Credit Card Theft Case at EJ Phair Remains a Mystery

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://concord-ca.patch.com/articles/credit-card-theft-case-at-ej-phair-remains-a-mystery

Despite the prevalence of a web hacker's attack on EJ Phair customers
paying with credit or debit cards, the identity thief has not been
found. And some of the card numbers may still be being used.

The "technological sophistication" and "complexity of the crime,"
along with thegeographical scope of where thieves tried to spend money
with the stolen card numbers, makes it extremely difficult for the
Concord Police Department to find the culprits, according to Sgt.
Krieger of the Financial Crimes Unit. And since the payment system at
EJ Phair was hacked by a worm, which could have come from anywhere in
the world, the hacker remains elusive.

The rash of thefts resulted in 35 reports to Concord PD, along with a
likely tally of unreported cases.

If your card number was stolen during a visit to EJ Phair in Concord,
it probably happened between Sept. 1 and Nov. 26, say Concord police.
The card numbers phished by the worm could have been sold to thieves
anywhere, which would explain the diversity of payments made across
the country and around the world. Card numbers taken during the system
breach could also have been stored for use at a later time, resulting
in new reports of theft even months after the hacker was shut down.

The tell-tale signs of an EJ Phair-related credit card thief are
minimal expenses at different places, possibly in various states or
even countries, followed by larger costs. This is how scammers try to
slip through your bank's alert system: by first making a few small
payments, so as not to arouse suspicion, before piling on the big
bucks.

Could EJ Phair have prevented this crime? Only by maintaining a
state-of-the-art system, said Sgt. Krieger. Businesses with older
payment equipment and software are always at risk of providing weak
spots for hackers to attack. Owner J.J. Phair says he is spending as
much as $10,000 to upgrade the computer system at the pub.

But every advancement in technology creates a new opportunity for
exploitation, said Krieger, so prevention is extremely difficult.

"Being as careful as you can and by monitoring your own accounts, you
can minimize the risk of theft and loss," said Krieger.

Below are some tips from the Concord Police Department to help keep
your cards — and your money — safe.

How to Protect Your Bank Cards from Thieves

Internet Credit Card Fraud

Ensure a site is secure and reputable before providing your credit
card number online.
Don’t trust a site just because it claims to be secure.
If purchasing merchandise, ensure it is from a reputable source.
Promptly reconcile credit card statements to avoid unauthorized charges.
Do your research to ensure legitimacy of the individual or company.
Beware of providing credit card information when requested through
unsolicited emails.

Internet Identity Theft

Ensure websites are secure prior to submitting your credit card number.
Do your homework to ensure the business or website is legitimate.
Attempt to obtain a physical address, rather than a P.O. box or maildrop.
Never throw away credit card or bank statements in usable form.
Be aware of missed bills which could indicate your account has been taken over.
Be cautious of scams requiring you to provide your personal information.
Never give your credit card number over the phone unless you make the call.
Monitor your credit statements monthly for any fraudulent activity.
Report unauthorized transactions to your bank or Credit Card Company
as soon as possible.
Review a copy of your credit report at least once a year.

Prevention Through Monitoring

Review monthly statements from your checking/credit and other
financial accounts. The earlier you catch an error, the easier it is
to resolve it.  Most credit and bank companies offer “online” banking
which can be a quick and easy way to monitor activity on accounts.
Most banks also offer “Instant notification” systems.  These are
designed to help monitor the use of your accounts so you can quickly
recognizing fraudulent activity and notify the bank/credit institution
as quickly as possible.
Balancing your checkbook may seem a monotonous chore, but
understanding where your money goes will help you spot any irregular
withdrawals or charges.
Reviewing your credit card bill each month is critical as well,
especially if you charge a lot of your daily purchases.
Order and review your credit reports.  The three credit agencies,
TransUnion, Equifax and Experian, are each required by law to provide
you one free credit report a year.  Stagger your requests, and you can
monitor your credit history every four months. While you are at it,
make sure your name, address and other information are correct. If you
find old or inaccurate information, have it removed.

If you think your card number may have been stolen during the breach
at EJ Phair, file a report with the Concord Police Department and the
FBI's Internet Crime Complaint Center.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.