Advertisement
Promo

Security threats Toolkit

Online exchange for phished details exposed

David Meyer ZDNet.co.uk

Published: 27 Mar 2008 17:20 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security company has claimed to have uncovered an online exchange for credit-card data obtained by fraudulent means.

Finjan said in a Tuesday statement that the Blogspot-hosted, SellCVV2 website was "promoting the sale of fraudulent credit-card data with guarantees and volume discounts for large-scale fraudsters".

At the time of writing, the SellCVV2 website appeared to have been cleared of all its contents. The card details that were allegedly being traded on the site are believed to have been obtained through phishing, the practice of conning cardholders into revealing their security details through spam emails and fake bank websites.

"[SellCVV2] is typical of a number of portals promoting the exchange of fraudulent card data," said Yuval Ben-Itzhak, Finjan's chief technology officer. "But what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved."

Ben-Itzhak said that prices on the site were segmented by type of card, type of account and country of origin. "Prices typically range from $38 [£19] per set of card data for premium card accounts in small volumes, going down to $10 for [Classic Visa] card data in volumes of 100 or more. Customers are also being offered [a] trial set of data, as well as a guarantee on account details that do not work," he said.

"If further proof were needed that there is a very serious problem facing the card-acceptance and [card]-processing industry, this is it," Ben-Itzhak added. "The level of sophistication shown on the site acts as a clear warning to anyone who thinks card fraud is a containable problem."

Speaking to ZDNet.co.uk on Thursday, Ben-Itzhak said that action needed to be taken by the companies that host such websites. "Once the host receives a report, [they] need to do something on the law-enforcement side to force them to remove it," he said. "There are [internet service providers] that are very responsible, but most of them are not."


 
Part of a screenshot from the SellCVV2 website, as supplied by Finjan
 

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
2 out of 2 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters