Someone May Be Selling Your Credit Cards, on YouTube

Digital thieves are now selling their ill-gotten gains right on YouTube, according to a new investigation by the Digital Citizens Alliance.

The group found that crooks are using YouTube to sell stolen credit cards, bank logins, and social security numbers – perhaps even those of someone you know.

In a new report, entitled, “Breach of Trust: How the Online Market for Stolen and Bogus Credit Cards is Eroding Confidence in the Internet,” Digital Citizens chronicles how they searched online for stolen personal records, and found a whole lot of marketing going on, right in the open.

Digital Citizens said that some of the thieves were hawking credit cards for as little as $7 per card, and claiming they were “guaranteed to work.”

In the report, Digital Citizen listed which search criteria they used, and how many hits each one got:

“how to get credit card numbers that work 2014″

 15,900 Results

“CC info with CVV”

 8,820 Results

“Buy cc numbers”

 4,850 Results

“CC number with CVV”

 4,160 Results

“CC Fullz”

 2,030 Results

“CC Fullz and bank login”

 1,790 Results

“CC with CVV and SSN”

 785 Results

In an ironic twist, Digital Citizens said they even found a YouTube video offering credit cards for sale accompanied by an ad for retailer Target. That would be the same Target that got hacked debit card data on millions of customers last year.

“The sad take away from the report is that YouTube continues to be used by rogue operators to conduct criminal acts, and not only does Google allow it to continue, but they profit from it by selling ads,” said Tom Galvin, Executive Director of Digital Citizens, in a statement.  ”We’d expect this on Silk Road or other dark corners of the Internet, but not by Google.”

Yes, indeed, this is both weird and appalling; it needs to stop. How can credit unions, banks, payment systems and retailers ever hope to stem the rising tide of card fraud if some of the biggest names on the Internet are participating in it? However unwittingly that may be happening, there’s no excuse for it.


Copyright Today’s Credit Unions




Prepare to Have a Chip in Your Cards


The magnetic strip on your debit and credit cards may soon be replaced by a microchip, according to some new deals being made in response to the rising tide of cybercrime.

For example, banking and payments technology firm FIS said that a new licensing agreement will make MasterCard’s EMV debit solution available to all participants in its NYCE payments network.

EMV — which stands for Europay, Mastercard and Visa – is a global standard for the inter-operation of integrated circuit cards, or chip cards.

These are cards containing a sophisticated microchip that holds a wealth of account, cardholder and security data. It is to the traditional magnetic strip what a modern PC is to an abacus, security experts say.

With EMV, payment processors, financial institutions and retailers will have vastly increased security capabilities against the customer data breaches that have become all too common.

However, EMV implementation plans have their detractors in the U.S. The big complaint against EMV adoption has been cost: implementing the technology will cost billions, and financial institutions, payment processors and other groups have had an ongoing fight over who will pay for it.

Also, the U.S. plans allow for continued use of the magnetic strip. This could enable a smoother transition to EMV, since the strip cards would still work with “legacy” systems, but security experts warn that the vestigial use of the strips will negate some of the security benefits of having the chips installed in the first place.

Perhaps the biggest knock on EMV is that the technology does nothing to hamper “Card Not Present” fraud – which is a leading environment for cybercrime involving payments. These are transactions where the merchant doesn’t physically “swipe” a card – such as occurs when you buy things online.

While “Card Not Present” is another area in need of vast improvement, the fact that EMV doesn’t solve it is really not a good argument against EMV. After all, the recent, well-publicized, data breaches at U.S. retailers did involve “card present” crime – and may well have been thwarted by EMV.

What we all need is a multi-faceted approach in which all the players – financial institutions, payment processors, government regulators, law enforcement and retailers — step up to protect American consumers.


Copyright Today’s Credit Unions