card transactions.
And I don't think banks absorb the charges in cases of fraud. I believe they
charge it back to the merchants that accepted the card. If so, Digital Age
is going to be eating each and every one of the denied charges. This is
obviously going to cost them a huge amount of money.

Here's my understanding of how it works. It would be great if someone
knowledgeable about merchant accounts could clarify any misconceptions.

1. Merchant (in this case, Digital Age) has a credit card merchant account
with each c.c. company
2. Transactions involving that merchant account number are automatically
credited to the account by the c.c. companies
3. When a fraudulent charge is discovered, the credit card company debits
that same account

Of course, Digital Age could be an entirely fraudulent operation. (And I
think this is the most likely scenario). They may have pulled all their
money out after the credits were received. Now when the banks try to debit
for the fraudulent charges, the account will be empty or even closed. That
would make more sense than Digital Age being a 'victim' in all of this. Some
of the other charges involved, that most often (but not always) occurred in
conjunction with the Digital Age fraud include:

Hostitnow,Inc. 718-732-2061 NY

Each of the above was reported to be either $7.95 or $9.95

The Digital Age fraud appears on the credit card statement like this:

DIGITAL AGE 888-529-98 CYPRUS $24.99

And I really, really hope that Digital Age is the perpetrator and not the
victim. I would hate to see an innocent company get caught in the crossfire
of what appears to be a fairly massive fraud. The financial and image
repercussions for the company would be severe.

-- Mary

----- Original Message ----- 
From: <ad () class101 org>
To: "'Mary Landesman'" <mlande () bellsouth net>;
<full-disclosure () lists grok org uk>
Sent: Tuesday, October 11, 2005 10:45 AM
Subject: RE: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud

Could be something as big as cardsystems then right, had not read about
this, but I think my bank had to aware me of a potential risk on my account
, dunno, but anyway regarding all complaints, its something big as
cardsystem like you suggest , nor as big as amazon or paypal, all complaints
are from this month, DIGITAL AGE will be found, I hope , bastards :>

-----Message d'origine-----
De : Mary Landesman [mailto:mlande () bellsouth net]
Envoyé : mardi 11 octobre 2005 16:00
À : ad () class101 org; full-disclosure () lists grok org uk
Objet : Re: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud

I've spent less than 5 minutes looking through that thread and already have
found a number of posts stating their card was not affiliated with PayPal.
So I have to wonder how you jumped so quickly to that conclusion.

Remember CardSystems - 200,000 credit card accounts were compromised and 40
million accounts exposed just months ago. I think I would put my bet on
something more obvious, like that.

Research is about more than collecting links that backup your viewpoint.

-- Mary

----- Original Message ----- 
From: <ad () class101 org>
To: <full-disclosure () lists grok org uk>
Sent: Tuesday, October 11, 2005 9:23 AM
Subject: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud

I will explain my small story to show you that using paypal to buy on the
web is risked.
I have buy only 2 things this month, 1 game at steampowered.com and 1GB DDR2
at a respectable ebay store. That was the first time I were using paypal to
pay things on the net and so on it will be the last time..

Today I notice at my bank account a fraudulent debit of 24.99$ coming from a
"DIGITAL AGE 888", and looking on the web, happy to see that there is
hundred maybe thausends of ppl in my case , fraudulent charge of 24.99$ from
a "digital age".

look there:




after reading all this and comparing with my case, sure it comes from paypal
and the stored cc card.

So if you are under the fraud also like me, fill a complaint to your bank
and there http://www.ifccfbi.gov/index.asp

This was a first and last use of paypal for me, unbelievable ...

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]