Based on posts in the forums and those that registered with this site, it looks like this was not a hack of any website or brick-and-mortar retailer. There is no common thread between everyone that has the charge. Some haven't used their card in over a year, some have never used it online.
There has been much speculation that a card processor break-in could therefore be the reason, as shown in this article titled, "Latest Security Breach Exposes 40 Million Credit Card Accounts to Potential Fraud:" http://www.consumeraffairs.com/news04/2005/cardsystems.html
Here is a link to testimony that the CEO of CardSystems provided in the House of Representatives: http://financialservices.house.gov/media/pdf/072105jmp.pdf
However, I don't necessarily believe that the CardSystems incident where the criminals got the numbers. It certainly could be, but there could have been other attacks that we don't know about, so I'm not jumping to conclusions.
This is not the first time that criminals have used this means of attack to get under the radar of the banks, this website is dedicated to researching small charge frauds in 1999-2000:
A company named Digital Age was involved in a credit card scam in 2004, where the credit card data was stolen from a server. Here is the website that was referenced on card statements then (with an office in Cyprus): http://www.diage.com/policy.html (DEAD). The website looks plainly fake to me -- they are not accepting any new customers and notice the Cerber Anti-Fraud System logo at the bottom left (totally made up).
This page originally posted 10/19/05 6:15 AM EDT
NEW DETAILS ON INVESTIGATIONS-PAGE 2
Here is DIAGE.COM/Digital Age's BBB report: http://data.fortcollins.bbb.org/commonreport.html?bid=46004428
Here is an email from DVD Pacific, Inc. to their customers in 2004 relating to DIAGE.COM charges:
Terribly sorry to know that you have become a victim also of these fraudulent charges and Diage.com is one of the 3 companies associated with placing the fraudulent transactions.
(Make sure to use the triangles at the bottom of their page to switch pages):
NEW INFORMATION 10/25:
Based on the investigation by digitalageproducts.com, it looks like the full phone number for Digital Age Cyprus is 1-888-529-9842, which directs people to da-support.com (DO NOT FILL OUT ANYTHING THERE). The site looks obviously fake to me. It seems as though the merchant actually is in Cyprus. The bank that is processing the charges is asSEB/Euroline of Sweden. They said that have processed charges for Digital Age from the beginning of September 2005 through the middle of October. As of October 12, they have stopped processing any charges.
NEW INFORMATION 11/12:
Many new details about this fraud have been pointed out by MGD of broadbandreports.com. Here is a summary of what he has found:
The contact address for diage.com which is supposedly (listed on their website and in their WHOIS:
1704 Westland Road, 8401
Cheyenne, WY, 82001, USA
This company was dissolved by Wyoming on May 28, 2005 because of deliquent taxes (shown here).
Copyright 2005-8 BRIAN MORRIS TECHNOLOGY SERVICES