Magazine article American Banker

Theft of Card Numbers Casts Doubts on Web's Security for Commerce

Magazine article American Banker

Theft of Card Numbers Casts Doubts on Web's Security for Commerce

Article excerpt

A major Internet security breach has put the technology that protects customer data at the center of the ongoing debate over procedures at on-line merchants and processors.

The incident, reported Monday in a New York Times article, involved a hacker nicknamed Maxim who claimed to have stolen thousands of credit card numbers from Wallingford, Conn.-based eUniverse Inc. an on-line retailer.

According to the Times report, Maxim claimed to have discovered a way to breach the security of a credit card processing system called IC Verify that is sold by Cybercash. The Reston, Va.-based company is a major provider of Internet credit card processing software and has more than 50 banks and independent sales organizations as customers.

In a faxed statement, eUniverse confirmed the theft but did not reveal details on where the credit card information was stored, how its security system was penetrated, or whether Cybercash was involved. Cybercash did not return repeated calls.

Scott Collison, a former official at Signio, an Internet payment processor that competes with Cybercash, said an earlier version of Cybercash's system stored credit card data on a data base on the merchant's premises. It theoretically could be accessed through the Internet if the security measures were not appropriate, he said.

Cybercash has enhanced current editions of the system by maintaining the data base on its own property, he said. "There was a big burden on the merchant's side" to maintain the system, said Mr. Collison, who is now a vice president at Teamtoolz, a San Francisco on-line marketing firm said.

Daniel Schutzer, a vice president at Citigroup Inc. and president of the Financial Services Technology Consortium, said many Internet payment processors are flawed because they are trying to mimic the current flow of data in the physical world. Internet credit card transactions follow a path similar to those conducted in the physical world, going from a merchant to a merchant processor, then to the credit card associations. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.