We are excited today! After weeks of careful investigation we published our special report about a security flaw we found in the American Express credit card authorization system. This flaw is being exploited right now by identity theft criminals.
The interesting feature of this crime is that it is mostly low tech. Virtually any criminal can commit this crime with only basic technical knowledge. Basically, criminals are stealing mail looking for new or re-issued AmEx cards. When they find the cards, they go to the house of the card holder and tap into the homeowner’s phone at an outside junction point (either where the phone box goes into the house, or a centralized phone box owned by the phone company) and call American Express and Activate your stolen card.
This works because if you call to activate your card from your home phone (or whatever phone number is associated with your account) AmEx thinks that it is you calling and does not require an extra authentication step. The most the criminal needs to know how to do is tap into your phone and make the call. This is almost trivial with a special Lineman’s phone. A lineman’s phone is a special type of phone that phone company technicians use. It has alligator clips on the end that can clip right to the leads inside your phone box on the exterior of your house, or to the leads inside a centralized phone box near your house.