Not-so-sweet charity: Credit card fraud takes a charitable twist

Powered by SC Magazine
 

Charity doesn't always begin at home. Nowadays, it increasingly appears to come from credit card thieves looking to validate stolen cards.

Researchers at Symantec revealed on Friday that criminals have stepped up attempts to verify stolen credit cards by using them to donate money to charities.

The scam works like this: The thieves use stolen credit cards to donate a small amount - US$1 to US$10 is typical - to various charities, including the Red Cross. If the transaction goes through, they know they have an active, valid card.

By keeping the amount of money small, the thieves remain "under the radar" of banks' fraud-detection services, said Zulfikar Ramzam, a senior principal researcher at Symantec. Once they know the card is valid, they can then either sell the card or use it for more expensive purchases, he said.

Dan Clements, president of CardCops, a data-breach monitoring company, said cybercriminals began using this technique earlier this year. It works because "consumers don't immediately dispute such small charges on their credit cards right away - they think it's a mistake, but that's a heads-up that fraud is coming up."

The charity scam is part of "integrated-technologies approach being used by a select number of people on the cutting edge of online fraud," Ramzam said. "As its use becomes more viable, more people will start to adopt it."

Another popular scheme for validating stolen credit cards is to steal an online merchant's card-validation "script" and place it on one of the internet chat rooms populated by cybercriminals from more than 70 countries, Clements said.

The criminals use the stolen script to check with the credit card's issuing financial institution to determine that the card is active and valid.

Each validation attempt also costs the online merchant 20 cents, according to Clements. "I know of a merchant who got a US$40,000 bill from these guys testing cards," he said.

Consumers "should make sure their credit cards aren't stolen. They should monitor their statements," Ramzam said. "If they see a US$5 transaction, it's worth checking.

It could be indication that their card was stolen and someone was doing a check to see if it's valid."

Not-so-sweet charity: Credit card fraud takes a charitable twist
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 842

Vote