Address-form glitch proves an easy scam

Credit-card thieves find sneaky way to beat fraud checks

By Bob Sullivan
Technology correspondent
MSNBC
Updated: 1:52 p.m. ET Oct. 22, 2004

It's a harmless-looking part of every a Web site retailer's checkout page. The form filled out by customers ordering products almost always has a second line — sometimes it’s used for apartment numbers or other information; it's usually left blank. But that innocuous-looking second line could become a big headache for Internet merchants soon, says one fraud expert. Credit card criminals have figured out a simple way to use that second line to foil the most basic anti-fraud measures online merchants use.

Already, five major Web merchants — with sales of $75 million or more each year — have been hit by the hack, says Julie Ferguson, co-chair of the Merchant Risk Council.

"All of the sudden this has risen above the noise (of other scams). That's a good indicator this could be a big deal during Christmas," Ferguson, also vice president of anti-fraud service ClearCommerce Corp, said. The firm planned to issue a warning to merchants this week about the technique.
Source