Back on Mar. 19, I talked about that theft of credit card numbers at and associated stores in the northeastern U.S. It now appears that the numbers were copied during transmission to the banks for authorization. In other words, malicious code was installed on the server in each and every one of the several hundred stores affected. How that happened, and went undetected for three months, is under investigation.

So what happens to all those card numbers after they are purloined? No, they do not go to heaven. Many of them, it seems, go to a site called SellCVV2, according to security company Finjan.

The company reports that the site does a brisk business in stolen credit cards and other data, offering volume discounts, guarantees that the cards are good, and even trials with small sets of credit card numbers. Ordinary or cards with low credit limits might go for as little as $10 per hundred. Gold, Platinum or business cards fetch more.

Finjan underlined the sophistication of the site, noting that this is big business. It is also a serious problem for the card issuers. Finjan is the same company I told you about in early March. At that time, the company had stumbled across a Web site selling stolen FTP login credentials. That site also used sophisticated business methods.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here:
= > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!