Google search outputs credit-card numbersSeptember 16, 2004 Consumer's fear of identity and credit-card theft over the Internet continues to escalate. Yet analysts and retailers continue to assert that the risk is minimal. The bigger fear, say analysts, should be of an inside job. Many of the recent thefts "have been crimes committed by employees of companies that have legitimate access to personal data, that decide to use it for their own gains," Christian Byrnes, senior vice president of technology research services at Meta Group, told NewsFactor. In an effort to ascertain actual theft risk associated with ordering online, NewsFactor conducted an informal test of the Web. The findings were alarming: Basically, anybody who can use Google can get access to credit-card and personal-identification information. Practically everyone knows that hackers will continue to wreak havoc. That handful of malicious misfits is a very savvy, determined group, against whom retailers and other companies must be on guard. "Personal-identity information is on computer systems everywhere," says Byrnes. That being the case, NewsFactor elected not to test hacker tools and security measures on individual Web sites, since both change tactics almost daily. Instead, the test was conducted using basic search engines to determine how accessible personal-identity and credit-card information was to a more ordinary criminal mind. The first search engine tested was Google, merely because of its popularity. It is important to note that Google is not at fault in this study, as the search engine can only detect data, not judge how it is used. The search request was simple. Using a researcher's Visa debit card, we started with the first four numbers on the card and extended the span of possible number combinations. So we entered in the google.com search window: visa 4060000000000000..4060999999999999. The result was a long list of Visa card numbers complete with name, address, phone number, expiration dates and a list of recent purchases. In less than two seconds, we found everything a cyber crook would need for one heck of a shopping spree or a fresh new identity. We found similar results on other search engines using the same number-spread methodology for numerous credit-card issuers, including MasterCard and American Express. NewsFactor urges readers to check and see if your information is listed on these simple searches. If so, you would be well-advised to contact your credit-card issuer immediately and request a new credit-card number. In the future, it may be wiser to limit your exposure by using a stored-value card, like those issued by Visa, American Express and other companies. Stored-value cards have no value after the purchase is made, thereby limiting their value to criminals. "Many retailers are offering reassurances [to consumers] by asking for additional information before completing an online credit-card transaction," Carrie Johnson, senior analyst, Forrester Research, told NewsFactor. But, giving more information may do more harm than good, our researchers found. Among the results retrieved in our Google search, we found links that exposed entire databases, complete with internal company accounting records. Even social-security numbers are included on some of the lists -- not a very reassuring discovery, to say the least. We found no indication that the larger, more credible, retail sites were the source of credit-card information leaks. Web sites like eBay (Nasdaq: EBAY - news), Amazon (Nasdaq: AMZN - news), Office Depot (NYSE: ODP - news), Best Buy (NYSE: BBY - news), Sears (NYSE: S - news), and many others appear secure. At least, none of the online purchases recorded in any of the credit-card lists we found contained purchases from major retailers. It was the mom-and-pop shops, home-based businesses, and smaller companies that showed vulnerability, apparently from ignorance or a lack of professional I.T. resources. "To get around consumer-security and fulfillment concerns, Internet startups and small businesses will have to align themselves with more credible marketplaces like eBay, Amazon, and Yahoo (Nasdaq: YHOO - news). Otherwise, customers will be afraid to buy online from them," Rob Garf, retail analyst at AMR Research, told NewsFactor. In the meantime, Web-site owners may want to employ a few simple fixes to make sure their critical files and their customers' personal information are not so easily found by search engines. Features that mask files from the view of search engines and cloak sensitive databases are an absolute must-have. One simple and inexpensive example is a "robot" file that blocks search engines from accessing specified files on a Web site. However, sensitive files also need to be encrypted using updated encryption programs. "Don't skimp on technology and process investments," says Garf. "If a customer has a bad experience, that customer is gone forever." Source: Yahoo News Read Serge Thibodeau's daily blogs on search engines at Serge Thibodeau Live. We strongly suggest you bookmark our web site by clicking here. Tired of receiving unwanted spam in your in box? Get SpamArrest™ and put a stop to all that SPAM. Click here and get rid of SPAM forever! Get your business or company listed in the Global Business Listing directory and increase your business. It takes less then 24 hours to get a premium listing in the most powerful business search engine there is. Click here to find out all about it. Rank for $ales strongly recommends the use of WordTracker to effectively identify all your right industry keywords. Accurate identification of the right keywords and key phrases used in your industry is the first basic step in any serious search engine optimization program. Click here to start your keyword and key phrase research. You can link to the Rank for Sales web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in all the major search engines such as Google, AltaVista, Yahoo and all the others. Powered by Sun Hosting Sponsored by Avantex Traffic stats by Site Clicks™Site design by Mtl. Web D. Sponsored by Press Broadcast Sponsored by Blog Hosting.ca Call Rank for Sales toll free from anywhere in the US or Canada: 1-800-631-3221
email: info@rankforsales.com | Home | SEO Tips | SEO Myths | FAQ | SEO News | Articles | Sitemap | Contact | Copyright © Rank for Sales 2003 Terms of use Privacy agreement Legal disclaimer Ce site est disponible en Français |