Hack Attack Exposes Web Shopper Credit Card Data

Internet book vendor Bibliofind.com reportedly said Monday that a four-month long security breach on its computer servershas exposed customer credit card information.

The e-tailer, which provides an electronic catalog of millions of used andrare books for sale by independent booksellers around the world, said the violation affected user data housed on its servers between October andFebruary, according to news reports published Monday.

Bibliofind, whose parent company Exchange.com was purchased by Net giantAmazon in April 1999, has since removed customer information andis in the process of informing all customers who were affected by the breachvia e-mail, according to published reports.

Bibliofind is also said to have contacted federal law enforcement officialsand credit card companies about the violation. Bibliofind’s site was down all Monday morning.

Hack Hits

A number of other high-profile security breaches have compromised both thefinances and confidence of online users in recent months. In December,online computer products retailer Egghead.com had its systems hacked butsaid no customercredit card data had been stolen.

Also that month, credit card processor CreditCards.com said that itssecurity was breached and that over 55,000 credit card numbers were takenfrom its servers and posted on the Web.

Others that have been hit include Charles Schwab Corp., which said a flaw inits system left open the potential for a hacker to steal individualcustomers’ stock trading accounts, and online brokerage firm E*Trade, whichsaid a similar weakness in its system was discovered in September. Inboth instances, customer passwords and bank account numbers becamevulnerable to hackers.

Fighting Back

In addition to raising the hackles of online firms and credit issuers, the escalating number of Internet credit card fraud cases is a cause for concern among government agencies.

A report released last month by the European Commission (EC) found thatonline scam artists contributed to a 50 percent rise in credit card fraud inthe European Union (EU), a problem that the EC said could cripple the developinginternational e-commerce market.

The study said that illegaltransactions reached an estimated US$553 million last year.

FBI Efforts

Meanwhile, the U.S. Federal Bureau of Investigation (FBI) has also taken on the threat of onlinecredit card fraud. Earlier this year, the agency announced that ithad partnered with more than 500 private businesses in a program to shareinformation about computer crime and how to thwart it.

The program, called InfraGard, is available through all 56 FBI field officesand provides members with access to a secure Web site and an encryptede-mail system that allows companies to exchange information about newthreats and protection systems.

E-commerce merchants and payment processing merchants have also taken stepsto cut down on Internet-based fraud. Last fall, a coalition including AmericanExpress, Buy.com and Expedia formed the Worldwide E-Commerce FraudPrevention Network, with the goal of allowing online vendors to share fraud prevention information. The Network hopes to improve Web security and reduce the costs associated with fraud.