Tuesday, March 06, 2007

Ruby Tuesday serves a blow to credit card skimmers

Ruby Tuesday is doing something about credit card fraud. They announced yesterday that they will be introducing an ultra-secure (encrypted) credit card system to protect their customers from fraud.

The AP is reporting:

The system, which is expected to be in all the restaurant chain's 900 locations by April, leaves no credit card information at the restaurant and is instead sent to the bank in encrypted form. The system is said to help prevent identity theft.
Criminals (some say of the organized type) have been targeting a lot of unprotected information, recently. Some of this information is bartered in underground chat rooms set up for this purpose.

Of note, Visa International commented that the new system is fully compliant with PCI data protection standards.

AP story, here.

If you would like to see the sheer volume of recent data breaches, Attrition.org has a chronology, here.

If you would like to see how easy it is for your payment card information to get skimmed at a restaurant - you can view an interesting video, here.

Sunday, March 04, 2007

It pays to be observant when paying with your credit card

Dishonest employees at your local restaurant, or store might be making a little spending money selling your card information. Leaving your card unattended (even for a couple of seconds) can make you a victim.

An interesting video on YouTube (posted by kamranakhtar) shows why.

You Tube video, here.

This video was first shown on the TechEBlog, as far as I can tell.

Organized retail criminals sell their ill-gotten proceeds in many places

Organized retail crime is becoming a "buzz word" within the retail security industry. Because of this fact, many large retailers employ dedicated specialists to deal with the issue.

Some estimates (RILA) reflect that this could be a $34 billion a year problem.

I've seen a lot of recent stories about merchandise being fenced on auction sites. Although, this is a big problem, stolen goods are fenced in other places, also.

WKYC news (Ohio) is reporting that 19 homes and business were recently raided, illustrating how organized some of this activity can be.

Very interesting video, here.

The Washington Post, did an interesting article about organized retail crime in 2005, here.

It noted that federal law enforcement is getting involved in the prosecution of these cases, because of their impact, and (probably) the fact that they cross state lines, frequently.

RILA (The Retail Industry Leaders Association) proposed changes to Congress to deal with the problem, here.

Of note, they quote the FBI as saying that organized retail crime is funding terrorist organizations.

Another problem (the FBI calls out) is when outdated medicine and items, such as baby formula are repackaged and sold as new.

This could pose significant health risks to those, who purchase these stolen items.

Besides the fact that we all pay for this with our hard earned money (higher prices), our safety is being compromised by these criminals, also.

Should recent prosecutions for fraud in Katrina remind us of something?

Bruce Alpert, of the Times Picayune did an excellent article about a lot of recent prosecutions for fraud in the aftermath of the hurricane disasters.

One woman, LaWanda Williams collected $267,377.15 in an identity theft scheme using several other people's information.

I wonder if any of the people (who had their information stolen) were denied benefits, as a result of LaWanda's activities?

And LaWanda is just one example of people's greed. FEMA and Army Corps of Engineers officials, Red Cross employees and many others took advantage of the situation.

In fact, fraud was being committed as far away as California, where 71 cases have been documented.

Bruce Alpert's article, here.

Bruce's article points out that this isn't the first time fraud occurred after a disaster. Similar fraudulent claims occurred after 9-11 and the Tsunami disaster.

The money lost to fraud is a symptom of the larger problem, which was a disaster preparedness system that failed. The resulting confusion enabled a lot of fraud to occur, and probably made it too easy to commit.

I doubt any of the people now being prosecuted thought they were going to be caught.

As the old saying goes - "an ounce of prevention is worth a pound of cure." Our focus needs to be towards preventing this from happening again.

If you would like to learn more about the hurricane disaster - and how how people are still being "cured" two years after the fact - Beyond Katrina has a lot of information on the subject.

Friday, March 02, 2007

Bank's Telephone ID Spoofed in Vishing Scam

People in Jefferson City, Missouri are receiving fraudulent telephone calls soliciting their personal and banking information. Even worse, their caller ID reflects that the call is coming from a bank.

A new term (vishing) is being used to describe this kind of fraudulent activity. Scams over the telephone are nothing new, but many experts believe that VoIP technology is making the problem worse.

Michelle Brooks, of the News Tribune is reporting:

More than 1,000 people in the Jefferson City area received a prerecorded phone message Wednesday that sought customer information and claimed to be from “Central Trust Bank”- a name Central Bank does not go by - and, in fact, showed Central Bank's customer service line on caller ID systems.

News Tribune story, here.

Besides stealing from people, a Washington Post story shows how this technology can be used by stalkers and criminals, who are potentially violent (stalkers).

This technology is a favorite of collection and telemarketing types to get people to answer their telephones. Some of the people marketing this technology, claim their intent is to protect privacy.

Of course, some of us believe, that this technology is violating a lot of people's privacy.

One of the most scary examples of this is spoofcard.com. They sell a calling card that not only spoofs the number being called from, but gives their customers the ability to change their voice. The calls are also recorded (accessible by calling a 800 number).

Besides this company, there are many others, that are hawking Caller-ID spoofing. Collection agencies and telemarketing types use the technology to trick people into answering their telephones.

The FTC (Federal Trade Commission) seems to be taking a look at this problem, a list of their press releases on this matter can be viewed, here.

The FCC (Federal Communications Commission) also has a lot of information about the problem on their site, here.

If you are mad about someone doing this to you, the FCC has a complaint form, here.

Isn't it a shame that we constantly see so-called legitimate businesses profiting from technology that victimizes the general population?

Congress needs to work with the FCC and the FTC to pass a law against this abuse!

Thursday, March 01, 2007

Internet Spammers fail to keep CastleCops down

CastleCops, the all volunteer site dedicated to fighting phishing, fraud and dastardly deeds on the Internet is back in action. The site had been under a massive DDos attack for the past couple of weeks.

Paul Laudanski (CastleCops founder) announced the sites return to action via an e-mail to the community tonight.

Brian Krebbs (Washington Post) did an interesting post about the attack on his blog, where he quoted Robin Laudanski (Paul's better half and co-founder) as saying:

"I take [the attacks] as a compliment because if we weren't putting a dent in the bad guys' pocketbooks, we wouldn't be getting attacked," Laudanski said. "It means we're being a pain, and that we're doing something right."

It appears the criminals behind this attack can't keep the good folks at CastleCops down!

Robin also said that this has brought about a lot of support from the security community to rally and support the site.

CastleCops is a great place to learn about and report Internet scams.

They also run the PIRT Phishing Incident Reporting and Termination Squad, where anyone can report phishy e-mails. Last I heard, they are looking for handlers, also.

If you are looking for a good place to help take back the Internet from criminals, CastleCops is a great place to give your support to.

You can see all the information about the attack, here.