Credit Card information theft has always been a worry to their users, a worry multiplied by the internet and online shopping. Users have often been haunted by 'scare stories' of data being intercepting and their details getting hi-jacked to purchase goods illegally online. Supposedly, SSL technology and encryption on websites solved this issue, and to a large extent it has.
However, that's not to say that the problem has been completely wiped out. It's not that un-common to see mainstream newspapers reporting that it is easy to get stolen credit card details online. As a 'well-informed' techie and web user, one can usually disregard this as a journalists padding out articles with a piece of spice. Yet is this really the case? We decided to look into the validity of claims like this, and investigated exactly how hard it is to get credit card information over the web. The worrying answer we found: not very.
Many news outlets reported earlier this week that via the world's most popular search engine, Google, one could easily harvest credit card numbers using it's advanced search tricks; with a little investigation, Within 5 minutes and a bit of researching on the search giant, Neowin uncovered these queries and managed to exploit them to the extent that we were able to find literally hundreds of credit card numbers, along with their owners names and addresses. The information in many cases contained the 'added security feature' that is the 3 digit CVV code, recently introduced to add another layer of security to the online purchase process. One of the sites we uncovered, with a sizable list of numbers and details, was hosted on popular free Invision forum host, invisionfree.com.
Using advanced Google searches and easily available information on the format and structure of various credit cards (easily found on Google), we, and potentially more malicious web users, were able to find not only MasterCard information but a wide variety of card types such as Visa; somewhat disconcerting.
So what practically can be done? We contacted the hosts of a few the sites involved informing then that they were hosting credit card details. However, with many sites it's pretty in-practical and in-effective to deal with it in this manner. Neowin would urge it's readers to practise responsible and conservative use of their card details online; ensuring they use it only on trusted sites only, and sites which offer secure transactions (look for the padlock in your browser). Importantly, it helps to tell other more vulnerable people about the potential for scams on the internet – e.g. parents, new users to the web. Teaching people these dangers is really the only effective way to combat a growing and worrying issue.