- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Symantec says it has noticed an increase in the use of stolen credit cards to make charitable contributions as a way to check out whether card numbers are legitimate before the thieves attempt to sell them or make large purchases with them.
If the cards prove usable, the criminals can use them without worrying whether they will prove invalid and draw down law enforcement authorities, Symantec says.
The thieves donate just a small amount to the charities so as not to raise suspicion among credit card security teams that seek transactions that fall outside the normal pattern for individual card holders, the company says.
Symantec speculates that behavior monitors within credit card companies are less likely to contact customers to verify the legitimacy of a small charitable transaction than they would be for an extravagant expense.
Because legitimate charitable transactions are not everyday occurrences for individuals, they likely wouldn’t raise any flags, especially if they are for relatively modest amounts.
By sitting in on Internet chat rooms where credit card numbers are traded, Symantec tuned into this trend, says Zulfikar Ramzan, a senior principal researcher for the company. U.S. cards sell for $1 to $6 each and U.K. cards sell for $2 to $12, he says.
Before the charity contributions, the criminals would make small transactions, often to Web sites where they knew security checks are lax, he says.
Testing that a card is active is so important that thieves have set up a specific Internet relay chat command to handle it. A thief types in a card number and the script automatically makes a small transaction, Ramzan says.
He says thieves also have scripts that use the credit card numbers to tap into the user’s name, Social Security number and the upper limit on the card. “It’s pretty chilling to see someone’s Social Security number and credit card number fly by,” he says.
Bank investigators will likely become attuned to the charity donations and try to react to it, but that is a tricky game, says Ramzan. The banks don’t want to overreact and start blocking or verifying legitimate donations. “If they detect too much stuff that’s not fraudulent they may cause more trouble than they can handle,” he says.
“I guess one thing to note here is that at least some of the stolen money is going to a good cause,” says Symantec blogger Yazan Gable.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
RE: Credit card thieves donate to charityBy Gary Lee on July 6, 2007, 6:47 pmSo just how long is it going to be before a thief makes a donation to some charity which the victim dislikes (e.g., an anti-abortion victim whose card is used for...
Reply | Read entire comment
Question begging to be answered - what's the charity to do?By Dan_Aquinas on July 9, 2007, 5:13 pmConsidered from the charitable organization's point of view, the article leaves unanswered the question of how the charity could detect and even prevent fraudulent...
Reply | Read entire comment
Interesting?By Terry Sinclair on July 30, 2007, 5:09 pmMost of the websites that you may locate dealing with this theme are very knowledgeable, while many aren\'t. Abortion - Free Motherhood Report - Pregnancy Newsletter
Reply | Read entire comment
View all comments