Website exposes credit card fraud

WASHINGTON (AP) -- An anti-fraud education group that tipped federal authorities to a major Internet credit card scheme has opened a Web site that will let Americans check to see if their card numbers are in the hands of thieves.

The database of stolen credit card numbers, which became available on the Web late Tuesday, was created over the last seven weeks and has already identified nearly 100,000 credit card numbers, the group said.

The group, CardCops, collected the information from Internet chat rooms where thieves have been checking whether stolen card numbers are still good to use or have been deactivated.

The group alerted the Secret Service to the scheme and turned over its database to investigators. It then decided to create the Web site so Americans can check their numbers and possibly prevent fraudulent charges.

EXTRA INFORMATION
How can you protect against identity theft?

"We're creating a situation where Joe Consumer can check his card on the Internet to see if it's been possibly abused," said Dan Clements, founder of CardCops.

Cardholders can check their numbers by going to www.Cardcops.com and typing in the number. If it comes back positive, cardholders should alert their financial institution.

CardCops say they have secured the database, and as an extra precaution it is asking cardholders who check their numbers not to enter the expiration date that is ordinarily required to complete a purchase.

Secret Service Special Agent Donald Masters of the Los Angeles High Tech Crimes Task Force said his team is in the preliminary stages of investigating the most active Internet card thieves discovered in the database provided by CardCops.

He would not discuss the investigation's progress or other details, but Masters praised Clements for alerting authorities.

"We need the general public to be aware of this kind of stuff," Masters said.

Many card numbers are stolen by hackers who break into databases of Web commerce sites. Another method is for con artists to trick unsuspecting computer users into providing card numbers.

The goal of the new Web site is to cut down the time between the theft of a card number and the cardholder's discovery of fraudulent charges made by the thieves, possibly saving money for consumers and companies.

"Consumers usually get their statements two months or three months after it's compromised," Clement said. "During that 60 to 90 days, that card has floated around the Internet. They're the ones who are out on a limb."

Clements said the thieves use Internet chat rooms -- which are separate from the World Wide Web and largely unregulated -- to verify that the cards are valid.

This is done by posting the number and expiration date into the public room, where an automated program charges a small amount to the card to see if it is a valid card. The program is built and maintained by fellow thieves.

The small amount charged is not likely to tip off cardholders, Clements said, and the charge comes from an unrelated merchant who is not privy to the scam.

Clements has been monitoring several of these rooms, which scroll constantly with new card numbers, and recording card numbers entered by the thieves. To help authorities, Clements also collects the Internet address of the thief who submitted the card.

CardCops offers information and tools to protect electronic commerce companies from credit card fraud. It has more than 1,000 paying members, mostly small and medium-size merchants.

Stolen credit card numbers and identity theft affect up to 700,000 Americans each year, the Justice Department says. In 2000, credit card companies Visa and Mastercard reported that fraud losses topped $1 billion.

Last month, Attorney General John Ashcroft ordered federal prosecutors nationwide to speed up investigations and trials of people accused of stealing identities.

Legislation that would set harsher penalties for such crimes is moving through Congress.

Most credit card companies won't charge cardholders for fraudulent purchases, although it is important to contact the issuing bank promptly. Federal law limits the customer's liability to $50.

----

source: ccn.com