Jerry Hancock of American Fork, Utah, said his credit card company recently alerted him that the card may have been used fraudulently.

"I discovered that on March 1, [more than] $1,600 worth of charges had been made to the account," Hancock said.

Hancock said $26.95 had been charged to a pornography site, Cyberage.com, which according to its Web site is owned by Tri-Tech Internet Services Inc. in Glendale, Calif. Another $1,635 had been charged to wpmilleniumtelcom, a company he couldn't locate.

Hancock claims his wife's credit card information was accessed from online retailer Babygear.com. The retailer filed for Chapter 7 bankruptcy protection in December (see story).

"Using information about the computer and the e-mail address of the person making the charges that was provided by Tritech.org, I traced the person to the metallurgy department at the University of Belgrade," Hancock said. "I contacted [the systems administrator], who identified the [alleged hacker] but didn't share that information with me."

In an e-mail to Hancock, Aleksandar Kojovic, the systems administrator at the university, said that after some investigating, he found a computer file that contained credit card information for 20 to 30 people. He said it looked as though someone had hacked into a Web site and found a listing of credit card orders.

Kojovic also was able to provide Hancock with his wife's credit card information including number, expiration date and the amount charged, which was $39.33.

Hancock said he and his wife went through their credit card statements and found that on Sept. 7, they were billed exactly that amount for a baby chair they purchased at Babygear.com.

"I've alerted the FBI, and I was credited for the fraudulent charges, but I want people who shopped at Babygear.com to know that their credit card information may have been compromised," Hancock said.

But Preston Bealle, former president and CEO of Babygear.com, said he wasn't aware of any widespread credit card fraud associated with the site.

"We did over half a million transactions in two years, and we had one case where someone said his credit card was used fraudulently," said Bealle. "But there was nothing widespread. We haven't been in business since Thanksgiving and our servers have been down since December. Anything's possible. Maybe there's a former customer service rep out there who kept a customers' [credit card information], but there was nothing widespread."

Computerworld sent e-mail to Kojovic, as well as the alleged hacker, whose e-mail address was provided by Tritech.org.

In response, Kojovic said he tracked down the computer that stored Hancock's wife's credit card information. He said he found a directory with a "ccards.txt" file where the credit card information was stored and that he deleted it from the local machine. E-mail was also sent to the alleged hacker, whose e-mail address was provided by Tritech.org, but there was no response.

Related stories:

• Opinion: Culture of indifference plagues password security, Feb. 5, 2001
• Survey: Retail fraud more prevalent for online vendors, July 24, 2000
• New fed center targets Internet fraud, May 9, 2000

Related links:

• For more security coverage, visit our Security Watch page.
• Have opinions on security issues? Head to the Computerworld security forum. (Note: Registration required to post message; anyone may read messages. To register on Computerworld's forums, click here).