RE: Stolen 'iBill' Data Still Online

[Drsolly <drsollyp () drsolly com>]

On Fri, 10 Mar 2006, Larry Seltzer wrote:

> > > iBill officials say a cross-reference of email addresses in the cache,
> discovered on the Internet by security firms, shows that only three are
> iBill customers. 

Hmm. But I wonder how many were iBill customers in the past?

> I also read somewhere that this data is a few years old. What I haven't read
> is how many of the cards/PINs are still active. For all we know, few of them
> still work.
 
I've never understood by banks don't routinely give you a new credit card 
number when the old card expires. But they don't, about 9x% of the time.

"Ah, but the expiry date is expired ..."

Well, banks don't usually check the expiry date. And even if they do, if 
you add an even number of years to the old date, that usually works, 
because many banks just seem to do exactly that.

"Ah, but the cvv code won't be right ..."

Well, banks are quite happy to do a billing on a card if you don't give 
the cvv number.

"Yes, but the PIN ..."

 ... isn't used in internet transactions.

So, the result is, you can take a batch of cards that are a few years out 
of date, and successfully get money on most of them - I'd guess more than 
80%





_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.