lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue Oct 11 16:20:42 2005
From: mlande at bellsouth.net (Mary Landesman)
Subject: PAYPAL security,
	hundred or thausend of buyers under cc fraud

There are also reports in that same thread of several others involved in
conjunction or separate from Digital Age. I don't know much about credit
card fraud or merchant accounts in general, but it seems to me that if it
were Digital Age themselves, they'd be shutdown quickly (I believe there is
always a traceable merchant number involved in all credit card transactions.
And I don't think banks absorb the charges in cases of fraud. I believe they
charge it back to the merchants that accepted the card. If so, Digital Age
is going to be eating each and every one of the denied charges. This is
obviously going to cost them a huge amount of money.

Here's my understanding of how it works. It would be great if someone
knowledgeable about merchant accounts could clarify any misconceptions.

1. Merchant (in this case, Digital Age) has a credit card merchant account
with each c.c. company
2. Transactions involving that merchant account number are automatically
credited to the account by the c.c. companies
3. When a fraudulent charge is discovered, the credit card company debits
that same account

Of course, Digital Age could be an entirely fraudulent operation. (And I
think this is the most likely scenario). They may have pulled all their
money out after the credits were received. Now when the banks try to debit
for the fraudulent charges, the account will be empty or even closed. That
would make more sense than Digital Age being a 'victim' in all of this. Some
of the other charges involved, that most often (but not always) occurred in
conjunction with the Digital Age fraud include:

TROUBLE BUBBLE LLC 215-310-9444 PA
Hostitnow,Inc. 718-732-2061 NY
KC SOFTWARECOM LLC
SUN SOFTWARE SYSTEMS 480-4520120 AZ
JM BUSINESS PRODUCTS

Each of the above was reported to be either $7.95 or $9.95

The Digital Age fraud appears on the credit card statement like this:

DIGITAL AGE 888-529-98 CYPRUS $24.99

And I really, really hope that Digital Age is the perpetrator and not the
victim. I would hate to see an innocent company get caught in the crossfire
of what appears to be a fairly massive fraud. The financial and image
repercussions for the company would be severe.

-- Mary

----- Original Message ----- 
From: <ad@...ss101.org>
To: "'Mary Landesman'" <mlande@...lsouth.net>;
<full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, October 11, 2005 10:45 AM
Subject: RE: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud


Could be something as big as cardsystems then right, had not read about
this, but I think my bank had to aware me of a potential risk on my account
, dunno, but anyway regarding all complaints, its something big as
cardsystem like you suggest , nor as big as amazon or paypal, all complaints
are from this month, DIGITAL AGE will be found, I hope , bastards :>

-----Message d'origine-----
De : Mary Landesman [mailto:mlande@...lsouth.net]
Envoy? : mardi 11 octobre 2005 16:00
? : ad@...ss101.org; full-disclosure@...ts.grok.org.uk
Objet : Re: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud

I've spent less than 5 minutes looking through that thread and already have
found a number of posts stating their card was not affiliated with PayPal.
So I have to wonder how you jumped so quickly to that conclusion.

Remember CardSystems - 200,000 credit card accounts were compromised and 40
million accounts exposed just months ago. I think I would put my bet on
something more obvious, like that.

Research is about more than collecting links that backup your viewpoint.

-- Mary

----- Original Message ----- 
From: <ad@...ss101.org>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, October 11, 2005 9:23 AM
Subject: [Full-disclosure] PAYPAL security,hundred or thausend of buyers
under cc fraud


I will explain my small story to show you that using paypal to buy on the
web is risked.
I have buy only 2 things this month, 1 game at steampowered.com and 1GB DDR2
at a respectable ebay store. That was the first time I were using paypal to
pay things on the net and so on it will be the last time..

Today I notice at my bank account a fraudulent debit of 24.99$ coming from a
"DIGITAL AGE 888", and looking on the web, happy to see that there is
hundred maybe thausends of ppl in my case , fraudulent charge of 24.99$ from
a "digital age".

look there:

http://www.dslreports.com/forum/remark,14525502?
hilite=digital+age

http://www.dslreports.com/forum/remark,14521837?
hilite=digital+age

http://www.robertkbrown.com/2005/10/04/digital_age_fraud.html

after reading all this and comparing with my case, sure it comes from paypal
and the stored cc card.

So if you are under the fraud also like me, fill a complaint to your bank
and there http://www.ifccfbi.gov/index.asp

This was a first and last use of paypal for me, unbelievable ...




Powered by blists - more mailing lists