Wednesday, August 06, 2008

Credit card fraud

The Justice Department announced today that they had broken a major credit card fraud ring.

It seems that the card numbers were obtained by hacking retailers' wireless networks. Amongst the list of affected retailers is Sports Authority which explains how my wife's credit card was fraudulently used back in April this year.

At the time we couldn't figure out how the number had been skimmed since she still had the card in her possession, never uses that card online and had only used it twice in the previous month, one of those times being at Sports Authority, and in both cases the card never left her sight.

We were incredibly impressed by how quickly our bank (Wells Fargo) detected the fraud - they called her the same day after only two fraudulent transactions which they advised us occurred using a fake card encoded with the stolen number. Reversing the fraudulent charges was reasonably straightforward so we didn't think any more about it until I heard the report today.

I'm a whole lot less impressed with Sports Authority's network security. Maybe I should give them the benefit of the doubt but as an IT professional I know that it's far more likely that the criminals exploited holes in a poorly implemented wireless network than that they were master hackers who defeated a state of the art system.

No comments: