Welcome to the eCommerce Report Australian ecommerce network
News and commentary on Australian ecommerce, internet and online business, markets, developments Today's date is:  


Click on the button to sign-up for a free weekly email update
click here to sign-up for a free weekly email alert





 

Thousands of Australian credit cards at risk in latest online security breach

Police are investigating the theft of card and contact details for thousands of Australian Visa and Mastercard users apparently posted to an Internet blog sometime before April 21st this year.

Reports in the Australian newspaper last Friday, the 19th of May, and again on Monday the 22nd of May reveal that Australia’s big four banks have acknowledged at least 600 customer accounts are involved.

The reports suggested that the details published included customer home and email addresses, phone numbers and full card details including verification codes and expiry dates.

According to the Australian, the details were published in a list form, and are clearly customer records. as some included details of customer booking and order details.

Some of the records reportedly included phrases such as “Ensuite Villa, 2br, suggestïng that they came from a holiday accommodation booking web-site.

Other records were said to have from a courier organisation, because they included “detailed delivery instructions for packages if the cardholder was not at home.”

That conclusion may be unwarranted, however, as many online merchants ask their customers for that sort of delivery information. Online accommodation sites would not usually ask for that information. Certainly it seems obvious that the card details must have been compiled from more than one online source.

It also seems obvious that the source of the details would not be “skimming and hacking” from ATM’s and business point of sale systems transactions, as reportedly suggested by a Victoria Police media unit Sergeant Dave Spencer.

"Lists like this come up for sale on the internet, and this is basically the end product of skimming and hacking of ATMs and other point-of-sale systems" Spencer was quoted as saying.

But email addresses would not normally be captured in those instances.

So eCommerce Report believes the data has been hacked from at least one online customer database, and almost certainly a local merchant.

It seems likely it was a local merchant because the list contains details of only a few card customers based in Germany, New Zealand and Britain.

Remarkably, none of the bank contacted by the Australian admitted to any funds having been lost to fraudulent transactions.

Australia’s Commonwealth Bank said some 350 of its customers cards were are involved, but said that these had already been reported lost or stolen.

The NAB conceded it was contacting more than 130 customers, whilst Westpac admitted 80, and the ANZ a further 20.

Cards issued to St George banks customers were also on the list, as too were a small number of AMEX card holders.

According to the Australian, the list was discovered at Google where a cached version of the list, published at a “free blog” had been collected by its automated cataloguing robots on the 21st of April.

A Visa spokesman said that Google was being asked to remove the cached page from its index.
For more information go to
www.australian.com.au

Share this article?


Use these links to share this story with friends via social bookmarking sites.


Bookmark and Share

 

Google

 

  Top Page

diary subscribe now contact us back to the home page links page

©Copyright  Technosocial Research Services  All Rights Reserved
mail@ecommercereport.com.au