Saturday, January 10, 2009

Credit Card Dangers May Lurk on Smaller Websites

Most online shoppers are cognizant of the fact that their credit card information is usually safeguarded and feel justifiably confident when performing e-commerce transactions. Despite news stories that have focused on major security breaches that endanger hundreds of credit card numbers, online shopping continues to prosper. But what many financial fraud experts warn is that hackers are increasingly targeting small, commercial Websites in search of unprotected credit card numbers.

In certain instances, fraudsters are able to gain real-time access to these small websites transaction information, enabling them to steal valid credit card information and hastily ring up large numbers of fraudulent charges.

Identity thieves may have fewer potential victims at smaller websites, but they are often able to operate with greater ease due to defects in the software the sites use for online order processing, or due to a dependence on outsourced Web site security. Fraud prevention professionals note that many smaller websites rely on generic shopping card software that they neglect to update with the latest software security patches.

For victims of identity theft, a stolen credit card number is often just the first step a thief will take. Generally, the criminals who steal credit card information do not use it themselves, but instead sell it along with many other card numbers to other scammers via underground chat rooms. The theft of credit card data, combined with other personal information, can allow identity thieves to gain additional information about their victims, according to experts.

Identity theft victims may find charges made at websites that sell online background checks. These consumer background checks can help fraudsters create a more complete file on a victim to aid further in identity theft or to establish a more appealing record for re-sale in the identity theft underworld. Thieves who start with a credit card number may also get hold of a victim's phone number, address, e-mail address, and other data that can be used to gain further information on the target or open up new lines of credit in the victim's name.

What cardholder would expect an unexplained charitable donation on a credit card bill to be the handiwork of criminals? But savvy consumers may find the tell-tale signs of Internet thieves in such small, unexplained charges. A $1 donation made to a charity’s website can allow an identity thief to determine whether a credit card is still valid.

The danger to credit card data at Web merchants has become serious enough that Visa and MasterCard recently threatened to fine online businesses that fail to work towards meeting stricter security guidelines.

Visa released a report in September 2006 showing that four of the top five causes of credit card related breaches were digital security limitations at merchants of all sizes. These weaknesses included misconfigured Web servers, missing or outdated software security patches, and the use of vendor-provided default passwords and settings – all of which represent violations of new credit card industry standards.

Online merchants need to be more aware of the threat from hackers, while consumers need to be aware of what sites are taking the necessary precautions to guard their credit card information. Some of the victims that have fallen prey to hackers have been those that found the cheapest vendor possible through a bargain shopping website. Cardholders should make sure that any site they decide to shop on takes all the necessary steps to ensure the security of credit card transactions.

After all, what is the value of saving a few dollars if it comes at the cost of your credit card information?

No comments: