- Google Earth used to predict electrical problems
- Kaminsky: Many ways to attack with DNS
- Tools to evade China's Web censorship
- Procter & Gamble's Cisco TelePresence experience
- Adobe warns of fake Flash installers
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Symantec says it has noticed an increase in the use of stolen credit cards to make charitable contributions as a way to check out whether card numbers are legitimate before the thieves attempt to sell them or make large purchases with them.
If the cards prove usable, the criminals can use them without worrying whether they will prove invalid and draw down law enforcement authorities, Symantec says.
The thieves donate just a small amount to the charities so as not to raise suspicion among credit card security teams that seek transactions that fall outside the normal pattern for individual card holders, the company says.
Symantec speculates that behavior monitors within credit card companies are less likely to contact customers to verify the legitimacy of a small charitable transaction than they would be for an extravagant expense.
Because legitimate charitable transactions are not everyday occurrences for individuals, they likely wouldn’t raise any flags, especially if they are for relatively modest amounts.
By sitting in on Internet chat rooms where credit card numbers are traded, Symantec tuned into this trend, says Zulfikar Ramzan, a senior principal researcher for the company. U.S. cards sell for $1 to $6 each and U.K. cards sell for $2 to $12, he says.
Before the charity contributions, the criminals would make small transactions, often to Web sites where they knew security checks are lax, he says.
Testing that a card is active is so important that thieves have set up a specific Internet relay chat command to handle it. A thief types in a card number and the script automatically makes a small transaction, Ramzan says.
He says thieves also have scripts that use the credit card numbers to tap into the user’s name, Social Security number and the upper limit on the card. “It’s pretty chilling to see someone’s Social Security number and credit card number fly by,” he says.
Bank investigators will likely become attuned to the charity donations and try to react to it, but that is a tricky game, says Ramzan. The banks don’t want to overreact and start blocking or verifying legitimate donations. “If they detect too much stuff that’s not fraudulent they may cause more trouble than they can handle,” he says.
“I guess one thing to note here is that at least some of the stolen money is going to a good cause,” says Symantec blogger Yazan Gable.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (3)
Interesting?By Terry Sinclair on July 30, 2007, 5:09 pmMost of the websites that you may locate dealing with this theme are very knowledgeable, while many aren\'t. Abortion - Free Motherhood Report - Pregnancy Newsletter
Reply | Read entire comment
Question begging to be answered - what's the charity to do?By Dan_Aquinas on July 9, 2007, 5:13 pmConsidered from the charitable organization's point of view, the article leaves unanswered the question of how the charity could detect and even prevent fraudulent...
Reply | Read entire comment
RE: Credit card thieves donate to charityBy Gary Lee on July 6, 2007, 6:47 pmSo just how long is it going to be before a thief makes a donation to some charity which the victim dislikes (e.g., an anti-abortion victim whose card is used for...
Reply | Read entire comment
View all comments