Security Incidents: Re: Stolen Card Purchases

["Jonathan Bloomquist" <jsbloom () adelphia net>]

----- Original Message -----
From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
To: <incidents () securityfocus com>
Sent: Tuesday, July 09, 2002 8:24 PM
Subject: Stolen Card Purchases


> We've seen a significant increase in the number of stolen credit card
> purchase [attempts] made on our website recently, and I'm wondering if
> anyone has had very good experience in convincing any legal arm to take
> action.  We have sent three related incidents to the Secret Service, who
> will not touch it unless there's at least $50,000 involved.
> Unfortunately, most local law enforcement agencies are impotent at such
> issues.  We traced the first attempt back through an open proxy where
> the administrator even sent us enough information to track him back to a
> residential DSL line, but nobody's willing to put in even a little work
> to go and subpoena the data and make an arrest.
>
> We're getting pretty sick of having to feel "paranoid" when customers
> purchase our products, so I'm hoping some of you may have had more luck
> than I have thus far in dealing with such issues.  Any creative comments
> would be appreciated.
I would assume the ones with the most to lose would be the banks which issue
the cards.  They can also afford to fund legal means to get their money
back.  I would begin by contacting the fraud department for the bank which
had the highest number of attempts.  I would hope they already have
procedures in place for prosecuting this sort of thing.

Jonathan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com