Marketplace Scratch Pad

No soup for you, credit card thief

Scott Jagow Aug 18, 2009

I hope Albert Gonzalez goes to prison for a long, long time. He’s the guy who was just charged with masterminding the theft of 130 million credit card numbers. In hacker circles, they call him the Soup Nazi, after the character in the Seinfeld episode. But there’s nothing amusing about Gonzalez.

From the New York Times:

According to the new indictment, Mr. Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores to monitor which payment systems they used. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

They chose 7-Eleven, the supermarket chain Hannaford, the payment processor Heartland and two other unnamed corporations. More:

Prosecutors say the defendants created and placed “sniffer” programs on corporate networks; the programs intercepted credit card transactions in real time and transmitted the numbers to computers the defendants had leased in the United States, the Netherlands and Ukraine.

Reporter Rico Gagliano is doing a story on this for tonight’s Marketplace, so I’ve found out a little bit more about the methods Gonzalez may have employed. He’s supposedly what’s known as a “harvester”. His speciality is extracting the information that’s on the back of your credit card. He does this in large batches by hacking into company databases, as described above.

The information might then be sold online or to another specialist called a “carder.” The carder puts the data onto a new card with a magnetic stripe. Actually, often they use old cards that people throw away. The new card is then used to buy things or take money out of ATM’s (sometimes, PIN #’s are sold with the data). A lot of this work is done in Eastern Europe, home to some seriously skilled hackers.

What’s striking is that the price of this data has fallen considerably. Criminals used to pay $10-$15 per card number. Now, they’re going for about $1.50. The market has been over-saturated with stolen credit card numbers. Gonzalez is likely a big reason for that. He’s already in jail awaiting a trial for separate credit card fraud charges. Hopefully, getting him off the street makes a dent in this worldwide trade.

But I wouldn’t count on it.

I just typed some simple keywords into Google and turned up a website where people were listing prices for this stuff. One of them actually listed some woman’s entire portfolio of information, as a sample of his goods. It listed her account #, password, answers to secret questions, address, social security number, mother’s maiden name, checking account number, routing number. Everything. It’s frightening. Other people on the site were writing messages, begging for a working card number, making offers.

Here’s some of it (cvv is that little security code on the back of your card):

Sell Cvv info live 100% fresh in to day!

Us cvv Visa-Master price $1.50/cvv buy from 40/cvv price $1/cvv
Us cvv Amex-discovery price $2.50/cvv buy from 30/cvv price $2/cvv
Ca cvv Visa-Master price $4/cvv if u buy from 40/cvv price $3/cvv
Ca cvv Amex-discovery price $5/cvv if u buy from 40/cvv price $4/cvv



Credit Cards (With CVV)

US With CVV – 3$
US With CVV – 5$
UK With CVV – 5$
EU With CVV – 8$

Full Credit Card (With MMN, SSN, DOB, PIN)

US With CVV – 15$
CA With CVV – 20$
UK With CVV – 20$
EU With CVV – 25$

Like I said, I hope Gonzalez goes to prison for a long, long time. But perhaps this case will open some eyes. You certainly can’t trust companies to protect your information. You have to be vigilant yourself, check your accounts often, call the bank immediately if you see something suspicious. And of course, check your credit as often as you can, because a stolen credit card number is bad enough, but it’s resolved fairly quickly.

If the bad guys get all that other personal information, they can do something much more difficult to fix — open new accounts in your name.

I know. I was a victim of identity theft. And it was just about my worst nightmare.

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.