Indian Credit Card Fraud Exposed – Linked to Symantec

The New Acunetix V12 Engine


In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.

I guess it’s hard to control a 3rd party call center though and who works there of course. I guess from now on they will be running their ship a little bit tighter, I’ve conducted audits on centers which deal with financial information before and the security was insane. Unless you etched the info into your body with a paperclip there’s no way you were getting it out of there.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man. The seller denied any wrongdoing and Symantec corporation, from whom three victims bought a product via a call centre, called the incident “isolated”. Card fraud totalled £609m during 2008, according to payments group Apacs.

Symantec said it requires rigorous security measures of any third-party call centre agents and it believed the breach had been limited to a single agent. The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details.

The price they charged is quite high too, more than double the normal online rate for purchasing dodgy credit card details. I guess they could fetch a premium though being UK cards and having a high chance of being active, valid cards.

It turns out the info wasn’t that accurate, but it was good enough to commit some online fraud.

He told the pair he could supply them with hundreds of credit and debit card details each week at a cost of $10 dollars a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. He said the remainder would be sent later by e-mail.

The man claimed some of the numbers had been obtained from call centres handling mobile phone sales, or payments for phone bills. Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.

Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid – often out by a single digit. However, about one in seven of the numbers purchased were valid – active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.

It just goes to show, even when you’re not being phished you’re still in danger of being conned and defrauded.

Just be careful what you buy and how you buy it, I’d say buying online from a HTTPS site with a valid certificate from a real CA is much safer than doing it over the phone.

But then that’s just me.

Source: BBC News

Posted in: Legal Issues, Privacy, Spammers & Scammers

,


Latest Posts:


RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.


One Response to Indian Credit Card Fraud Exposed – Linked to Symantec

  1. Whatever March 23, 2009 at 7:58 pm #

    BBC is lately trying a lot of these notorious techniques to gather news… Last time they spread a lot of Trojans to grandma computers, just to test social engineering.

    Hmm wonder what they are up to next.

    P.S: The title is little bit misleading.