Forwarded From: John Q Public <tpublicat_private> |WASHINGTON (AP) -- High-tech thieves rang up international charges of |almost $1 million on the debit cards of members of a Washington-area |credit union by using computers to guess account numbers, The Washington |Post reported today. | |Sophisticated computer programs apparently analyzed sample credit card |numbers, then generated ones that turned out to be valid about half the |time, said Mark Cis, vice president of corporate property and casualty for |CUMIS Insurance Society, a credit union insurer that has investigated the |case. [etc.] I remember hearing about this approximately 9 months ago when a bunch of people got busted in Colorado. I thought the report said this started in Durango, Colorado, but that's a little bitty town in southwest BFE. Just because they were the first to get busted doesn't mean it came from there, however Colorado banks were the first I heard to reissue their VISA debit cards. The scheme is: you take two cards from one bank and effectively divide the difference between the issued numbers. The chances were very high that some of the numbers were valid. If you had two 'in sequence' it was simple to determine the next and previous issued numbers as they were 'sequential' with the common difference. Simply, if we knew card #4 and card #16 worked, you're looking at possibly card #10 (difference between 16 and 4, divided by 2). If #8 and #12 worked instead, you were looking at the difference divided by 3. Once you know the pattern between your known range, going out of those boundaries were exceptionally likely. Thus the reasoning for issuing cards with not much in common with each other. Most banks issued this way because it was a quick way to allocate a lot of cards without using a large span of numbers. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:01:35 PDT