Ray Van Eng (06/03/97)              

Last month, the FBI captured a 36 year old California man selling more than 100,000 credit card numbers he has allegedly obtained from a database at an Internet service provider's (ISP) server system through the use of a computer program that is actually freely available on the Internet.

Staffs at the unidentified ISP alerted the FBI after they noticed someone was stealing the information from their computers. At the same time, the The FBI also became aware that someone out there was selling credit card digits in bulk, so they set up a sting operation and arranged to meet with the suspect, Carlos Felipe Salgado at the San Francisco International Airport.

After agents paid $260,000 for 100,000 credit card records, Salgado was later arrested at his parent's home. Salgado will be facing a 15 year sentence and $500,000 fine if found guilty.

It is incidents like this that many say will dampen consumers' confidence about purchasing over the Internet. But this case is actually a good argument for the secure electronic transactions (SET) protocol that Visa and Mastercard is currently making into a standard.

Under SET, the merchant or the ISP would not have known the buyer's credit card number in an Internet transaction and thereby leaving nothing at the web server database for a computer hacker to steal in the first place.