Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Purdy (2383)

Purdy
  jasonNO@SPAMpurdy.info
http://purdy.info/
AOL IM: EmeraldWarp (Add Buddy, Send Message)
Yahoo! ID: jpurdy2 (Add User, Send Message)

Bleh - not feeling creative right now. You can check me out on PerlMonks [perlmonks.org].

Journal of Purdy (2383)

Wednesday June 11, 2003
10:44 AM

Recent (Fraud) Activity

[ #12749 ]

My wife woke up this morning to a call from our MasterCard (Chase Bank - lovely people), calling to confirm recent activity. I thought that was odd, but I have made several large purchases recently - plane tickets to Boca, two Axims and a server from a local computer store.

Anyway, the item that stuck out to them was a $367 charge to "Home Shopping Network." Come to find out, HSN had called our bank to confirm the account, shipping to a Scott Stevens in Alabama (huh?). Needless to say, we are not Scott Stevens nor did we buy anything on HSN for Scott Stevens (much less buy anything on HSN, period ;)). So Chase is re-issuing account #'s and FedEx'ing us new cards tomorrow before we take off for YAPC.

Couple of things to take away from this:

  • Do not use a check/debit card for online purchases. You do not want a hacked card to affect your checking account. It's also nice to use a regular credit card that is well-protected in terms of liability and fraud. I use that Chase card everywhere on the internet for online purchases - I wonder who got hacked recently [and didn't tell me].
  • I wonder what algorithms Chase (or whomever) use for fraud detection? Not that they were used in this case, as HSN prompted the query, but thought-provoking, nonetheless.
  • "Scott Stevens", whereever you are, I wouldn't be expecting a package from HSN anytime soon. Or rather, if you get a package, it's most likely an attempt to tie you physically to the virtual fraud. Perhaps I shouldn't be saying anything, but I highly doubt this blog is monitored.

Cheers,

Jason

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • There are plenty of easier ways to get credit card details than hacking servers (although that is pretty easy with the number insecure ecommerce sites).

    You credit card details will appear all over the shop - resturants, shops, train stations, etc.

    --

    @JAPH = qw(Hacker Perl Another Just);
    print reverse @JAPH;
  • ... remember Hanlon's Razor - Never attribute to malice that which can be adequately explained by stupidity. (Although, I like to substitute incompetence for stupidity). Employing phone slaves for $6.50 an hour can lead to lots of typos.

    -derby

    --
    -derby
    • True - but to get both the number AND expiration date ... and perhaps the operator prompted for the CVC # on the back, too?

      Don't worry, though - my trust in humanity is far from shaken. Got my new card today and it looks pretty cool - different and sleeker design.