This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.

You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/business/8206305.stm

The article has changed 11 times. There is an RSS feed of changes available.

Version 5 Version 6
US man 'stole 130m card numbers' US man 'stole 130m card numbers'
(10 minutes later)
US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.
Officials say it is the biggest case of identity theft in American history.Officials say it is the biggest case of identity theft in American history.
They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.
Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.
He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.
'Standard' attack'Standard' attack
SQL INJECTION ATTACK This is a fairly common way that fraudsters try to gain access to consumers' card details.They scour the internet for weaknesses in companies' firewalls, which is simply a security wall designed to block unauthorised access to a computer network.Once they find a weakness, they insert a specially designed code into the network that allows them to access card details.There is little consumers can do to protect themselves from the effects of this type of attack.The general advice to cardholders is to check bank statements carefully and report any suspicious transactions immediately. How secure is your card info?SQL INJECTION ATTACK This is a fairly common way that fraudsters try to gain access to consumers' card details.They scour the internet for weaknesses in companies' firewalls, which is simply a security wall designed to block unauthorised access to a computer network.Once they find a weakness, they insert a specially designed code into the network that allows them to access card details.There is little consumers can do to protect themselves from the effects of this type of attack.The general advice to cardholders is to check bank statements carefully and report any suspicious transactions immediately. How secure is your card info?
Mr Gonzalez used a technique known as an "SQL injection attack" to access the databases and steal information, the US Department of Justice (DoJ) said.Mr Gonzalez used a technique known as an "SQL injection attack" to access the databases and steal information, the US Department of Justice (DoJ) said.
Edward Wilding, a fraud investigator, told the BBC that this method was "a pretty standard way" for fraudsters to try to access personal data.Edward Wilding, a fraud investigator, told the BBC that this method was "a pretty standard way" for fraudsters to try to access personal data.
It "exploits any vulnerability in a firewall and inserts a code to gather information," he explained.It "exploits any vulnerability in a firewall and inserts a code to gather information," he explained.
However, he added that this case probably "involved extremely well researched, especially configured codes, not standard attack codes downloaded from the internet".However, he added that this case probably "involved extremely well researched, especially configured codes, not standard attack codes downloaded from the internet".
Mr Wilding said that chip-and-pin did provide some protection against SQL attacks, but there was little consumers could do to protect themselves against this kind of fraud. Mr Wilding said there was little consumers could do to protect themselves against this kind of fraud.
"The real vulnerability, I suspect, is internet and telephone transactions. But this is a failure in the configuration of [corporate] firewalls," he said. "The real vulnerability [for cardholders], I suspect, is internet and telephone transactions. But this is a failure in the configuration of [corporate] firewalls," he said.
Michelle Whiteman, from anti-fraud organisation Financial Fraud Action UK, said that consumers must check their bank statements regularly and flag up any suspicious transactions to their bank.Michelle Whiteman, from anti-fraud organisation Financial Fraud Action UK, said that consumers must check their bank statements regularly and flag up any suspicious transactions to their bank.
She said that online, telephone and mail order fraud were on the increase, along with fraud committed abroad on UK cards, according to figures released in March.She said that online, telephone and mail order fraud were on the increase, along with fraud committed abroad on UK cards, according to figures released in March.
But she stressed that any victim of fraud would "always be refunded in full".But she stressed that any victim of fraud would "always be refunded in full".
Further chargesFurther charges
FROM THE TODAY PROGRAMME More from Today programmeFROM THE TODAY PROGRAMME More from Today programme
Mr Gonzales' corporate victims included Heartland Payment Systems - a card payment processor - convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DoJ said.Mr Gonzales' corporate victims included Heartland Payment Systems - a card payment processor - convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DoJ said.
According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.
The data could then be sold on, enabling others to make fraudulent purchases, it said.The data could then be sold on, enabling others to make fraudulent purchases, it said.
Mr Gonzalez, who had once been an informant for the US Secret Service helping to track hackers, is already in custody on separate charges of hacking into the computer systems of a national restaurant chain and eight major retailers, including TJ Maxx, involving the theft of data related to 40 million credit cards.Mr Gonzalez, who had once been an informant for the US Secret Service helping to track hackers, is already in custody on separate charges of hacking into the computer systems of a national restaurant chain and eight major retailers, including TJ Maxx, involving the theft of data related to 40 million credit cards.
Mr Gonzales is scheduled to go on trial for these charges in 2010.Mr Gonzales is scheduled to go on trial for these charges in 2010.
This latest case will raise fresh concerns about the security of credit and debit cards used in the United States, the BBC's Greg Wood reports.This latest case will raise fresh concerns about the security of credit and debit cards used in the United States, the BBC's Greg Wood reports.


Have you had your identity stolen in this way?Have you had your identity stolen in this way?
Send your comments using the post form below.Send your comments using the post form below.
A selection of your comments may be published, displaying your name and location unless you state otherwise in the box below.A selection of your comments may be published, displaying your name and location unless you state otherwise in the box below.
The BBC may edit your comments and not all emails will be published. Your comments may be published on any BBC media worldwide. Terms & ConditionsThe BBC may edit your comments and not all emails will be published. Your comments may be published on any BBC media worldwide. Terms & Conditions