Indian Credit Card Fraud Exposed – Linked to Symantec


In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.

I guess it’s hard to control a 3rd party call center though and who works there of course. I guess from now on they will be running their ship a little bit tighter, I’ve conducted audits on centers which deal with financial information before and the security was insane. Unless you etched the info into your body with a paperclip there’s no way you were getting it out of there.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man. The seller denied any wrongdoing and Symantec corporation, from whom three victims bought a product via a call centre, called the incident “isolated”. Card fraud totalled £609m during 2008, according to payments group Apacs.

Symantec said it requires rigorous security measures of any third-party call centre agents and it believed the breach had been limited to a single agent. The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details.

The price they charged is quite high too, more than double the normal online rate for purchasing dodgy credit card details. I guess they could fetch a premium though being UK cards and having a high chance of being active, valid cards.

It turns out the info wasn’t that accurate, but it was good enough to commit some online fraud.

He told the pair he could supply them with hundreds of credit and debit card details each week at a cost of $10 dollars a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. He said the remainder would be sent later by e-mail.

The man claimed some of the numbers had been obtained from call centres handling mobile phone sales, or payments for phone bills. Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.

Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid – often out by a single digit. However, about one in seven of the numbers purchased were valid – active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.

It just goes to show, even when you’re not being phished you’re still in danger of being conned and defrauded.

Just be careful what you buy and how you buy it, I’d say buying online from a HTTPS site with a valid certificate from a real CA is much safer than doing it over the phone.

But then that’s just me.

Source: BBC News

Posted in: Legal Issues, Privacy, Spammers & Scammers

,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


One Response to Indian Credit Card Fraud Exposed – Linked to Symantec

  1. Whatever March 23, 2009 at 7:58 pm #

    BBC is lately trying a lot of these notorious techniques to gather news… Last time they spread a lot of Trojans to grandma computers, just to test social engineering.

    Hmm wonder what they are up to next.

    P.S: The title is little bit misleading.