[ale] OT: Security code on Credit/Debit cards

Ryan Neily ryan at neily.net
Fri Feb 19 19:43:38 EST 2010 

Not sure where you live, but there has been a string of this type of theft here in Cobb county.   See the most recent Cobb county PENS bulletin:

http://p4.police.cobbcountyga.gov/homepage.htm

On Feb 19, 2010, at 7:33 PM, Michael H. Warfield wrote:

> On Fri, 2010-02-19 at 18:50 -0500, Scott Castaline wrote: 
>> Got a question for you security and forensic types. My debit card was 
>> once again cloned. As a routine I usually check my bank(s) online at 
>> night and again in the morning. Last night all was good, this morning I 
>> found that I had bought several Crackberrys and a lot of sportswear as 
>> well as a surfboard. After spending about 6 hours trying to make sense 
>> of it all, all but one company had held the orders as possible fraud. 
>> These orders were done online and a few were well known named big box or 
>> large shopping centre companies. The big named companies confirmed that 
>> all credit info matched including the security code on the back of the 
>> card. They also traced the orders back to an IP coming through NYC via 
>> Roadrunner's Broadband Service. Ok my questions:
> 
>> 1. The number on the back of the card usually a 3 digit number, is that 
>> on the magnetic strip?
> 
> No.  That would defeat the purpose.  It's for physical verification of
> the presence and control of the card.  That's not necessary for swipe
> terminals and wouldn't be verified.
> 
>> 2. Even with IP and MAC masquerading, is it possible to actually trace 
>> it down to the perp?
> 
> Probably not.  Not impossible but highly unlikely.  Even with hard
> static addresses, it's almost trivial to use a compromised IP address on
> a box somewhere half way around the world.  Only reason for even using
> one inside the US is to make it look MORE legit.  Orders from Russia or
> China for delivery to Detroit would look rather suspicious. 
> 
>> 3. Is there also a way to find where the card info was scanned?
> 
> If you have never used that card on-line and never entered the CVV
> on-line, it could be quite challenging but would have to be somewhere
> you've actually used the card.  Most of the time it is accomplished in
> the reverse.  You track them down through the merchandise they
> purchased.  Often, though, they purchased the card numbers on a site
> sell numbers for a few bucks.  Cards with CVV's are worth more on the
> market than ones without but they're still damn cheap.
> 
>> Since this is my second time as a victim in less than a year, I would 
>> really like to pursue it as far as I can go. Local PD just writes it 
>> off, but if I could give them something solid, maybe they might act. I 
>> have my suspicions, but posting them would probably make me look racist, 
>> which I wasn't, but.... Also in all cases the same name was used address 
>> and phone # for delivery. When I google the name (Joanne Salter) I found 
>> one person who lives in Great Britain and is a movie production hair 
>> stylist, and another on in West Fargo, ND. The address used is in Ulem, 
>> MN and the phone number traced as an unlisted number somewhere in IN.
> 
> Since the merchandise was destined for MN, that would be my prime
> candidate although it could possibly be a mule / drop point.  Since it's
> all coming from one, it sounds like common petty crime and not on-line.
> 
> Given the description, it does sound like physical card skimming and it
> would be someone who did more than just scan your card and hand it back
> to you.  I would first suspect anywhere you allowed the card out of your
> control (think restaurants and paying your check) would be the prime
> candidate.  Check-out lines and registers in stores are much less
> likely, although they did catch one person in NY one year double swiping
> cards.  They would have to read the CVV number while verifying your
> signature.  Fake card readers and fake facades at places like gas
> stations are not unheard of but are highly unlikely if they had your
> CVV.  You could put a little spot of black paint or tape over the CVV
> after noting it to yourself and then never let that card out of your
> sight.
> 
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
> PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list