This morning's Globe & Mail ran a story about an apparent connection between a rash of credit card fraud and the check-in kiosks at Toronto's Pearson International Airport. The Airport Authority has said they've checked them out and think all is well:

WestJet suspends credit-card kiosk check-ins amid fraud probe

...Earlier Wednesday, a spokesman for the Greater Toronto Airport Authority said a recent audit demonstrated the kiosks, used to check in and pick up boarding passes, were safe and secure.

"We checked our systems and everything checks out, so we're happy with that," said Scott Armstrong.

Meanwhile, airlines have disabled the ability to use a credit card to check in.

From today's Globe:

globeandmail.com: Credit-card fraud probe targets Pearson's self-service kiosks

An investigation of suspected credit-card fraud at Toronto's Pearson airport is now concentrating on the security of its 150 self-service check-in kiosks.

In recent months, financial institutions that issue credit cards spotted isolated fraud patterns that appeared to stem from use of the cards in conjunction with getting boarding passes at the Pearson kiosks, according to sources.

While the investigation is in the early stages, it is currently focused on the kiosks, where passengers use passports, frequent-flier cards, reservation numbers, names, and/or credit card data to identify themselves for flights on any one of 13 airlines. It is not known whether any information has actually been stolen or otherwise gone astray.

Some members of the financial industry are very concerned because Pearson is Canada's busiest airport, with 31.5 million passengers travelling through it last year.

One person familiar with the investigation said the fact that personal data at airports might not be secure “should send shudders through every airport traveller.” ...

Labels: air travel, airlines, fraud, privacy

Stephen Dubner and Steven Levitt, the authors of the best-selling book Freakonomics and the consistently interesting Freakonomics Blog have a very interesting piece in today's New York Times on the economics of identity theft and credit card fraud: Identity Theft - Identity Crisis - Stephen J. Dubner and Steven D. Levitt - New York Times. Read more at the blog: Freakonomics Blog » Who Cares About Identity Theft?

Labels: fraud, identity theft, privacy

According to Computerworld, a US Appeals Court has upheld the eight year setence for the theft of billions of e-mail addresses from Acxiom: Appeals court: Stiff prison sentence in Acxiom data theft case stands. It's worth noting that the convictions were under the federal hacking staute and not theft of information simpliciter.

Labels: fraud, privacy, spam

In most cases of fraud following a security breach, the biggest problem for consumers seeking a remedy is proving the connection between the breach and the ensuing fraud. According to CIO Blogs, the TJX breach is different and a small bank in New England has made the connection. It has found the smoking gun and says it will seek damages against the company.

This may be the wakeup call that will force companies to be more diligent about security. See: CIO Blogs - The TJX security breach. This one's different. Way different. |.

Thanks to John Gregory for the link.

Labels: fraud, identity theft, privacy, tjx, tort

Wired News recently ran a very interesting, multi-part series that provides a behind the scenes look at organized credit card fraud:

Wired News: I Was a Cybercrook for the FBI

David Thomas ran one of the most popular online crime hubs, while the FBI ran him.

Tightening the Net

The Grifters operation makes headway against the notorious "King Arthur," the Moriarty of cybercrime.

Tracking the Russians

A U.S. agent tells of the frustration of tracking Eastern European criminal masterminds.

The Boards Come Crashing Down

The FBI shuts down its operation, as the Secret Service drops the hammer on the underground carding scene.

Labels: fraud, law enforcement, privacy