MGDPremium,MVM
join:2002-07-31
kudos:9
3 edits | reply to StillAtIt
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by StillAtIt :
I found this site as I was backtracking a fraudulent Amex charge from "24-hour corp" in Carmichael, CA. ..... Thank you for posting, and what a coincidence !!
I ran across that several days ago while performing routine searches looking for signs of the American Express card fraud division. As some of you may recall, it has been almost 6 months since a posting has been made on this division which uses Sacramento County based Russian expatriate cyber-mules. Previous reports have been under the heading of:
--------------------------------------------------
VALL-JRSX, VIN-DESIGN, aka VIN DESIGN, E NAT, PARADISE WEB, aka PARADISEWEB, TIM-WEB, SOLOMKA DESIGN, Mobil Txt, MOBIL DESIGN LLC, ROMAN I PIGLITSIN Telecom Service, DBA ROMAN PIGLITSIN, et all
What do they all have in common?. They are a just a few of the LLCs or Fictitious Business Names that were registered in the Sacramento County or surrounding area by Russian expatriate cyber-mules. The business were registered for the sole purpose of obtaining a business merchant processing account from American Express. They were specifically set up in order to use AMEX's own system to launder hijacked American Express victim card data into cash. This was done by submitting and processing fraudulent charges against the stolen card data. The cyber-mules then wired the hijacked funds out of the country which presumably ended up in Russia and the Ukraine. This fraud has been operating out of that area, virtually uninterrupted since at least 2003 - 2002. The fraud runs in parallel with the indentical Visa / MasterCharge operation.
--------------------------------------------------
I have been scouring for signs of their continued operation, which is sometimes difficult to find. However, knowing that this operation has been running in parallel for several years also, I knew that they were active somewhere, and it was just a matter of time before they hit the radar again.
I was preparing a post over the last several days, while digging into:
ACCEPT-ALL-PAYMENTS.COM AL-Pay, E-Sprint, and 24-hour corp
I can now tie this recent American Express card fraud directly to the same operation, no question about it.
I will follow with with the post that I have been preparing over the last several days, which includes both the UK and USA victim reports of the Amex fraud charges.
In the interim watch this local Sacramento CBS 13 news report:
»cbs13.com/video/?id=39375@kovr.dayport.com
They are correct in that it is the "tip of the iceberg". However a whole section of the iceberg has been revealed already. The worst part of the American Express fraud charges, is that Amex has known about this format for over two years, and supposedly investigated it. Yet they are either unable, or unwilling, to take simple preventative measures to at least make it somewhat difficult for these cyber-mules to keep obtaining Merchant accounts from American Express.
Remember, American Express has their own proprietary merchant processing system. This organized crime syndicate obtains the merchant account via the Sacramento County Russian cyber-mules direct from AMEX. That is how the American Express card holders become victims of this fraud. The bad part is that the syndicate has been obtaining these accounts from AMEX via this modus operandi for at least 5 years
In an excerpt from my work in progress post, I prepared a simple script example of how they could have screened this out:
Now obviously that will not shut down the operation. After all, the organized crime syndicate has had a constant supply of American Express card holder account data for years. However, American Express ought to at least make it somewhat difficult for the criminals to launder that card data into cash using the Amex merchant processing system.
With the Visa / MasterCharge fraud division, the cyber-mules can be located anywhere within 50 states, which is a little more difficult to nail down. This one is so simple to at least place a minor road block in front of, that it borders on negligence, in my opinion.
In addition, if you have not been alert to this over the past 5 years, then you have also lost the ability to do specific card fraud analysis on all of the data that was submitted via the dozens of fraudulent merchant accounts. That analysis is a crucial function as it may well reveal some of the points of initial compromise of the data. If so, that would have enabled those sources to be re-secured, and if unique, possibly prevent other sources from being compromised.
MGD
EDIT= corrected FBN/LLC names, added text |
