MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | reply to garys_2k
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by garys_2k:Amazing! That is some of the most incredible work I've seen. Regarding this enterprise, they must have some extensive resources. None of the obvious English language gaffs, that endless supply of fresh card data, a deep understanding of the U.S. banking and finance system. No lads sitting in sweaty Nigerian Internet cafes, these.......... Thanks,
Yes indeed, this is not your typical scam operation at all. The sophistication, expertise, and sheer enormity of this crime syndicate's operation has yet to be realized, or receive the deserved publicity. They have have intricate knowledge of the not only the banking system, but also down to the level of knowing the precise chargeback exception triggering ratios of the online merchant processing system.
Again, it is vital that the victims report the charges as fraudulent, then cancel and replace their cards. You play in to the crime syndicates hands by allowing them to issue a credit for the charge. That is what they want to do once they know you have caught it, and will dispute the charge. Victims should also file a complaint online with the Internet Crime Complaint Center (IC3).
By issuing credits or reversals to the percentage of victims that discover and pursue the fraudulent charge, that will help maintain a chargeback ratio below the merchant processor's flag threshold. They have managed to sustain some individual accounts for well over a year by doing this.
In addition, they get to deflect attention away from their operation, by making it appear, however unbelievable, that a team of criminals are trying to scam the websites using hijacked card data to buy useless ebooks, webtemplates, or cellphone games. When in fact the syndicate is just harvesting cash by ploughing card data in batch entries through their scores of fake sites.
said by garys_2k:I can only imagine that the card data is an inside source at one of the central clearinghouses. Finding THAT source should be a top Federal priority. .
Yes, this most definitely needs Federal priority, and immediate urgency from both the Secret Service and the FBI. The sheer volume of data that the syndicate has access to, indicates that there is a compromised hole large enough to drive a truck through it.
I have given considerable thought as to where and how they are getting the data from. Infiltration by a human mole remains a distinct possibility. I do believe though that the core of the criminal enterprise operates from Russia, or maybe the Ukraine, and there is some anecdotal evidence to support that.
Two years ago at the peak of the Digital Age card fraud, there was much speculation that the CardSystems Solutions Inc. leak may have been a prime source of data at the time. However, many of the reports, if correct, stated that though consumer's name, card number and CVV2 were taken, the victims address was not in the files. Since we know that this syndicate is entering address data, then that would tend to preclude that possibility.
There was one component of the Card Systems data theft that could very well be the same vehicle in use now, and should also be considered a primary suspect. According to an About.com article in October of 2005, that addressed the potential Card Systems & Digital Age connection. There was a quote from Congressional testimony provided by John Perry, President and CEO of Card Systems Solutions with respect to how the data was compromised:
quote:
......"the theft was carried out through the use of a malicious script planted on their system through an Internet-facing application. The malware was programmed to run every 4 days, at which time it sought out a specific file type and extracted credit card holder's names, account numbers, expiration dates and CVV codes. The extracted information was zipped and forwarded to an FTP site where it was presumably retrieved by the attackers".
There is no reason not to believe that a similar malware could exist in another penetrated card account database. Similar malware could have infiltrated databases further up the chain, and still be functioning today.
There are still groups of victims on diverse internet forums comparing unique online vendors that they all have a recent purchase with. They point to that common link as the source and location of where their card data was compromised at. Some say Equifax, others are pointing to Digital River, and some to PayPal.
However, there is some degree of certainty that this data is not coming from any recent internet transactional event, for several reasons.
Sampling of the entire operation routinely turns up victim's cards that were never ever used in online card not present (CNP) transactions. If you never entered your CVV2 number, who or what database would have it stored ??. Combine that with reported charges to cards that were dormant for extended periods that are then hit with these charges. That indicates that the data is not coming from intercepted recent transactions, but rather a storage database that contains card accounts with both active and dormant card data combined, and no distinguishing flags between them.
Also, routine reports of victims hit on multiple unrelated cards, indicates that the database may group card account data by the card holder account name, regardless of the card issuer. It does appear that the syndicate is unable to differentiate between fresh frequently used cards, and cards with little or no recent activity. If the criminals had access to the card activity, they would surely sort by that data. For an operation that remains low key, and is dependant on maximizing non disputed billing, why would they knowingly even shoot a charge against a card that has been dormant for a year or more. That is as close as one can get to a guaranteed rejection of the charge by the victim. Bill $15 get get $15 chargedback plus a $25, equals -$25.
So they do not know, otherwise they would screen the dormant ones out. In fact, if they could see the transactional history of the accounts, they would sort and select out all the ones that had 3 page bills every month, and probably at least two users. Those are the accounts that have the highest odds of not catching and rejecting the charge. They could maximize their laundering success ratio by selectively billing accounts where the fraud charge would be buried in a 30 item bill.
There are also routine reports of victim's who noticed that their cards were "pinged" 24 hours before the charge hit. If the criminals were intercepting data at the transactional level, between Equifax and the upstream processor for example, there would be no need to ping cards.
The data would already be from fresh recently used cards.
Random card pinging has been a common theme going all the way back to the Pluto card scam.
MGD
Edit = fixed bad link |
