I found this interesting, but as a merchant myself, I see a puzzling problem. This issue hasn't been really explained much. The issue is why or for what reason does a person use a fraudulent card to place an order with a small company like mine just so the product will be shipped and later return due to a non-existent address. We see our merchandise come back many times and just don't get what the fraud customer is doing? Can you help me understand?

They're checking to see if the card worked. They can track the shipping data online usually, and see whether it actually left. Most people don't mail-order using stolen cards. They transfer funds directly.

Interesting Show! My credit card got hit for about $3000.00 just recently. They apparently got enough info about me to get a new card issued and sent to Atlanta, GA. Some of my luggage was missing for about a week and I went through Atlanta Airport. I wish they would get caught.

ID theft is a bad problem getting worse all the time. I think the government needs to hand out stiffer sentences and have law enforcement actually pursue the perpatrators. Once caught, they should be tried and if found guilty, they thieves should be sentenced to indentured servitude until they pay-off what was stolen at their countries minimum wage or 1/2 US minimum wage...whichever is less, with no benefits or possibility of gaining US rights. That way the US can get cheap labor to harvest the produce and do the menial task relegated to the illegal aliens now and then kick them to the four winds once they pay their debt to the country. This way we take care of the void in the labor force created by stopping and deporting illegal aliens (criminals) and make ID theft a less appetizing crime. It would also help increase the US compete with low income nations in the manufacturing industry.
Radical...yes...but its time to quit coddling criminals at the expense of our national well being and start protecting our citizens and their assets.

I get madder every day. Our politicians are so ineffectual (i have learned thru the years that we really dont need them). They will never do anything to offend anyone - even the criminals. Our nation is going down the toilet and they do nothing. ID theft is a MAJOR concern, yet it is being ignored. Yes there is some efort but i am sure it is nothing at all like the A.N.S. coverage in the news. oh BTW patent protection is another area that the govt is ignoring. lets face it, its getting like they used to say about our industry: "we do each other's laundry".
Manufacturing is fleeing not because of cheap labor, but because the govt is selling them out. They give it a great name like outsourcing, but it is really a sell out. This country is getting worse than a banana republic.

A very awesome article in deed and more attention to this is definitely needed. My negative comment is simple, why arent these thieves being nailed, sounds like nothing can be done or is being done to help the consumers at all. Knowing how they are doing this and all the tools they use is great info but in the mean time Joe Q Public consumer has to shudder any time they use the Internet just to handle routine online banking programs. This is the 21st century and nobody has yet to figure out how to develop a method where only the real owner of a credit card can use it? How about a simple and logical solution, and any ALCU people reading this, too bad. The fingerprint method or the iris eye recognition method or how about actually having to hand-write authorization to use a card for a start? I know I am pleased to know anyone can do this or get scammed but this so called great country does not and has not ever taken care or protected the VICTIMS..

Quite frankly chasing the hackers around is overstated in my opinion when the real root of the problem is the lack of security controls applied by corporations to secure sensitive data. As an information security auditor, years ago I used to be shocked to see how readily accessible personal data was within a corporation (of any size and vertical). Now that we have various legislative and regulatory requirements companies must adhere to, the situation isn't much better.

Highly interesting, but have any of those felloes been brought to trial yet?

As an online merchant we see all kinds of things related to credit card fraud from card checking (making a small purchase to check the card) to my favorite [Bob, you might want to edit this method out.... where they set up an online auction sale and receive payment from the buyer, then place an order with us using a stolen credit card and have the same item shipped to the auction winner. This way they receive valid payment and the buyer receives the merchandise and we get stuck with a fraud charge.]

One thing people really need to understand is that the credit card companies LOVE credit card fraud.

The reason is that when the true card holder gets the bill they dispute the charge. When that happens the credit card company immediately takes the money out of the merchant's bank account along with a $25 to $45 fee. So the credit card company makes a few percent on the initial charge, then they get the full amount of the charge back along with an additional $35 or so of pure profit.

The merchant is out the merchandise, the shipping costs, and gets to pay this fee for being the victim of a crime.

Every time you hear about the loss of millions of sets of credit card information. And you wonder why the card issuer does not immediately replace the cards, which costs them less than $10 per card to do. The reason is that each and every one of those sets of data are going to make them multiple chargeback fees and they would rather make $100+ in fees than spend $10 to prevent them.

There are many, many, many things that could be done to make online credit transactions safer but there is no monetary incentive for the credit card companies to do so because they make so much money off the fraud with little or no risk to themselves.

We finally started using PreCharge to screen and insure our orders and cover our loss when there is a chargeback. Plus we get the added satisfaction of knowing that a chargeback will blacklist the transaction info. name, address, IP address, email, etc. to help prevent future fraudulent transactions on that info. BUT the merchant should really not be bearing the responsibility and cost of credit card fraud (for purchases).

And that extra cost for fraud screening and protection is passed on to guess who?

My ID was used by numerous people here in America. Apparently they were here illegally and used my name and SSN to get benefits. It is really hard to get this straightened out.

Well,today I was notified by my medical provider that my personal information was included on laptops recently lost,compromised,and or just plain mishandled
by contractors &/or employees. When I called to find out remedies,the attitude was cavalier, condesending and "wonder how we can get rid of this old lady" air
Now, risk assessment, responsibility and plain old do your job don't seem to enter into the scope of 'my job'. I am mad as hell, want some satisfaction.

As a naturalized citizen, I am outraged that we have illegal aliens in this country who steal identities and we've setup laws that make it harder to uncover identity theft. For example, if Joe owns an SSN and Bob steals Joe's SSN and uses it to gain employment under Bob's name, the credit agencies will simply open a new file for the Joe's SSN with Bob's name on it. And when Joe gets his credit report, the credit agency may not even tell him that Bob is using Joe's SSN. Then there is the insanity of the IRS and the Social Security Administration. At year-end, when employers file W-2s with the IRS and report Social Security earnings to the SSA, both agencies know right away that the SSN and the name don't match. But all they can do under the law is a query back to the company. And I believe that the IRS and the SSA cannot share information to help combat identify theft. Go figure - only in America!!

I am always impressed when I see how crime increases sales, bankers profit on all their many transactions, and of course, the governments get a great kick back on all profits by all involved.

I run a honeypot...and in my opinion the number 1 criminal hacker in the world is the US Government.

The number 2 criminal hacker is the Texas State Government

The Number 3 criminal hacker in the world is a religious cult based in central Kansas.

Their target?

People who post anti war or anti Bush messages on news discussions.

Silencing the political speach of Americans is an act of Capital Treason.

When will the law start dealing with these folks as they are far more dangerous that kiddy scripters steal card numbers.

It’s all about the cash. When the fraud gets bad enough that merchants stop taking credit cards (and lose a bunch of business in the process) and the revenues and earnings of the credit card companies take a hit they realize there’s a problem and deal with it.

Many small businesses won’t accept credit cards because of this kind of stuff and it’s an inconvenience for all involved. When the credit card companies can’t grow, or experience negative growth as a result of this kind of thing they’ll work to solve the problem.

But until it affects the top line or the bottom line and their stock price is affected they’ll not worry about fraud. Since congress is after them about their fees and other ethically questionable practices they have to rely on fraudulent transactions to make their numbers.

Like I said it’s all about the Benjamins.

I've been involved in this sort of activity, but only as a curious spectator. When they steal credit card numbers and buy items on them, you can bet a lot of those items are being delivered. It's very easy for them to change the cards shipping address once they have it. They then use a vacant address or false address, and literally wait for the package to show up at the door, then walk up and take it.

There's also a lot of money to be made selling your information to illegal aliens. This has become extremely common. Check your credit. And hope you don't have an arrest warrant your name somewhere you've never been... ;)

Hi, Bob. This has nothing to do with today's topic. Last April, however, you said few consumers take advantage of free credit reports, even after their information is stolen. In my case, the credit bureaus are refusing to give me my free report. Online they say my password is no good, no matter what I try to change it to or do. By phone, the autoprompts jerk me around, then tell me they'll mail the reports. Only one agency responds by mail, and it asks me to send more information PLUS pay a fee. I have not had a free credit report in 2 years. What can I do? Who can I complain to? Does anyone know?

As someone who knows people involved with "electronic turf wars" and making zombies out of home computers everywhere, let me give you all one piece of advice, DO NOT use popular anti-virus products like Norton or McAfee. They let bot packs, (the way criminals take over your computer), through like a doorman opening the door for you at a hotel. Get yourself a GOOD anti-virus such as Panda or Kaspersky or Nod32. they are what the thieves use to protect their systems. Also, check your Windows/system32 folder for a file called "spool" or "printers" and see if they are huge (above 100MB). An excellent firewall such as Zonealarm or Outpost will help you too. And remember, there really is nothing you can do if the thief is determined enough, but if your security makes it tough for them to get through, they will leave your computer alone and go after easier prey. One final thing, Nobody and i mean Nobody gives away a lot of money for nothing, so get smart and delete any email that comes to you with the subject line, "you are a winner!" or "I need your help to get this money out of my country" Come on people if most of you spent as much time on computer security as you do whining about it after your money is gone, then this would be a moot point altogether.

That's what happen if you centralized all of your life on a number or two. If you want to see these things stop then you have to start with a new system, from scratch.
Forget all of those SS and credit score crap.

It seems only a matter of time that we will have to register how many emials we wish to send a day and our ISP will cut off our access after that, not long after that will come the email fee, 1 cent pre mail or so.

I had my credit card stolen while overseas on vacation. The thieves withdrew the maximum cash limit from a newly issued card. This card had never been used before, AED 10,000.00 (USD 2717.00)in 5 separate amounts all within 15 minutes from two separate banks in Cophenhagen, Denmark. I received no security calls from my bank to verify it was me, yet 5 transactions took place within 15 minutes. We called the Sharjah Islamic bank as soon as we noticed the theft,this was within an hour, to stop any payments but the thieves were too quick. The bank said they had stopped the useage of the card, however when we discovered the loss, the Sharjah Islamic Bank back in the United Arab Emirates refused to reimburse me for the loss.They informed me they do not cover any loss incurred between the time the card is stolen to the time it is reported...dahh! They also told me they do not have insurance against card theft and no banks in the UAE have insurance against card theft/loss.So if anyone out there has a credit card with a UAE bank, according to the Sharjah Islamic Bank, be aware, you are not covered in the event of theft/loss. Most reputable international banks however do cover loss.My investigations reveal the thieves may have used a card reader to rip the pin number from the mag stripe on the card.If anyone else has had similar experiences with banks like this let me know.

meh. its all about politics. there's always a way to fraud and hack and the goverment can't do squat about it. they're just pretending to for their approval rating.

right now, all you have to do is use your card at the local food store and you could be scammed then and there.

to Neko, West Michigan;
As a professional engagaed for many years in info security, all I can say to your paranoid "conspiracy theory" comments is Bull!

People like you are part of the problem, not the solution.

A person should be familiar with their computer os, programs, & files. Sense irregular computer performance, try to locate a new file in startup, program files, windows/system32, etc. Not sure, observe new files in dos editor. Once located, use windows search to locate files listed in hack file. Microsoft Prefetch will protect hack files from being removed from computer. Find, download, & install Eraser.exe. Eraser program is only tool I know of that will remove hack programs from computer. Following removal, uninstall Eraser program. Should a person find credit card listing in hack file from dos editor observation, credit account(s) will have to be closed. Hack programs can control firewall, antispy, antivirus, etc on a computer, however, online antispy & antivirus scans will weaken the hack program. Reformatting & reinstallation of os is advised. A person may sense battle experience following the use of the Eraser program, file searching, dos editor observing, etc.

it would be nice to have information on who to contact for suspicous activity, like the daily pick up and deliveries to a neighbor,who could be praying on the neighborhood..

My husband has been approached by "friends" (that I don't know) who asked him to add their name to our credit card so that they could "boost up" their own bad credit. They offered to pay $1,000.00. When I refused my husband was embarassed and said that he would get his own credit card in his name alone. He signed up for every card that came in the mail. Now the credit card fraud department companies are calling every day. I know its a scame but I can't prove it. Can anyone tell me how this scame works and where I can get some proof that I could show my husband. He is 65 years old & acting like a child. I need real proof in writing. Please help.

Nicole Star, Compton, CA

As an online merchant for a hosting company myself I'd like to point out it's great what Dan is doing here in a way, but he's also only encouraging and adding to the problem by increasing what these people see as a larger market for their activities. With the people doing these crimes being located in other than US countries it further seems pointless in using US law enforcement to pursue people out of their own jurisdiction. This after the fact attempt is like allowing people to polute a lake, then complaining that the clean up work has to be done. The best approach would be to not allow the lake to be polluted in the first place.

The problem is the ease in which these people can use these stolen credit card numbers. The authentication process is not what it appears to be or is thought it is to the average consumer. We are constantly bombarded with scam artists and spammers using stolen credit card information to set up web server accounts. The damage they can do in just 2-3 days before we spot and catch them can be huge to consumers and email recipients everywhere. People in countries like China are using VoIP accounts and phne forwarding accounts to get past our only line of defense, voice authorization. This happens because the phone number they provide during the credit card processing has no means in which to be authenticated as being the actual phone number on record with that credit card. You see the phone number option there when using your credit card online, you assume it's there for a reason and gets verified, it doesn't, nor is there a system in place to do so.

99% of fraudulent use of credit card information could be prevented by just a means in which to verify the phone number provided matches the phone number on the account and then voice authorization, either live or automated can be conducted.

Making it harder for these people to be able to use these credit cards in the first place with actual verification in this way would all but illiminate their reason of existance in the first place. These other useless and "advanced" methods like three digit numbers on the back of your card and PIN numbers are being easily bypassed by these people.

The additional problem is in the ability that anyone with no computer experience can also easily open up an online business that accepts and even stores credit card information. The lack of computer experience they have in running such a business makes obtaining the stored information on their web servers childs play. A minimum of some basic checks or requirements need to be inplace so not just any clueless "webmaster" is allowed to store credit card information on very poorly secured sites they do a poor job of maintaining. Anyone reading this can go to any "shopping cart" software web site and read the message boards to see just how computer clueless some people are that are running these online merchant stores and accepting credit card information.

There needs to be a push for tighter restrictions on who can accept credit card purchases online, as well as better means of authentication before we will ever hope to see these problems go away.

i want a credit card

I'm also an online merchant, and I'd like to add one more problem that I frequently run into. Many legitimate customers get upset when we ask for additional information to verify their identity. I know these people aren't likely to be reading this blog, but it's a large part of the problem. It's hard to say "we appreciate your business and want to find a way to sell our product to you" and "we think you're trying to defraud us and some poor credit card user" in the same breath. We're doing this for your protection, as well as our own. 'Fess up the info or order in person.

Organizations that investigate Identity theft say to contact the FTC. They only take complaints and do not investigate. You become a statistic. The Social Security Administration does not investigate social security number fraud. The FBI only investigates if it makes then news or is a very large amount in the millions.

Otherwise your on your own and the organizations make you believe there is law and order when there is not,

My checking account in NatioanlCity bank had serveral unauthorized purchases from all over Nation in a short period of time several years ago. I was shocked and mad,because I never use that card online. I took very precaution.

How did someone can access my checking account without anything and take money out of my bank account directly?

I immidially contacted bank for fraud.

When I called to find out remedies,the attitude was cavalier, condesending and "wonder how we can get rid of this guy. They even dont want to bother to answer my question. They insist that I use the card online.

I finally find my checking access card is also a credit card. I were not aware that. But I am sure I didnt use online and never lost.

After I conviced them, I got restitution just cover
my loss fortunately. It took three month to go through investigation. but I lost a lot of time to deal with them and emtion. Even I got depression on the inccident.

When time passed, I realized that the security issure on American banks get worse.

Back to the program you made, I feel you tell viewers nothing you can do but how the thiefs work.

I can understand American goverment now is too busy of taking money out of Iraq claiming fighting terrorist to protect Americans.

I hope that American goverment can get a extra hand.

BTW, you can modify anything of the post. You are the lord.

What about the internet dating services. I am contacted several times a day by men from Nigeria who say they are not a part of any scam. I trusted one who said he was in trouble and afraid and just wanted to come home to America. He sent me checks from his "friend's" account to pay off his bills in Nigeria. Otherwise he said, he would not be able to leave the country. Each check (6 total)was for 3,500.00 or 3,000.00. I believed him, it everyday was 'urgent'. I thought I was checking him out to make sure the checks were real by calling the bank the checks were drawn on. The bank each time told me that the names on the checks are a legitimate business and there was enough money in the account to cover the check. So, I believed him. I wired the money back to him. Now, each check was stopped. i'm at a loss for all of that money. I called my state government, the FBI, the Secret Service and each one told me there was nothing they could do.
America needs to hear about this one! This man in Nigeria still contacts me. He says he wants to pay back the money but still wants to send me checks. These checks are sent from an American Address! why can't anything be Done?

I am also a merchant. My Estore closed today due to my loss from internet thiefs!

Why don't we (U.S. residents)require through legislation that card companies offer an optional card that can only be used for purchases, ATM use, etc. at locations within the U.S., or say U.S. & Canada? Probably a majority of card users don't travel outside of the U.S. or purchase outside the U.S. This wouldn't stop fraud, but it would make the card much less desirable for ID theft.

I am trying to reach Chris Hansen because today I found out that somebody called on 7/30/07 my Washington Mutual Visa credit card company and change the address on the account to: 875 40th Street, Apt. 2F, Brooklyn, NY 11232 and their phone number is 347-328-8343. They knew my ss# because they have to supply customer service representative with last 4 digit of ss#. I file police report. What I have to do to protect myself?
Thank you in advance.

A real save credit did not exist until today. Complicated gadgets did not help at all. Dragon Credit Card Network offers the first safe and secure use of credit cards online and elsewhere. Contact your local bank and ask for details.

www.vondar.com