Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Major credit card fraud indictment

Posted by Michael Bloch in ecommerce (Tuesday August 18, 2009 )

The acting U.S. Attorney, Assistant Attorney General of the Criminal Division and the United States Secret Service Director yesterday announced an indictment against three individuals charged with various credit card fraud offenses, including the single largest reported data breach in U.S. history.

The Indictment covers the theft of over 130 million credit and debit card numbers together with account information, stolen from Heartland Payment Systems, 7-Eleven, Inc. and Hannaford Brothers Co.

After stealing the credit and debit card data, the accused are alleged to have then sold the data to others who would use it to make fraudulent purchases, make unauthorized withdrawals from banks and further identity theft schemes.

If convicted, each defendant faces a total of 35 years imprisonment and over a million dollars in fines.

The hacking, carried out after sometimes physical reconnaissance of store systems, consisted of SQL-injection attacks. It’s also alleged the defendants installed “sniffers” that performed real-time interception of credit and debit card data being processed by the compromised companies and subsequently stolen from the corporate victims’ computer servers.

One of the defendants is from Miami Florida and was previously indicted in New York and Massachusetts last year for his involvement in different conspiracies relating to data breaches of multiple companies. He was also previously arrested in New Jersey in 2003 for his role in ATM and debit card fraud. The other 2 defendants, known only as Hacker 1 and Hacker 2 are from “in or near Russia”, so the Feds will have a great deal of trouble in hauling their butts into a US courtroom.

The full press release from the Department of Justice can be viewed here (PDF).

While small ecommerce merchants are often viewed on suspiciously regarding online payment security; it’s often the bigger companies who the hackers are after. Regardless, small online business owners need to be vigilant – ensuring we have solid anti-fraud strategies in place and attaining PCI compliance.

Letting your guard down may not only end up in oodles of chargebacks – it could quite easily wipe out your business.

These types of breaches really rattle potential customers – however, there’s a lot of ways you can reassure your visitors, including using third party security certificates.


Comments for Major credit card fraud indictment

No comments yet.

Sorry, the comment form is closed at this time.