" writeme += "

" writeme += "" writeme += "" writeme += "" writeme += "

" playme.document.write(writeme); playme.document.close(); if((navigator.appName == "Netscape") && (navigator.appVersion.substring(0,1) >= "3")) {playme.focus();} if((navigator.appName == "Microsoft Internet Explorer") && (navigator.appVersion.substring(0,1) >= "4")) {playme.focus();} if (playme.opener == null) { playme.opener = self; } } function play(vid,neth,netl,realh,reall) { var cm=GetCookie("playbar"); if (cm != null) { //if (cm=="nh" && neth=="t") { cm="hi.asx"; //if(aol||nstr||iebug) { //} else { // showvid('asf',vid+cm); //} } else { if (cm=="nh" && neth!="t") { this.sec=1; pbw(vid,neth,netl,realh,reall); } } if (cm=="nl" && netl=="t") { cm="lo.asx"; //if(aol||nstr||iebug) { //} else { // showvid('asf',vid+cm); //} } else { if (cm=="nl" && netl!="t") { this.sec=1; pbw(vid,neth,netl,realh,reall); } } if (cm=="rh" && realh=="t") { cm="hi.rmm"; if(aol||iebug) { } else { showvid('rm',vid+cm); } } else { if (cm=="rh" && realh!="t") { this.sec=2; pbw(vid,neth,netl,realh,reall); } } if (cm=="rl" && reall=="t") { cm="lo.rmm"; if(aol||iebug) { } else { showvid('rm',vid+cm); } } else { if (cm=="rl" && reall!="t") { this.sec=2; pbw(vid,neth,netl,realh,reall); } } } window.onerror = MSIE; // -->

Tue, Jun 6, 2000
Register today for a free financial forecast
real time quotes your portfolio registration help
biz bulletin
Top Performers
Top Perfomers
  Stock of the Day
Tip of the Day
Launch Live Ticker
Fox News Home

Indices Chart
Click on index
for more information
Security Breach Raises Questions
About Internet Shopping

By Ben Fox   Associated Press

SAN DIEGO — Internet retailers have worked hard to squelch consumer fears of credit card number theft, using sophisticated encryption and other high-tech strategies to make online shopping safe.

But the industry's security image took another blow with the disclosure that the credit card database of a health products supplier was open to hackers for a few hours this week.

Word of the security breach at Global Health Trax Inc. comes as credit card companies are canceling thousands of cards because someone pilfered their numbers from CD Universe, a Web music seller. The card companies say the CD Universe case, uncovered Monday, has resulted in the largest mass-cancellation of cards they can recall.

"When someone hacks a site, it raises a lot of questions to the consumer," said Chris Merritt, of the Atlanta-based retail consulting firm Kurt Salmon Associates. "They are thinking, `You told me that you have a secure site, but how do I really know if it is secure."

Internet shopping doubled last year to $15.6 billion, said David Schatsky, an Internet commerce analyst for Jupiter Communications in New York. But security remains the top concern of consumers and could slow the industry's growth.

It could also prompt consumers to gravitate toward the established Internet retailers and away from lesser-known start-ups, Merritt said.

Global Health Trax, based in Poway, east of San Diego, is one of the less-established retailers. The company sells dietary supplements to about 3,500 distributors nationwide and has annual sales of about $3.5 million, executive vice president Lorin Dyrr said.

Distributors can go to the company's web site, www.ghtonline.com, and enter their credit card number on an order form that is e-mailed to the company.

On Monday, account information on several hundred distributors, including home telephone numbers and bank account and credit card numbers, was open to hackers on the company's old web site, www.globalhealthtrax.com, Dyrr said. That site was abandoned a year ago.

The company said it believes the breach was a case of corporate sabotage by former employees — and few people accessed the numbers.

The customer files were exposed because the person who helped to design the Web site left the files on an unsecured part of the site, the company said. Anyone with the correct Web address could have access it. It is unclear how that address was publicized, if at all.

The customer information was available for a few hours and at least two people accessed the site, including a reporter for the Internet/cable TV news service MSNBC who contacted the company Monday about the glitch, Dyrr said.

The reporter said he was alerted to it by a "concerned technology worker," who Dyrr believes is one of the culprits and the other person who accessed the site.

Dyrr said five distributors canceled their accounts after MSNBC reported the breach Tuesday. Other customers said they had noticed odd account transactions or credit card charges in recent months, some for as little as $70.

"This kind of sabotage can happen in any type of company, Internet or not. If we didn't have a computer system, they could take this information and fax it all over the planet," Dyrr said.

This is a different scenario from Connecticut-based CD Universe. In that case, an unidentified hacker, who described himself as a 19-year-old from Russia, claimed to have stolen 300,000 card numbers by exploiting a flaw in security software.

He said he sent a fax to the company last month offering to destroy his credit card files in exchange for $100,000. When the company refused, he used a Web site called Maxus Credit Card Pipeline to distribute up to 25,000 of the stolen numbers.

Since then, credit card companies and banks have worked with CD Universe to locate their customers who used the online retailer.

Wachovia, the nation's 16th largest bank, offered to reissue 2,000 cards to its customers who bought from CD Universe, but found no cases where the cards had been fraudulently used, said Charlie Hegarty, a bank executive.

"You could say it was a bit of overkill at this stage of the game, but we wanted to give our customers that extra bit of assurance," Hegarty said.

Credit card users are generally liable for only $50 of unauthorized charges. The issuers pay the rest.

Discover Financial Services is reissuing cards for more than 10,000 customers, spokeswoman Cathy Edwards said. Visa and MasterCard are working with banks, which issue their cards, to identify CD Universe customers.

American Express is also reissuing cards, but spokeswoman Judy Tenzer declined to specify how many customers were affected.

More Marketwire More MarketWire News Top of Page

© 2000, News Digital Media, Inc. d/b/a Fox News Online
All rights reserved. Fox News is a registered trademark of 20th Century Fox Film Corp.
Data from Thomson Financial Interactive is subject to the following Privacy Statement

© 2000 Associated Press. All rights reserved.
This material may not be published, broadcast, rewritten, or redistributed.
© 2000 Reuters Ltd. All rights reserved