Prof. Jayanth R. Varma's Financial Markets Blog

Photograph About
Prof. Jayanth R. Varma's Financial Markets Blog, A Blog on Financial Markets and Their Regulation

© Prof. Jayanth R. Varma

Subscribe to a feed
RSS Feed
Atom Feed
RSS Feed (Comments)

Follow on:

Sun Mon Tue Wed Thu Fri Sat

Powered by Blosxom

Fri, 28 Aug 2009

Credit card frauds

One of the world’s foremost experts on computer security, Bruce Schneier, writes on his blog about the recent theft of 130 million credit card numbers:

Yes, it’s a lot, but that’s the sort of quantities credit card numbers come in. They come by the millions, in large database files. Even if you only want ten, you have to steal millions. I’m sure every one of us has a credit card in our wallet whose number has been stolen. It’ll probably never be used for fraudulent purposes, but it’s in some stolen database somewhere.

Years ago, when giving advice on how to avoid identity theft, I would tell people to shred their trash. Today, that advice is completely obsolete. No one steals credit card numbers one by one out of the trash when they can be stolen by the millions from merchant databases.

I had read in the past about online thieves selling credit card data for a few cents per thousand cards, but I did not realize that things were so bad.

What is also interesting is that you do not need to use credit cards in online transactions, or in some fraud prone South East Asian country for your card number to land up in a stolen database. The number gets stolen from large retail chains in the best of countries.

Of course, Schneier is talking only about credit card numbers, so with the increasing use of two factor authentication, it may take something more to actually use the card, but that something more is often surprising little.

Posted at 11:54 on Fri, 28 Aug 2009     View/Post Comments (1)     permanent link