Why One Hacker Is Facing 334 Years For 54 Credit Cards

Since the words “Turkish prison” are more or less synonymous with “terrifyingly awful conditions,” it is in some sense unsurprising that a Turkish hacker is currently looking at a 334-year sentence for stealing some credit card data. Whatever else can be said about the criminal justice system in Turkey, no one will ever accuse it of being insufficiently hardcore when it comes to meting out punishment.

Though, when computer crimes are being punished in multiple hundreds of years, one might question if perhaps the sentencing guidelines need a bit of work.

According to local reports, a 26-year-old hacker has been handed a 135-year sentence by a Turkish court, which will pair up nicely with the 199 years the same gentleman was sentenced to in 2013.

So, what did he do? Hack every bank in Turkey? Loot the national treasury? Almost accidentally start World War III “WarGames” style?

Not quite. Though his formal conviction is for “mass bank fraud,” it seems the hacker in question, Onur Kopçak, actually was convicted Sunday (Jan. 10) of obtaining and selling credit card information.

For a whole 11 cards. The other 199-year sentence was earned in concert with 11 other hackers with whom Kopçak stole card information from 43 bank customers. All in, Kopçak is facing about six years per credit card number he stole.

While some have noted that this punishment seems a bit outsized in relation to the crime, others have noted that Turkey’s traditional method of crime prevention is deterrence via draconian punishment; by making an extreme example, Turkey firmly sends the message that it does not want to be a host nation for the international brigade of cybercriminal nomads.

As a point of comparison, the longest sentence in the U.S. ever handed out for a similar crime was 20 years. It went to Albert Gonzalez — the hacker behind the TJX breach that exposed 90 million credit cards.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.