USA   |   UK   |   Australia   |   Canada
ADVERTISEMENT

Credit card dangers may lurk on smaller websites

By  and Emily Starbuck Gerson

Despite many recent security breaches that have exposed millions of credit cardholders to potential fraud and identity theft, online shopping continues to prosper, especially during the holidays.  Financial fraud experts are now warning consumers about where some of the greatest dangers lurk: small, commercial websites.

credit card dangers small business data breach security breachIn certain instances, fraudsters are able to gain real-time access to these small websites' transaction information, enabling them to steal valid credit card information in an instant and hastily ring up numerous fraudulent charges.

Identity thieves may have fewer potential victims at smaller sites, but they are often able to operate with greater ease due to defects in the software the sites use for online order processing, or due to a dependence on outsourced or outdated website security.  Fraud prevention professionals note that many smaller websites rely on generic shopping card software that they neglect to update with the latest software security patches. 

Software can help
Scott Mitic, CEO of TrustedID, an identity theft protection company, says that many small websites are not complying with merchant standards, especially those set by Visa and MasterCard. "Very few small sites are compliant today, but it's hard for a consumer to tell which ones," he says. "During the holiday season, I'd advise consumers to stay away from very small sites -- it's better to be safe than sorry. I'd stick with Amazon and other trusted names this time of year."

Mitic also suggests downloading a service such as SiteAdvisor, which is a free way to know you might be in trouble. "It installs in the browser and keeps track of nefarious sites, and lets you know when you're at a risky one," he says.

For victims of identity theft, a stolen credit card number is often just the first step a thief will take.  The criminals who steal credit card information generally do not use it themselves, but sell it to scammers via underground chat rooms.  The theft of credit card data combined with other personal information allows identity thieves to wreak havoc on the lives of their victims.

Identity theft victims may find charges on their statements made at websites that sell online background checks.  These consumer background checks help fraudsters create a more complete file on a victim to aid further in identity theft or to establish a more appealing record for re-sale in the identity theft underworld.  Thieves who start with a credit card number may also obtain a victim's phone number, physical address, e-mail address and other data that can be used to gain further information on the target or open up new lines of credit in the victim's name.

Card theft triggers bigger woes
"When someone gets more than your credit card information, that's when it gets dangerous, because they can also do things such as tax and employment fraud," Mitic says. "Be less concerned about losing your credit card information because those problems can usually be solved with a few phone calls. Be more careful about safeguarding your personal information."

Mitic advises consumers to look for a barrage of charges on their card statement that would indicate that someone has been shopping with their money. Other small, unexplained charges on your statement should raise a red flag as well.  Some identity thieves will make a $1 donation to a charity's website in order to determine whether a credit card is still valid. If you see a background check or charity charge on your credit card bill that you did not make, call your credit card issuer immediately. The danger to credit card data from small Web merchants has become serious enough that Visa and MasterCard have threatened to fine online businesses that fail to work toward meeting stricter security guidelines.

Visa released a report in September 2006 showing that four of the top five causes of credit card-related breaches were digital security limitations at merchants of all sizes.  These weaknesses included misconfigured Web servers, missing or outdated software security patches and the use of vendor-provided default passwords and settings -- all of which represent violations of new credit card industry standards.

Online merchants need to be aware of threats from hackers, and consumers need to be aware of which sites are taking the necessary precautions to guard their credit card information.  Some of the victims who fell prey to hackers had found the cheapest vendor possible through a bargain shopping website.  Cardholders should make sure that any site they decide to shop on takes all the necessary steps to ensure the security of credit card transactions. After all, what is the value of saving a few dollars if it comes at the cost of potentially being an identity theft victim?

Updated: October 14, 2009



Join the discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Three most recent Shopping stories:

Share This Story




Follow Us!


Credit Card Rate Report

Updated: 12-20-2014

National Average 14.92%
Low Interest 10.37%
Balance Transfer 12.73%
Business 12.85%
Student 13.14%
Reward 14.90%
Cash Back 14.94%
Airline 15.52%
Bad Credit 22.73%
Instant Approval 23.33%

ADVERTISEMENT
ADVERTISEMENT