Forwarded From: John Q Public <tpublic@dimensional.com>
|WASHINGTON (AP) -- High-tech thieves rang up international charges of
|almost $1 million on the debit cards of members of a Washington-area
|credit union by using computers to guess account numbers, The Washington
|Post reported today.
|
|Sophisticated computer programs apparently analyzed sample credit card
|numbers, then generated ones that turned out to be valid about half the
|time, said Mark Cis, vice president of corporate property and casualty for
|CUMIS Insurance Society, a credit union insurer that has investigated the
|case.
[etc.]
I remember hearing about this approximately 9 months ago when a bunch of
people got busted in Colorado. I thought the report said this started in
Durango, Colorado, but that's a little bitty town in southwest BFE. Just
because they were the first to get busted doesn't mean it came from there,
however Colorado banks were the first I heard to reissue their VISA debit
cards.
The scheme is: you take two cards from one bank and effectively divide the
difference between the issued numbers. The chances were very high that
some of the numbers were valid. If you had two 'in sequence' it was
simple to determine the next and previous issued numbers as they were
'sequential' with the common difference.
Simply, if we knew card #4 and card #16 worked, you're looking at possibly
card #10 (difference between 16 and 4, divided by 2). If #8 and #12
worked instead, you were looking at the difference divided by 3. Once you
know the pattern between your known range, going out of those boundaries
were exceptionally likely. Thus the reasoning for issuing cards with not
much in common with each other. Most banks issued this way because it was
a quick way to allocate a lot of cards without using a large span of
numbers.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Wed Aug 19 09:40:53 1998