ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Online exchange for phished details exposed

David Meyer ZDNet.co.uk

Published: 27 Mar 2008 17:20 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security company has claimed to have uncovered an online exchange for credit-card data obtained by fraudulent means.

Finjan said in a Tuesday statement that the Blogspot-hosted, SellCVV2 website was "promoting the sale of fraudulent credit-card data with guarantees and volume discounts for large-scale fraudsters".

At the time of writing, the SellCVV2 website appeared to have been cleared of all its contents. The card details that were allegedly being traded on the site are believed to have been obtained through phishing, the practice of conning cardholders into revealing their security details through spam emails and fake bank websites.

"[SellCVV2] is typical of a number of portals promoting the exchange of fraudulent card data," said Yuval Ben-Itzhak, Finjan's chief technology officer. "But what is apparent from the SellCVV2 site is the level of commercialisation of the traders involved."

Ben-Itzhak said that prices on the site were segmented by type of card, type of account and country of origin. "Prices typically range from $38 [£19] per set of card data for premium card accounts in small volumes, going down to $10 for [Classic Visa] card data in volumes of 100 or more. Customers are also being offered [a] trial set of data, as well as a guarantee on account details that do not work," he said.

"If further proof were needed that there is a very serious problem facing the card-acceptance and [card]-processing industry, this is it," Ben-Itzhak added. "The level of sophistication shown on the site acts as a clear warning to anyone who thinks card fraud is a containable problem."

Speaking to ZDNet.co.uk on Thursday, Ben-Itzhak said that action needed to be taken by the companies that host such websites. "Once the host receives a report, [they] need to do something on the law-enforcement side to force them to remove it," he said. "There are [internet service providers] that are very responsible, but most of them are not."


 
Part of a screenshot from the SellCVV2 website, as supplied by Finjan
 

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
2 out of 2 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Java/J2EE Developer - Multimedia

You will be responsible for the development of a very high profile Website so any experience gained working with such Websites would be advantageous. ...

C#,asp.net 3 month contract in Yorkshire

The successful candidate will help enable the company to take control of their websites and databases in house. You will help re write the companies ...

Photoshop HTML CSS - Junior Web Designer role - Thames Valley

Responsibilities: You will be working on a variety of top brand multi-million pound websites and actually having ownership of assigned website ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Google sponsors open source security p...

Google has announced it is to sponsor oCERT, an open source computer emergency response team. In a blog post on Monday, Google security engineer Will Drewry said that one of the... More

Post a comment

Indian officials accuse China of cyber...

China is actively engaged in mapping India's computer networks, according to the Times of India. China is mounting "almost daily" attacks against Indian Government computer systems,... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation