Breach Exposes 19,000 Active US, UK Credit Cards 232
pnorth writes "A defunct payment gateway has exposed as many as 19,000 credit card numbers of US and UK consumers in a major worldwide breach. The data, held in Google cache, includes credit card numbers, CVVs, expiry dates, names and addresses. The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus. Within the address bars of the cached pages are URLs of e-commerce sites that have become victims of the breach. They include clothing, science, health, sports and photo imaging stores. The cause appears to be a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone."
Whirlpool thread (Score:3, Informative)
This was first mentioned on Whirlpool, I was reading the thread. It appears to be deleted now however:
http://forums.whirlpool.net.au/forum-alert.cfm?a=priv-deleted&t=1165021&v=0 [whirlpool.net.au]
Re:Can some American please explain to me... (Score:5, Informative)
In the UK at least, your transactions are guaranteed by the credit card company. So it's often actually recommended that you purchase things online with a credit card, because if you get ripped off, the goods are defective, or the merchant goes bankrupt etc, the card company has to refund you. This is enshrined in law under the Consumer Credit Act. On the other hand, if you pay with a debit card or other direct payment, your money is gone.
Re:Can some American please explain to me... (Score:4, Informative)
I'm not American - and I wonder about the op's premise as I thought most countries had moved (or were moving) to PIN-numbers rather than signatures to verify in-store transactions.
Regardless, credit cards are very safe for Europeans because of the extra protection they provide to consumers.
In Ireland as well as the UK - and most other European countries - there is a version of the Consumer Credit Act. It treats all purchases on the card as, unsurprisingly, a type of credit agreement. This is a very powerful and pro-Consumer thing, providing lots of protection for any who cares to look into it, e.g. chargeback.
True, a lot of these 'safeties' was introduced in an attempt to make the cards more secure - don't forget the premise of credit cards has been around for many, many decades and, during that time, the type of fraud perpetrated against credit card users has become more and more complex.
It's also well documented that Germans (culturally/in general) have an aversion to credit cards for a number of reasons; from 'all credit is borrowing - and borrowing is bad' (note the low rate of borrowing in Germany) to a series of pre-existing methods of paying for goods and services easily at a distance (e.g. in Germany, there is the long standing inter-bank transfer system; very cheap and secure to use inside the borders of Germany but, until very recently, was astronomically expensive for anyone in another country to transfer money to).
So why do I use a credit card? A large number of international traders accept credit cards, doesn't cost me any extra and I get points on my Sony card for every purchase I make. I am not liable for any fraud/misuse of my card. I suspect it's the same for Americans and most people who use credit card. Having the advantage of being European, I also have a lot of legally enforceable extra protections that I'm not sure Americans have in the Consumer Credit Act.
I also do use bank transfers to pay for stuff. Usually only to Germany because Germany is one country where their banks are pretty secure. And only in recent years - because, thanks to an EU Directive, the astronomical cost of transferring money across borders to another member state of the Eurozone has plummeted (note: UK not member of Eurozone, so a UK consumer could still face high charges).
I also have the protections of the Distance Selling Regulations when buying from Germany, but I would never transfer money via bank account outside of Europe.
As for 'reloadable' cards, for me they are slightly more expensive and don't offer me any incentive or attractiveness to use, and are not universally accepted.
Debit cards don't seem to be standarised internationally - or even across the EU - so are not really viable as a payment method.
Re:Can some American please explain to me... (Score:3, Informative)
In America, if your card is used fraudulently you are only liable (by Federal law) for the first $50 and even that is waived by all of the major credit card companies. Debit cards have no such protection enshrined in Federal law. Many banks have started to offer similar protections on their debit cards, but you would be dealing with bank policy as opposed to Federal law.
Re:Cashless Society (Score:3, Informative)
The loss didn't come from VISA's wallet either, it is the merchant that got stiffed. Credit card companies are completely unaccountable, despite charging through the nose for their services. It's right there in the contract everybody has to sign to deal with them...