[Dataloss] Debit Card Fraud Tied to OfficeMax Breach (fwd)

hypronix hypronix at gmail.com
Thu Mar 9 11:55:09 EST 2006


Catching is hard in most cases. The PINs are usually traded overseas
[from EU to N.Am. or otherwise] and 'cashing out' is done by one or
more independent people which all pay a certain comission back to the
PIN/CC# provider. Depending on one's will to risk themselves getting
caught, withdrawals of up to US$15000 a day are not all that common.
Short of utter stupidity or pushing one's luck too far, there is no
immediate way in which 'cash-outs' can be stopped. Short of, of
course, invalidating all CC#'s at the first sign of compromise.

But that doesn't seem to be as 'normal' as one would expect it...

On 3/9/06, Sharon Besser <sbesser at gmail.com> wrote:
> We have seen similar case in Israel ~ 2 years ago. Someone managed to
> get access to VISA cards information (including PIN numbers) by
> stealing an on-line processing machine,  which apparently, had offline
> backup (....)   Then he decrypted the data and build his own 'white
> card'. AFAIK they never caught the person that was leading the gang.
>
> Sharon
>
> from
>
> http://www.eweek.com/article2/0,1895,1935677,00.asp
>
>
> The fraudulent transactions involve cloned Visa debit cards and may be
> linked to the theft of blocks of PINs from OfficeMax or an
> intermediary processor, sources familiar with the case said.
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/errata/dataloss/
>
>


More information about the Dataloss mailing list