Indian Credit Card Fraud Exposed – Linked to Symantec


In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.

I guess it’s hard to control a 3rd party call center though and who works there of course. I guess from now on they will be running their ship a little bit tighter, I’ve conducted audits on centers which deal with financial information before and the security was insane. Unless you etched the info into your body with a paperclip there’s no way you were getting it out of there.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man. The seller denied any wrongdoing and Symantec corporation, from whom three victims bought a product via a call centre, called the incident “isolated”. Card fraud totalled £609m during 2008, according to payments group Apacs.

Symantec said it requires rigorous security measures of any third-party call centre agents and it believed the breach had been limited to a single agent. The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details.

The price they charged is quite high too, more than double the normal online rate for purchasing dodgy credit card details. I guess they could fetch a premium though being UK cards and having a high chance of being active, valid cards.

It turns out the info wasn’t that accurate, but it was good enough to commit some online fraud.

He told the pair he could supply them with hundreds of credit and debit card details each week at a cost of $10 dollars a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. He said the remainder would be sent later by e-mail.

The man claimed some of the numbers had been obtained from call centres handling mobile phone sales, or payments for phone bills. Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.

Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid – often out by a single digit. However, about one in seven of the numbers purchased were valid – active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.

It just goes to show, even when you’re not being phished you’re still in danger of being conned and defrauded.

Just be careful what you buy and how you buy it, I’d say buying online from a HTTPS site with a valid certificate from a real CA is much safer than doing it over the phone.

But then that’s just me.

Source: BBC News

Posted in: Legal Issues, Privacy, Spammers & Scammers

,


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


One Response to Indian Credit Card Fraud Exposed – Linked to Symantec

  1. Whatever March 23, 2009 at 7:58 pm #

    BBC is lately trying a lot of these notorious techniques to gather news… Last time they spread a lot of Trojans to grandma computers, just to test social engineering.

    Hmm wonder what they are up to next.

    P.S: The title is little bit misleading.