Symantec warns of ‘charity’ credit card scam


13 Jul 2007

IT security vendor Symantec has warned debit and credit card holders to watch out for small, but unauthorised charitable donations on their statements – these could be the precursor to serious fraud on their account.

Symantec researchers have identified a trend whereby fraudsters are testing stolen card details for ongoing validity by making a small donation to charitable websites.

Data vaulting specialist Cyber-Ark says the shift in cybercrime activity is especially worrying to business debit and credit card account holders as they tend to have less control over their usage than their personal counterparts.

“It’s always difficult to vet business card activity, so I would urge all company card account holders to be on the lookout for all small transactions, especially innocuous looking charitable donations, and check with the cardholder as to their validity,” Cyber-Ark’s European director Calum Macleod explained.

“The problem with these small, but unauthorised, transactions, is that they almost always lead to larger unauthorised transactions coming through and these can be a major headache to resolve,” he added.

Macleod went on to say that companies need to be extra-careful when it comes to storing and transmitting card details.

“They should use a secure and encrypted system for storing details on the company IT systems, and always use encryption on the rare occasions when it becomes necessary to transmit the card details to a third party.

“The Payment Card Industry data security standard (DSS) guidelines should be applied diligently by any organisation that accepts payment cards, regardless of whether or not they are obliged to do so,” McLeod said.

By John Kennedy