Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Businesses

Corporate Identity Theft on the Rise 193

prostoalex writes "As millions of Americans lose their identities to online and offline thieves, a new kind of crime has been cooked up by the criminals who are not bothering with doing pesky credit card charges. They steal entire companies, opening up merchant accounts for existing businesses and running up charges from aforementioned stolen credit card numbers. What's worse, is that the hole the criminals exploit seems to be built into the system. According to Bob Sullivan from MSNBC, "Many of the processing firms interviewed for this article claimed they caught on to the fraud after the transactions had cleared, but before the suspects had withdrawn the money from various checking accounts around the country. One did concede, however, that the scheme has real potential.""
This discussion has been archived. No new comments can be posted.

Corporate Identity Theft on the Rise

Comments Filter:
  • Hmmmmm..... (Score:5, Funny)

    by FatherKabral ( 819599 ) * on Friday October 08, 2004 @09:22AM (#10469347)
    I wonder if Microsoft accepts credit cards.....
  • by Fr05t ( 69968 ) on Friday October 08, 2004 @09:30AM (#10469383)
    Ashton was quoted saying, "Dude where's my company."

  • seems it would be (Score:4, Insightful)

    by Prince Vegeta SSJ4 ( 718736 ) on Friday October 08, 2004 @09:32AM (#10469394)
    just as easy, and potentially more profitable.

    All you would need is a legit FEIN, and real or forged Articles of Formation. Maybe an operating agreement. Open a bank account and VOILA!

    • I'm not so sure it would be as easy as mentioned in the article. Banks pay VERY CLOSE attention to new merchant accounts. In this case there would be a discrepancy between the company's Dun & Bradstreet, and what the income the scammers stated would be anticipated from the cards.
      Such a brand-new account suddenly receiving tens of thousands in a few days (the only way the scam would be worth it) followed by a quick attempt to transfer those funds would trigger an investigation and have the funds held. Ba
      • Comment removed based on user account deletion
        • by robogun ( 466062 )
          I agree, but the article is talking about merchant account fraud (where companies go to a special type of bank account to accept credit card payments). Unlike personal credit card accounts, this process is vetted at all levels. Like you said, fraud at cardholder level is unlikely to provoke a useful response. But this article is talking about fraud at the level of the credit card acceptor - a much higher level. I was suggesting that the merchant bank who provides this service to these companies is risking i
  • Fraud != Theft (Score:4, Interesting)

    by Theseus192 ( 787156 ) on Friday October 08, 2004 @09:32AM (#10469395)

    I hate it when the mass media call it "identify theft." If someone impersonates me, he's not taking away my identity, he's committing fraud.

    Repeat after me... intangible and intellectual "property" cannot be "stolen." It can only be used in unauthorized ways.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday October 08, 2004 @09:42AM (#10469474)
      Comment removed based on user account deletion
      • by (void*) ( 113680 ) on Friday October 08, 2004 @10:24AM (#10469917)
        But deception is also fraud. The grandparent poster is NOT WRONG, and has a point. The point being that
        even if the theft did not go through, one can still
        prosecute it as fraud. Thus the credit card companies who repay the merchant but don't persecute
        the fraudsters even with a lot of evidence are PART OF THE PROBLEM.
        • Thus the credit card companies who repay the merchant but don't persecute
          the fraudsters even with a lot of evidence are PART OF THE PROBLEM


          Yes, the credit card companies have it nailed down to the last dollar - Will it cost more to
          a) Prosecute the fraudsters
          b) Repay the merchant
          They choose B in most cases. There's a high cost of litigation in this country.

          Same with car insurance. I was sued in an obviously bogus manner once, AAA even admitted when I called them that the lawsuit was a total fraud. Yet,
      • >We don't talk about "Lock theft"
        >(as in you pick a lock, get in,
        >take what you want, and run out)

        It's called "Breaking and entering" and it's a seperate crime from theft. You get charged with B&E even if you didn't take anything or just "looked around". Even if you didn't "break" anything to get in.

        If you steal stuff, you're charged with that too.

        The law is pretty specific about these kinds of things. Fraud is fraud, theft is theft. They are not the same thing.

        =Shreak
        • Comment removed based on user account deletion
          • > The OP believes that it isn't theft if the
            > stolen items were obtained through fraud

            No the OP believes that the term "Identity Theft" implies that the identity was stolen. Just as your "Lock Theft" implies that the lock was stolen.

            There is a crime here, it's theft of property (the merchandise that was stolen from the store). The mechanism used to steal the stuff was fraudulent use of someone's credentials (identity). This mechanism already has a term (fraud) and it's already a crime to perpetrate
    • I hate it when the mass media call it "identify theft." If someone impersonates me, he's not taking away my identity, he's committing fraud.

      If someone assumes your identity and racks up credit card charges in your name, you lose your credit rating and good standing. I have no problem calling that 'theft'.
      • Why stop there? Why not call it rape? 'Identity rape'. Has a nice ring to it.
      • I don't think you understand the definition of "theft".

        They never stole your credit rating, they impersonated you and tarnished your reputation.
        They fraudulently acquired goods which can probably be considered stealing from some merchant in the transactional process, but they did not steal that item from you.

        Remember, a verb acts on a noun!
    • From WordNet (r) 2.0 :

      theft
      n : the act of taking something from someone unlawfully; "the
      thieving is awful at Kennedy International" [syn: larceny,
      thievery, thieving, stealing]

    • I hate it when the mass media call it "identify theft." If someone impersonates me, he's not taking away my identity, he's committing fraud.

      Stealing someone's identity is indeed fraud, not theft, that's true. However, using that fradulent identity to purchase goods falls under federal "theft by deception", and thus "identity theft" can also mean "using someone's identity to steal".

    • Who steals my purse steals trash; 'tis something, nothing.
      'Twas mine, 'tis his, and has been slave to thousands;
      But he that filches from me my good name
      Robs me of that which not enriches him
      And makes me poor indeed.
      -William Shakespeare - Othello the Moor of Venice (Iago at III, iii)
    • All of the common legal definitions of theft run thusly: "theft is usually defined as the unauthorised taking or use of someone else's property with the intent to deprive the owner or the person with rightful possession of that property or its use."

      Note the inclusion "of its use" here. It's extremely important. If you have the legal right to use something in a particular way, and someone misappropriates that use, that's theft, whether they actually take something (physical or otherwise) or not.

      Copyright

    • Thank You...

      It needed to be said, what you pointed out that is.

      Identity theft is just a term used to scare the crap out of people. It isn't like the person is going to start showing up at work for you and attending family functions - they are just using your bank account or credit card information.

      If I steal your credit card and use it I'm not taking your identity - I'm committing fraud by acting as you. That is the way my state has always looked at it. I should know, I've known many people who've gone
      • Comment removed based on user account deletion
        • You don't get it.

          Fraud:

          A deception deliberately practiced in order to secure unfair or unlawful gain.

          or:

          An intentional perversion of truth for the purpose of obtaining some valuable thing or promise from another.

          Or better from the FTC site: [consumer.gov]

          How can someone steal your identity? Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.
    • If someone impersonates me, he's not taking away my identity, he's committing fraud.

      But the mass media is very, very vested in this New Economy thing -- literally, technocrats of the first order -- and really, really want to get people to transform their lives into the most Teflon-coated fiscal state possible (the velocity of money always being of interest to the banking and merchant classes). The phrase "identity theft" does not hinge on the word "theft" ... it hinges on "identity", and that's what peo
    • It's called identity theft so that the credit card companies can convince the public that it's their problem. In reality, it's just plain old theft from the credit card companies. And it's the credit card companies problem, and the lax security standards they practice that allow it to take place.

      Quite honestly, I have little sympathy for a credit card company who mails out pre-approved credit card offers requiring only a few boxes worth of information and a signature (which isn't even verified) to accept.

      • I have never been able to figure out what the problem is with "pre approved" credit card offers. All they are is an application for a credit card. Every one of them that I have seen, and I get one almost every day, requires a SSN, birth date, mother's maiden name, income, employer. If you have all of this information about a person, you can just go to the credit card company's website and fill out an application for the same card. The pre approved offers are just applications sent out to people whose data h
        • You're right...you could get the card online with that information. That's the problem. It's trivially easy to have access to someone's SSN and birthdate. I don't think they check mother's maiden name - it's just a question they can parrot back to you later.

          The advantage of a pre-approved card is that (a) you know the victim is pre-approved, therefore likely to be given the credit. (b) You have the person's address, so you can watch for the actual card (which you have to activate, usually with the ZIP code

  • Good Idea (Score:5, Insightful)

    by alarocca ( 683961 ) on Friday October 08, 2004 @09:37AM (#10469423)
    I love these articles that outline great ways to break the law. Like the one a while back about how to open a kryptonite U-Lock with a pen. It used to be hard to come up with great criminal schemes...now you just have to watch the news.
    • Re:Good Idea (Score:5, Insightful)

      by Rev. DeFiLEZ ( 203323 ) on Friday October 08, 2004 @09:50AM (#10469542) Homepage
      Security through obscurity never works. The only thing putting on the news does is create outrage until the problem is fixed. "criminals" (and kryptonite) knew about the u-lock bic pen weakness for _years_ (2-3) now that it is on the news, kryptonite is replacing the defective ones.

      now maybe the banks will ask the client for their goverment papers that proves they registered the bussiness.
  • MP (Score:5, Funny)

    by Anonymous Coward on Friday October 08, 2004 @09:39AM (#10469442)
    And so - the Crimson Permanent Assurance was launched upon the high seas of international finance!

    • by fizban ( 58094 )
      [singing]
      It's fun to charter an accountant
      And sail the wide accountancy,
      To find, explore the funds offshore
      And skirt the shoals of bankruptcy!

      It can be manly in insurance.
      We'll up your premium semi-annually.
      It's all tax deductible.
      We're fairly incorruptible,
      We're sailing on the wide accountancy!
  • Hmmmm... (Score:2, Funny)

    by Anonymous Coward
    For some reason this just does not generate the sympathy in my heart that stories of personal identity theft does... I wonder why?
    • It should. Who do you think loses out when the company has several million dollars stolen through identity fraud? The C-level executives?
  • by Anonymous Chemist ( 62398 ) on Friday October 08, 2004 @09:39AM (#10469449)
    check out the link http://www.iwks.com/features/default.asp?pagetypei d=2&articleid=31496&subsectionid=655 this type of theft is well known; just not as reported as personal id theft. From other stories is seems the average is 30,000 or more per theft. Seems that perhaps the victum in this story came out lucky. However since you have to provide ID and would get captured on camera setting up a checking account, keeping your real ID does seem to be a challenge.
  • by perdu ( 549634 ) on Friday October 08, 2004 @09:43AM (#10469486)
    Dear Taxpayer, Your local IRS office address has changed. Please mail all taxes in the future to: Internal Revenue Service Box 1776 The Cayman Islands

  • How to article (Score:4, Interesting)

    by raider_red ( 156642 ) on Friday October 08, 2004 @09:46AM (#10469511) Journal
    Does anyone else have a problem with the level of detail in the article? They not only report on the scam, but tell exactly how it was carried off. They've even provided the names of the merchant transaction companies which can be suckered.
    • Does that really matter?? Those merchant transaction companies have jus been burned - hopefully they'll learn from the experience and do due diligence in making sure that the companies opening accounts are legitimate. Shouldn't be too hard. If the new account is in the same town, just try to find the address. If they're elsewhere, pick a random Private Investigator out of the phone book to do the same. Gotta be worth a couple of hundred to get a PI to swing by the address and see if it really exists.

      Ev

      • Or they could just get a box at the UPS store, or talk some nice sucker into receiving packages for them at home. There are a number of ways to set up a fake physical address.

        • Then the PI would discover that the mailing address for the big, flashy, tens/hundreds of employees, multi-thousand dollar company portrayed on the website is actually just a slot at Mailboxes Etc, or a one bedroom apartment in the seedier side of town. Yes, even then it would still be possible to set up a legitimate-looking address, but if the merchant transaction companies would just do a bit of legwork, they could make it much less profitable for the scammers.
      • Does that really matter?? Those merchant transaction companies have jus been burned - hopefully they'll learn from the experience and do due diligence in making sure that the companies opening accounts are legitimate.

        I was involved with a company that just did this. I had setup a website for a university to do online registrations for the frosh week packages. After dealing with all the red tape you deal with at a university, they finally got their merchant stuff setup in mid August, and we put the system
    • Re:How to article (Score:4, Insightful)

      by Zak3056 ( 69287 ) * on Friday October 08, 2004 @10:17AM (#10469834) Journal
      They not only report on the scam, but tell exactly how it was carried off. They've even provided the names of the merchant transaction companies which can be suckered.

      To me that says one thing: honeypot.

  • by Featureless ( 599963 ) on Friday October 08, 2004 @09:48AM (#10469524) Journal
    ...every time some "paranoid" person starts talking about security. You know who I'm talking about.

    They're everywhere. Nobody thinks worrying about security is cool or fun, it seems like a waste of money, a sign of mental instability, even a kind of obsessive behavior.

    Everyone much prefers to be surprised and wave their hands when things go wrong. "It's out of control. You can't stop hackers/criminals/etc."

    People have a terrible problem understanding scale. Nobody understood at Microsoft that the computer wasn't a little house in the country where you could leave the doors unlocked so occupants wouldn't have to fumble with the keys. When engineers there raised the problems they were scoffed at, disciplined. "Keep your priorities straight. Don't be paranoid." Nobody got it when the first spam was sent and we were all outraged... "What's wrong with a little spam?" How about what's wrong with 300 spam a day? It's just the "logical conclusion" - which is not logical anymore to people who don't like to be bothered thinking deeply about their responsibilities.

    The many systems our financial institutions use for identifying and tracking "consumers" are ridiculously insecure. And although the victims wail and now are allowed a few minutes a month to tell their horrible tails on 60 minutes, we as a whole seem determined to close our eyes and race grinning into the brick wall of scale again. How many hundreds of thousands of people have to have their lives ruined before colleges stop making everyone spout their social security number like it's their first name, and the mother's maiden name loses its appeal? How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?

    This is a cultural change we need to kick off. We need to take security seriously. It needs to become uncool to roll your eyes and mock the security expert.
    • How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?


      It's worse than this. Someone walked into a bank in minnesota and tried to get a business loan for $18,000 using my information. Luckily, he was turned down on a technicality. I found out when I received the rejection letter almost the day I moved into my new house. He had applied for the loan using my address b
      • Dude, you need to get a fraud alert on your credit report today. Call Experian and the other two agencies and explain what happened. Ask them for a fraud alert (I think that's the name, but I'm not sure) to be put on your report, so that any requests for credit will require verification. That is, the prospective lender will call you before they issue credit. I'm not sure if they're legally required to call you or if it's simply in their best interest. If you want this guy caught, then leave an outgoing mess
        • by infinite9 ( 319274 ) on Friday October 08, 2004 @11:38AM (#10470907)
          Actually, we tried to have fraud alerts placed in all three credit reporting agencies. The problem is that credit reporting agencies are just as bad (if not worse) than the credit card companies themselves. Since the credit card companies are their customers, and not the people they're gathering information on, they won't actually talk to you. To get a fraud alert, you have to send them a request, in writing. One of the agencies did this immediately. Another did so after a lot of harrassment. The third never did put it on. This was after following all the correct procedures. Once the fraud alerts were on, we ran into them exactly one time while applying for instant credit. In this case, it was a home depot card. The people at the store put me on the phone with their credit department. The woman asked, "Do you know why I'm talking to you?" I mentioned the fraud alert and that was it. Here's your card. No other proof was required. I bought a car without a word from the bank who wrote the loan. Fraud alerts are a joke.

          If someone gets your information, you're hosed. There's only one thing you can do. It was modded +5 funny, but another post hit the nail on the head. Burn your credit rating.
    • by JimBobJoe ( 2758 ) on Friday October 08, 2004 @11:08AM (#10470502)
      How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?

      Or, alternatively, when will companies stop pretending that they can be trusted simply because of employee credit card verification checks, background checks and a piss test?

      I like to look at it this way, here in Ohio (as in most states) you need to go through the most awewsome background check ever in order to take the state bar. Full multi level 10 finger fingerprint check (local, state, national) credit check, employer verification check for all jobs worked since you were 16, the list goes on and on and it may even go into your mental health history (one of the few jobs you hear of that occuring.)

      In spite of all of this, the industry as a whole can be summarized as a convention of pricks.

      There are limits to background checks.
  • FBI Not Interested? (Score:4, Interesting)

    by Anonymous Coward on Friday October 08, 2004 @09:50AM (#10469541)
    Never mistake silence for disinterest (or assent, for that matter).

    The FBI could be very interested in the Pakistan and Russian connections. However they are very unlikely to be discussing details of the case with regular civilians.

    Or they could be disinterested.
    • disinterested? (Score:3, Interesting)

      by brauwerman ( 151442 )
      It's really annoying when a single word no longer means anything, and concise communication becomes impossible.

      http://dictionary.reference.com/search?q=disint e re sted

      Usage Note: In traditional usage, disinterested can only mean having no stake in an outcome, as in
      Since the judge stands to profit from the sale of the company, she cannot be considered a disinterested party in the dispute.
      But despite critical disapproval, disinterested has come to be widely used by many educated writers to mean uninteres

  • mostly insider theft (Score:3, Informative)

    by presmike ( 754040 ) on Friday October 08, 2004 @09:51AM (#10469549)
    Identity theft was covered at this years blackhat in vegas and it was stated the the vast majority of indentity theft is corporate insiders stealing the info and selling it on the web. Hackers/crackers only account for a small about of the current identity theft.
    • This is interesting because if it's true, shows a huge misconception in the "general public" and indeed in the both general and technical press. Who hasn't read some story or seen some report on TV about "phishing" and those evil "hackers" who sniff your internet conx looking for credit card numbers? And of course the huge story about Googleing for CC and SS numbers and such. I wonder if a study could be done, or more evidence of this relationship between corporate insiders and Identity Theft could be vali
      • Re:Interesting (Score:3, Informative)

        Who hasn't read some story or seen some report on TV about "phishing" and those evil "hackers" who sniff your internet conx looking for credit card numbers?

        It's not nearly as lurid to talk about joe schmoe, who got pissed at his boss and sold 100,000 customer records to some guy in detroit. Security breaches have always been about 80% inside jobs.

  • by wowbagger ( 69688 ) on Friday October 08, 2004 @09:54AM (#10469581) Homepage Journal
    You are damn right the problem is built-in to the system.

    The scum create an account, and charge a bunch of crap to it from stolen cards. They then extract the money and run.

    The people bilked bitch to the credit card companies.

    The card companies attempt to reverse the charges.

    The poor business who was impersonated gets stuck with the bill. At best, the company can establish its innocence, and the CC company writes the cost off its taxes.

    If the *credit card companies* were the ones who had to suffer the costs of fraud, rather than shifting it to the companies or to the taxpayer, then they would be a HELL of a lot more motivated to add stronger authentication to the system.

    As it stands now, if somebody is committing massive credit card fraud in the form of lots of small charges, and you try to bring this to the card company's attention, they blow you off because it just isn't worth their time - it is easier to just charge back to the merchants. A friend of mine who works in the order-processing chain for a large company ran into just that - he detected a fraud ring attempting to rack up a lot of charges, he called the card company and said "I'll give these guys to you with a ribbon tied around them - addresses, names, the works." "Not interested - bu-bye!"
    • by qbzzt ( 11136 ) on Friday October 08, 2004 @10:02AM (#10469680)
      If the *credit card companies* were the ones who had to suffer the costs of fraud, rather than shifting it to the companies or to the taxpayer, then they would be a HELL of a lot more motivated to add stronger authentication to the system.

      Except they are the ones who pay for it. They get to deduct a business loss from their taxes, because those losses reduce their earnings.
    • [a friend] called the card company and said "I'll give these guys to you with a ribbon tied around them - addresses, names, the works." "Not interested - bu-bye!"

      I hope he went on to discuss it with the FBI (assuming he's in the US). They're normally interested if a reasonable amount of money is involved and if someone else has already done the heavy lifting for them, it would look good on their scorecard...

    • If the *credit card companies* were the ones who had to suffer the costs of fraud

      Then they would never reverse the charges onto the consumer's card. They would just say, "Oh, tough luck ... "
      (or at least you would have to hassle them to death, and after they opened an investigation they might give you the money back after a couple of months)
  • Why cant you just go and legitimately buy a whole series of off the shelf companies?

    Then you get a totally legit and above board merchant account to run your stolen cards through.

    Here in the uk you can see ads for pre-created legitimate shell companies that you can buy cheaply and rename to cut out the hassle and legal niceities of creating a limited company from scratch.
    • Actually, even if you rush off and buy an off the shelf company and a rename (for a hundred quid say). You still can't open a business account.

      *I* own such a company, I use it, it trades, it files tax returns.... and the palaver I have to go through to open accounts and things is bonkers.

      (Instead I have to turn up with massive piles of other documents.)

      Because I don't have a passport. And in Britain, to open a company bank account, all the company officers have to turn up in person and present their pass
  • by SomeoneGotMyNick ( 200685 ) on Friday October 08, 2004 @09:56AM (#10469602) Journal
    ...appears to be by trashing your own credit. This way your credentials will be rejected for new applications.
    • 1. Start off as a person not using credit.
      2. Apply for a moderately difficult to get account, such as a 9.5% preferred visa card, and not a simple card to get (i.e. a 21% Sears card).
      3. On the application, list a low income, a job like "writer", and stipulate your income is irregular.
      4. You now have been rejected for credit, and this will stay on your credit score for at least 2 years. At this point, the companies that would have issued you a small limit - high interest card won't see the reasons you were r
  • by GooberToo ( 74388 ) on Friday October 08, 2004 @10:18AM (#10469848)
    ...I've worked in the credit card industry for many years and am friends with a VP at one of the largest ISOs in the US.

    Simple fact is, the system is not designed to prevent fraud. It is designed to detect, catch, and prosecute those that do exploit the system. Granted, the industry has slowly started trying to move toward a more proactive stance, while making it a little harder to comit fraud. But the merchants generally complain about efforts to make it harder on criminals and go out of their way to facilitate these types of problems.

    Long story short, you may think you're getting away with these types of crimes, but rest assured, it's only a matter of time before you are caught and placed in jail.
    • I seriously doubt it. Whether or not your caught has everything to do with return on investment. If the credit card company can stick a customer with the cost, that's far cheaper than the legal fees involved in doing the right thing. It's only the big fish that get fried. They persue fraud artists only if they're costing the company more than the legal fees to remove them. It's all part of their business model.
  • Now, since those that fund the whores in DC are being hurt by this, DC will do something about it.

  • by Presence1 ( 524732 ) on Friday October 08, 2004 @10:24AM (#10469915) Homepage
    ... that the company whose identity is misused is seen as being responsible for the losses. It is the merchant service providers and banks that should be held fully responsible -- they are the gatekeepers who failed to mind the gate, never checking the imposters' identies or association with the company.

    "For all of us, it's a tough business," Steinberg, of Merchant E Services, said. "It's a large, large problem."

    No Shit, Sherlock. It may be a large, large problem, but it is your responsibility to solve it. If you can't solve it or handle the losses, you shouldn't be in the business. Period.

    Any suggestions on how to keep the losses on the banks and service providers, instead of the businesses?
  • Notice that the linked to factoid has no information about which 10 people they asked, and which 7 answered, and is supported only by a link to a databse they know most people won't have access too.

    They're not even trying to look like they aren't shoveling bullshit.

  • Scary to think anybody with a jpg image and a compiler can get anything they want off of your corporate network....
  • Merchant services have been aware of this type of fraud for a decade or more, this type of fraud is now on an uptick. Thats all.

    I remember back in 1996 when I was setting up my company to process credit cards, they had to come and photograph our business, photograph myself, just to PROVE that we were a legit business that would process cards, and all this was sent in with our applicaiton by a trusted THIRD PARTY.

    This type of scam was around before identity theft was huge because all the criminals needed w
  • by Animats ( 122034 ) on Friday October 08, 2004 @11:59AM (#10471206) Homepage
    This scam depends on the netherworld of "credit card merchant providers", who are also the money launderers who make spam possible.

    If you're a legitimate business, and want to accept credit cards, you go to your bank and open a merchant account. They check your financial history, may demand a deposit (on which they pay interest), want to see you in person, may visit your premises, and make you sign a painful contract. Then they charge you about $100 per month, plus 1-3% of the transaction cost. This is the way real companies do it.

    If you're a less legitimate business, there are services for you, too. Charge-It-Now [charge-it-now.com] is a more or less legitimate one. "Now you can be approved to accept credit cards in as little as two hours and have a live merchant account in 24 hours. Applying online for our Internet processing software has never been easier. The entire application process is done online in less than 10 minutes and with our digital signature approval process; we do not need a physical signature. We deposit funds directly into your existing bank account. ... We accept 98% of applicants". At this tier, the rates are higher and the merchant is more likely to be doing something dodgy. These outfits aren't regulated as banks. They're resellers of banking services. They need to be better regulated.

    Further down in the muck, there is the "high risk merchant account" [rapidmerchantaccount.com] business. "Has PaySystems or other merchant providers shutdown your company, virtually stopping you from processing credit cards? ... Good Credit / Bad Credit okay! ... We pride our business on the fact we can place just about any business type. Even if you've experienced problems in the past with other processors or have a low credit rating." This is where your mid-grade spammer gets credit card processing. Most of those operators need to be kicked out of the credit card system.

    Down at the bottom, there's "offshore high-risk credit card processing". [121merchantaccount.com] "Merchant account service for bad credit, high risk, gambling, and adult related business." This is the land of 15% fees, long holdbacks, and processors who disappear suddenly. Here we find companies operating from undisclosed locations, a criminal offense in many jurisdictions. These outfits help crooks and spammers launder their money, evade taxes, and hide from law enforcement. These operators are essentially part of organized crime.

  • Embezzling money from companies via Corporate accounts? CEOs have been committing this crime at least since the 80s. ;)

Garbage In -- Gospel Out.

Working...