Stratfor Breach Leads To Over $700k In Fraud

wiredmikey writes "It isn't often that after a data breach involving credit cards, the public is given information on the exact amount money lost by consumers as a result. Thanks to the FBI, however, we now have a better understanding of what 60,000 stolen credit cards translates to financially, as this data was included in their investigation notes while working the Stratfor case. The last time the public had something close to actual stats from the source, we learned that the TJX breach cost Visa $68 million in 2007, two years after the TJX network was compromised by Albert Gonzalez. Yet, those were Visa's estimates. Now, in the aftermath of the Stratfor breach, the FBI has attributed $700,000 worth of charge fraud to the 60,000 credit card records taken during the network compromise. AntiSec supporters walked away with 860,160 usernames and passwords, in addition to the credit card records."

The real losers

[IamTheRealMike]

What the summary doesn't make fully clear IMHO is that the cost of this fraud is not carried by VISA or the banks, but rather passed on to merchants ... who ultimately pass the cost on to anyone who uses credit cards. That is unfortunate, because it means the organizations financially incentivized to solve fraud are the ones who can't do anything about it. The organizations who can make these things more secure don't pay the price, which may explain why credit cards are still so insecure.

Re:So here we have the real motive

[IamTheRealMike]

No, I think the real motivation was ideological if you read the profiles of Hammond. He used the stolen numbers to donate to charity.

The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.

It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.

Re:Charge fraud is the new armed bank robbery

[nedlohs]

Not quite. The FBI also invetigate such cases - sometimes with the SEC sometimes without.

The funny thing is they've kicked it up in the last couple of years (with about 60 convictions), but the OP is too slow to notice:

http://www.cnbc.com/id/46623058/FBI_Expands_Crackdown_on_Insider_Trading [cnbc.com]

Re:So here we have the real motive

[Anonymous Coward]

The merchants who processed the stolen cards will be the one bearing the cost. Stratfor will only be fined by the CC companies if they are found to have violated industry rules (PCI compliance, etc.)

Re:Charge fraud is the new armed bank robbery

[mcgrew]

Credit card fraud is a huge illegal industry. It finances drug gangs and cartels

Illegal drugs are an incredibly lucrative business and don't need to be financed by credit card fraud. Do the anti-drug zealots think we're all that stupid? "Credit card fraud finances the drug trade" is just an incredibly brain-dead thing to say and even more idiotic to believe.

Incorrect assumptions

[chrb]

Not "leaked documents" or "liberated intelligence." Plain old fashioned credit card fraud.

You have made several possibly incorrect assumptions [wikipedia.org] here:

1. That AntiSec was the only group to hack the card data
2. That AntiSec profited from this crime, either by committing the actual credit card fraud, or selling the card data to someone who did
3. That AntiSec is a monolithic group with a management structure that can command its minions to do/do not do/whatever with data they obtain therefore making the group responsible for the actions of an individual