Don't let your credit card leave home without you

The database was created by Ihate Shopping, which runs a Web site that sells simple flower arrangements and gift baskets to men who, well, hate shopping.

Harry Widdifield, president of Ihate Shopping, says the latest wave of credit card thefts has inspired him and other Web site owners to band together. They plan to launch on Jan. 10 a new corporation, the Responsible E-Business Alliance (RE-BA). Member sites would agree to inform the public of all security breaches.

"We know break-ins are going to happen. Some sites are handling it responsibly and some aren't," RE-BA chairman Ron Ehli said. Ehli is president of PayByCheck.com, one of the Internet's largest check-processing services, with nearly 20,000 merchant-subscribers.

Last month, a hacker posted 55,000 credit card numbers on the Web after stealing them from CreditCards.com in a failed extortion attempt. The hacker sent thousands of emails Dec. 11 directing people to the stolen numbers.

Also in December, a hacker broke into Egghead.com's database, possibly exposing up to 3.7 million credit card numbers.

Both cases are being investigated by the FBI.

Widdifield, a former customer of CreditCards.com, says merchants who relied on the service were not notified of the break-in until weeks after it was discovered.

"We notified our merchants of the incident and reassured them that everything was taken care of," said Laurent Jean, a CreditCards.com spokesman. "But to contact the hundreds of thousands or millions of customers who used those merchants would just be impossible."

But consumers who never even visited CreditCards.com may have had their card numbers exposed anyway. The service bureau handled transactions for sites like Rock the Vote, HomeBrokerAuction.com and iKnowledge Systems, among many others.

Since many consumers never received notification that their card numbers had been exposed, Widdifield said he felt people should be able to check a database to find out for themselves.

When he received the hacker's email, Widdifield saved the credit card information that appeared and then removed the cards' expiration dates. The resulting database may be queried only if you know the exact first and last name associated with a card number.

This procedure lets consumers find out whether their card numbers were stolen--without revealing any information to people with less than lofty goals.

Querying the database requires consumers to divulge an email address as well as their name. But the database accepts even a made-up email address, in case you want to keep such information private.

Card numbers stolen from Internet sites have already shown up in numerous unauthorized transactions.

Victims have typically found unauthorized charges of $10 to $20 on their credit card statements, which are amounts small enough to be easily overlooked.

Complaints are streaming into consumer discussion groups, such as The Complaint Station. Victims say the charges originate from Russian telecommunications companies with names like Skiftel, Inetplat and Global Telecom.

Inetplat was the only company that responded to emails seeking comment, saying the company had nothing to do with unauthorized charges.

If you learn that your credit card number has been exposed, your best bet is to contact your card issuer. Cancel the number and contest any unauthorized charges. The recent break-ins are well-known to issuers, which will usually mail new cards immediately to consumers who request them.

It's often said that the West should support economic growth in Russia, but you may not want to finance it with your personal credit card.

Consumer advocate Brian Livingston appears at CNET News.com every Friday. Do you know of a problem affecting consumers? Send info to tips@BrianLivingston.com. He'll send you a book of high-tech secrets free if you're the first to submit a tip he prints.