Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Credit card thieves donate to charity

Small contributions test validity of cards while avoiding suspicion
By Tim Greene , Network World , 07/06/2007
  • Share/Email
  • Tweet This
  • Comment
  • Print

Symantec says it has noticed an increase in the use of stolen credit cards to make charitable contributions as a way to check out whether card numbers are legitimate before the thieves attempt to sell them or make large purchases with them.

If the cards prove usable, the criminals can use them without worrying whether they will prove invalid and draw down law enforcement authorities, Symantec says.

The thieves donate just a small amount to the charities so as not to raise suspicion among credit card security teams that seek transactions that fall outside the normal pattern for individual card holders, the company says.

Symantec speculates that behavior monitors within credit card companies are less likely to contact customers to verify the legitimacy of a small charitable transaction than they would be for an extravagant expense.

Because legitimate charitable transactions are not everyday occurrences for individuals, they likely wouldn’t raise any flags, especially if they are for relatively modest amounts.

By sitting in on Internet chat rooms where credit card numbers are traded, Symantec tuned into this trend, says Zulfikar Ramzan, a senior principal researcher for the company. U.S. cards sell for $1 to $6 each and U.K. cards sell for $2 to $12, he says.

Before the charity contributions, the criminals would make small transactions, often to Web sites where they knew security checks are lax, he says.

Testing that a card is active is so important that thieves have set up a specific Internet relay chat command to handle it. A thief types in a card number and the script automatically makes a small transaction, Ramzan says.

He says thieves also have scripts that use the credit card numbers to tap into the user’s name, Social Security number and the upper limit on the card. “It’s pretty chilling to see someone’s Social Security number and credit card number fly by,” he says.

Bank investigators will likely become attuned to the charity donations and try to react to it, but that is a tricky game, says Ramzan. The banks don’t want to overreact and start blocking or verifying legitimate donations. “If they detect too much stuff that’s not fraudulent they may cause more trouble than they can handle,” he says.

“I guess one thing to note here is that at least some of the stolen money is going to a good cause,” says Symantec blogger Yazan Gable.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comments (3)
Login
Forgot your account info?

RE: Credit card thieves donate to charityBy Gary Lee on July 6, 2007, 6:47 pmSo just how long is it going to be before a thief makes a donation to some charity which the victim dislikes (e.g., an anti-abortion victim whose card is used for...

Reply | Read entire comment

Question begging to be answered - what's the charity to do?By Dan_Aquinas on July 9, 2007, 5:13 pmConsidered from the charitable organization's point of view, the article leaves unanswered the question of how the charity could detect and even prevent fraudulent...

Reply | Read entire comment

Interesting?By Terry Sinclair on July 30, 2007, 5:09 pmMost of the websites that you may locate dealing with this theme are very knowledgeable, while many aren\'t. Abortion - Free Motherhood Report - Pregnancy Newsletter

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed