Cyber-Thief Threatens to Stoke Online Credit Fears.JUST when we're starting to get used to shopping on the Web, along comes a mystery crook, "Maxim," to remind us that life isn't safe. And it's not only Web shoppers who have to worry. So does everyone who uses a credit card. Maxim is a cyber-thief, possibly in Eastern Europe Eastern Europe The countries of eastern Europe, especially those that were allied with the USSR in the Warsaw Pact, which was established in 1955 and dissolved in 1991. . He claims to have stolen more than 300,000 credit card files from an online music retailer called CD Universe. He demanded that CD Universe pay $100,000 for him to destroy his copy of the files. When the company refused, he started posting customers' names, addresses and credit card numbers on the Web. Maxim's site has been closed. But in the two weeks it was up, several thousand visitors downloaded more than 25,000 credit card numbers, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. The New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Times. Information at stake The easy answer, you might think, is never to buy anything by Web. Many e-tailers do let you use an 800 number, instead. But when you order by phone, where does the merchant keep your card number? Most likely, right in the general credit card database, where the Maxims of the underworld might find it. The same could be true when you order from a catalog or put down your actual card at a local store. "It all depends on which computer the merchant keeps your card number in," says Elias Levy Elias Levy (also known as Aleph One), was the moderator of the full disclosure vulnerability mailing list Bugtraq from May 14 1996, until he stepped down on October 15 2001. , chief technology officer of Security Focus.com, a computer security firm in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden , It might be the same computer as the one accessible by Web, or it might not. You have no idea. CD Universe faces a public-relations mess because the thief disclosed the company's name. But other firms have been attacked and consumers never knew, privacy experts say. The known cases are only the tip of the iceberg tip of the iceberg n. pl. tips of the iceberg A small evident part or aspect of something largely hidden: afraid that these few reported cases of the disease might only be the tip of the iceberg. , says security expert Peter G. Neumann Peter G. Neumann is a researcher who has worked on the Multics operating system in the 1960s. He edits the Computer Risks columns for ACM Software Engineering Notes and Communications of the ACM. He founded ACM SIGSOFT and is a Fellow of the ACM, IEEE and AAAS. of SRI International (company) SRI International - One of the world's largest contract research firms. Founded in 1946 in conjuction with Stanford University as the Stanford Research Institute, they later became fully independent and were incorporated as a non-profit organisation under U.S. in Menlo Park Menlo Park. 1 Residential city (1990 pop. 28,040), San Mateo co., W Calif.; inc. 1874. Electronic equipment and aerospace products are manufactured in the city. Menlo College and a Stanford Univ. research institute are there. 2 Uninc. . Still, the relative number of break-ins is small. Merchants say you don't have to worry. By law, you're liable for no more than $50, if an unauthorized person uses your card. Many banks don't even charge that. But the problem isn't the $50 or the hassle of replacing your card. "The real issue is identity fraud," Neumann says. It's not only addresses and credit card numbers that slosh around Verb 1. slosh around - spill or splash copiously or clumsily; "slosh paint all over the walls" slush around, slush, slosh spatter, splatter, plash, swash, splash, splosh - dash a liquid upon or against; "The mother splashed the baby's face with water" the Internet. So do birthdays and Social Security numbers. Crooks can put them all together, then apply for credit in your name. You don't see the bills, so you have no idea that "another you" is running up debt. By the time you discover the fraud, your credit is wrecked. The damage from identity theft can take years to mend. Guarding your data What can consumers do? Alas, not much. There are simple rules. Don't give your credit card number over a cell phone. Guard the carbons, when you pay in person. When you shop by Web, check the lock or key icon on the screen, to make sure it's whole. A broken icon indicates that the site is not secure. Even well-known sites break down sometimes. Doug Tygar, a professor and information specialist at UC Berkeley, suggests that you keep one card only for Web use. If the number is stolen, you'd then have a single card to cancel. But of course, this doesn't prevent identity theft. The larger problem isn't the security of your individual transaction. It's the level of security the merchant applies to its database. Maxim didn't "sniff" individual credit card numbers as they wafted over the wires. He lifted them wholesale out of CD Universe's computer. Says Tygar, "It's like the merchant who carefully puts each credit card slip in a drawer but doesn't lock the drawer at night." Web customers should check each merchant's privacy policy to see how it handles your data. But these policies almost never mention how the merchant protects its own database. Some merchants aren't doing enough. It's not known how Maxim accomplished his virtual second-story job. Once in, he may have used a common credit card verification See CSC. program called ICVerify to transfer customers' money to his own creditcard account, Levy says. (CyberCash in Reston Va., which sells ICVerify, would not comment.) CD Universe alerted its customers to the theft. It also hired security experts "to make sure we're rock-solid safe going forward," spokesman Brett Brewer says. But how rock-solid is any customer database? "What's scary about this is that (CD Universe's) network was compromised," says Elaine Rubin, head of Shop.org, an e-tailers association. Every merchant should take note. Forms Might Restrict Sharing of Inheritance Say you're a young couple, writing a will. Would you leave your money only to the children you have, leaving future children out? Probably not. Say you're a grandparent, whose will leaves everything equally to your adult children. If one of those children died before you did, would you reallocate Verb 1. reallocate - allocate, distribute, or apportion anew; "Congressional seats are reapportioned on the basis of census data" reapportion allocate, apportion - distribute according to a plan or set apart for a special purpose; "I am allocating a loaf of his or her share to your other children? Probably not. That would cut out your grandchildren - the children of your child who died. Yet the very thing you wouldn't do - cutting out grandchildren or future children - your insurance company or retirement plan is probably doing for you. Here's what's going on What's Going On is a record by American soul singer Marvin Gaye. Released on May 21, 1971 (see 1971 in music), What's Going On reflected the beginning of a new trend in soul music. and what you might - just might - be able to do about it. When you buy life insurance or a tax-deferred annuity tax-deferred annuity See tax-sheltered annuity (TSA). , or start a retirement plan like an IRA Ira, in the Bible Ira (ī`rə), in the Bible. 1 Chief officer of David. 2, 3 Two of David's guard. IRA, abbreviation IRA. or 401(k), you're given standard forms to sign. The forms ask whom you want as beneficiaries. Typically, you put down your spouse's name or the names of your current children. That means no other people can be paid. You might think you can solve this problem by writing a will. But wills don't cover any asset that has a named beneficiary, including joint property, life insurance, annuities and retirement plans. How can you rectify this, so your own estate won't accidentally go astray? You usually have to get a lawyer to amend the beneficiary form. But many insurance companies and retirement plans won't accept amended forms. "In that case, go to another company," advises attorney Natalie Choate of Bingham Dana in Boston |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion