Security Fix - Brian Krebs - Street-Level Security Fraud

Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com):

Until recently, Las Vegas police officers couldn't figure out why some of the prostitutes and drug addicts they arrested were found carrying multiple hotel room keys and slot machine player's club cards. When confronted, the suspects said they kept them as souvenirs or found them on the sidewalk.

This article starts out interesting and just goes sideways. Apparently, though, the cards are either being found or bought - not a big deal since hotel key-cards are intedned to become all but useless after about a day, and easier to replace than a room key - but that's where it gets interesting: they're a cheap source of a swipe-card which can be over-written. And that's why this got interesting:

The mystery began to unravel when a LVMPD officer slid one of the keys through a machine that reads the data stored on the card's magnetic stripe. Each swipe revealed a 16-digit credit number, a date, a person's name and the name of a bank. That's right, the keys functioned exactly like credit cards, allowing the carrier to pay for merchandise at any store or market where customers do their own swiping.

"The people who had these cards on them were using them in transactions with local businesses," Cobb said.

The cards, we can assume, can be swiped just like regular cards. Card readers - since they don't need to be any more sophisticated than the door locks in a hotel - can be found anywhere; one guy in a Wal-Mart told me how to do it with an old VCR. The tools to inscribe a room-key with new data? Also as common as an old VCR.

So where do we find lists of credit-card numbers in a town where way too many people owe way too much money to someone else? You'll find that the stories of nefarious Internet People aren't overtly and completely to blame here, so it's probably not gonna make the major news.

... it is not unusual for service-industry workers who owe money to a drug dealer or a bookie to be handed a handheld magnetic stripe "skimmer" and ordered to periodically collect up to 100 accounts as a means of erasing their debt.

And there you go. How many of us use our Visas at the hotel restaurant since it's an easy means of tracking what you spent on the trip? You too? Yeah. I think it's debit time for me again.

"By the time the bottom feeders get the cards, the data on them has already been shared with the organized criminals, who will bang on a credit card though mail-order and Internet purchases," Berghel said. At that point the cards are "throwaways that can only be used a couple of times before they're canceled."

Yeah, okay, so here's the Internet hook. Maybe we will see 20-20 doing an exposé on this one. I just don't think they'll focus too much on the source of the cards being the lowly indentured waiter, personally; do you think they'd rather cause a travel panic in a really bad between-hurricanes travel year and lose a chance to play up an Internet is Evil angle?

Anyway, kids, don't be using your visa except in a machine, and if you have to give it to anyone - clerk or cashier - don't let it out of your sight.