Internet fraudsters hacked into an on-line credit card processor
and attempted to use the accounts of 26 e-commerce businesses to
charge the sum of $5.07 to each of 140,000 credit cards, according
to one of the 26 businesses, US-based novelty gift seller Spitfire
Ventures. Although no money ultimately changed hands, the attempted
fraud is apparently being investigated by the FBI.
Spitfire, which normally receives up to 30 orders a day for its
talking toilet paper dispensers and miniature book products, said
that its account generated 140,000 purchases last Thursday. The
company claims that its on-line credit card transaction processor,
Online Data, approved approximately 62,000 false charges worth
$5.07 each, while about 80,000 cards declined to process the
transaction.
Online Data is a reseller VeriSign's credit card payment gateway
services, which actually performed the authorisations. Spitfire
alleges that VeriSign initially approved $300,000 in false charges,
but stopped the transactions before they were completed so no money
was actually transferred in the scheme.
Both Spitfire and VeriSign said they believe fraudsters got the
credit card numbers by cracking the passwords of the affected
merchants and were testing the validity of these numbers.
According to a report by MSNBC news, VeriSign blames Online Data
for the incident, for issuing poor passwords to customers such as
Spitfire, which would be easy for fraudsters to guess.
However, Online Data appeared to blame its customers, saying
that they are issued with a starter password and encourages
merchants to change the password. Online Data says this was not
done by the merchants.
