Get Valid Credit Card Numbers for Development/Testing

If you are a developer who works on integrating payment gateways into websites, you might have had to use dummy credit card information for testing purposes. While getting valid credit card numbers for testing is not that hard, a new website aims to make it far more easier to test your payment gateway integration.

Get Valid Credit Card Numbers

Get Credit Card Numbers is a service which generates valid credit card numbers for testing purposes. Users can visit the site and get credit card numbers for Visa, Mastercard, Discover and American Express.

The website automatically generates a random set of credit card numbers when you visit the site. However, it also provides options to generate valid numbers in JSON, XML and CSV formats as well for individual card types.

If you are a developer who works on payment related modules, this website is definitely something you should bookmark.

Please note that the credit card numbers generated are “not real” and cannot be used to make purchases on the internet.

FBI Arrests 24 Cyber Criminals in an International Cyber Crime Takedown

FBI has released details of an international operation directed at curbing card crimes. The operation, which is said to be the largest aimed at curbing card crimes, lead to the arrest of 24 individuals in 13 countries among which, 11 are from US.

Carding crimes include stealing of personal information such as credit card details, social security numbers, bank account details etc. and using them or selling them in order to make money.

The operation was a result of a two year undercover operation lead by the FBI. Of the 13 arrested outside US, 6 are from United Kingdom, 2 from Bosnia and 1 each from Bulgaria, Norway and Germany, Italy and Japan.

Preet Bharara, Manhattan Attorney explained the crime in a press release,

“The allegations unsealed today chronicle a breath-taking spectrum of cyber schemes and scams. As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera. To expose and prosecute individuals like the alleged cyber criminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today’s arrests possible.”

Janice K. Fedaryck, FBI Assistant Director in Charge also commented on the operation as follows,

“From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools. Spanning four continents, the two-year undercover FBI investigation is the latest example of our commitment to rooting out rampant criminal behavior on the Internet.”

FBI also conducted more than 30 searches and interviews as a part of the operation. The case is currently handled by the Complex Fraud’s Unit.

Valve Says that Encrypted Credit Card Data May Have Been Stolen From Steam

Valve’s Gabe Newell issued a statement on the digital distribution giant’s news portal regarding the hacker intrusion of its systems last year. Newell, the CEO of the gaming company, stated that amongst other harmless data the intruders may have stolen logs that contain credit card numbers and other such things – encrypted mind – and data of all the transactions done between 2004-2008. He further advises everyone to monitor their credit card statements carefully and change the Steam passwords.


Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

Steam Guard is the secondary authentication token provided directly to your registered email ID when you sign it to Steam from a new computer. This is like Google’s authentication and provides a code that you have to enter after typing in your username and password. This is to ensure that unauthorized access to your Steam account is not easy.

As always, we ask our readers to remain vigilant against these threats as well as phishing scams and other things that have been talked about recently on Techie Buzz.

Trojan Horse For Android Listens To And Stores Credit Card Numbers

Once again, Android is in the limelight for malware, this time it’s a trojan horse installed on the device that is triggered by outgoing calls, that has the ability to store credit card numbers that are input either via touch tone (DTMF decoding) or by analysing voice input and then converting it to text. The application, Soundminder, is a relatively small application weighing in at just over 1MB and uses minimal permissions to capture, store and analyse any information that is input via voice or the dial-pad. It takes roughly 15 seconds to convert the voice audio into actual numbers and then the information is stored to be used at a later time. Enter the partner in crime to Soundminder, Deliverer. Deliverer is a tiny application that uses network permissions to transfer the captured information to a hosted server so the attacker can view the credit card numbers.

Together, the applications use a covert method of transferring the data back and forth. Since Android uses sandboxing and separate user accounts for each running process, it is very hard for applications to share information without explicitly requesting permissions. Since Soundminder has write access to certain hardware, it can adjust device settings such as LCD timeout, ringer volume and other seemingly innocuous values. Deliverer can then read the values, obtain the information and send the stored credit card numbers to an attacker.

Soundminder has less invasive permissions than other applications in the Android Market, so it would be extremely easy for a user to assume it to be safe and install it. Hopefully Google can find a way to list permissions on a lower item level, so users can see exactly what API calls an app has access to.

See below for the video.

Credit Card Numbers Of Blippy Users Show Up on Google

Blippy, is a social network for shoppers. Blippy users share with each other what they have just bought and socialize around their purchases. Apparently, some users got much more than they signed up for when there credit card numbers showed up on Google recently.

When a power user entered search term “from card” , Google showed him a number of recent purchases by Blippy users along with their credit card numbers. As reported by VentureBeat, most of them were Citibank issued master card numbers. Investigation is still underway to determine how this happened, but Google has meanwhile blocked all searches for the site

What makes the event more interesting is the reply by Blippy Co-Founder Philip Kaplan, who says it is not as bad as it looks. According to him, we hand our credit card to waiters and cashiers all the time and the 4 users affected by this incident need not worry since they are not responsible for any purchases made without their permission. He further explains how the credit card numbers go back during Blippy’s beta days when the data was on HTML pages and somehow those pages were still in Google cache.

Even though, the incident didn’t cause much damage, it is still shocking to see how vulnerable sensitive information has become due to it being accessed by every mom and pop social network. It is also interesting to know that Blippy had raised $11 Million of funding just a day before this credit card fiasco.

[Image Credit VentureBeat]