Thieves Using Stolen Credit Cards to Make Donations

JagsLive writes with a link to a Newsday.com article about 'philanthropist identity thieves'. Credit card thieves appear to be donating to charity with their stolen goods. While it may sound like a strange form of generosity, it's really a method to determine whether a stolen card is valid. "The verification method has become popular because the monitoring software at credit-card companies may not question donations to charities, according the Symantec blog. Santoyo said the schemers usually donate less than $10. American Red Cross spokeswoman Carrie Martin said, 'This happens all the time. We have people at the Red Cross who deal with this type of activity.' Last month alone, the Red Cross refunded 700 fraudulent credit-card transactions, Martin said. That figure doesn't include the transactions the charity blocked because they appeared fraudulent."

Just plain thieves

[Anonymous Coward]

Not only are these scum ripping off the card holders, they are costing charities time and money.

There is no reason to call them philanthropist identity thieves. They are identity thieves or just plain thieves.

Re:Just plain thieves

[D-Cypell]

They are identity thieves or just plain thieves.

Lets just call them plain thieves as the term 'identity theft' is just something invented by the banks to blame us for when their money get stolen.

Actually, a comedy programme I listen to on UK radio had a great little skit on this. A guy being called by his bank who told him his was a victim of 'identity theft' and lost his money. He responded by telling the bank manager that he was sorry to hear that they had been robbed... "No no, you don't understand, this is identity theft!". When it was put like this, it was not only pretty funny, but held a mirror up to how absurd this 'identity theft' thing really is.

It ended with the customer overhearing a bank robbery happening at the bank with the robber shouting... "Put all the money in the bag" and the manager responding... "I think you mean all the *identities*" :oD

Re:

[xENoLocO]

So if someone steals your SSN and fraudulently obtains a credit card, it's the institution's fault? Who's the victim? You are.

If the bank made an error on a transaction, would you say they lost their money? Hell no... you would say they lost your money. How is this any different?

Please think before bringing a rediculous argument to the table.

And to the grandparent... thieves are thieves, indeed.

Re:

[itlurksbeneath]

So if someone steals your SSN and fraudulently obtains a credit card, it's the institution's fault?

It is when the institutions are the ones leaking data like a sieve. Employee theft, unencrypted data by the megabyte on stolen laptops, lax security on internal networks and external facing systems, etc...

Re:Just plain thieves

[FLEB]

So if someone steals your SSN and fraudulently obtains a credit card, it's the institution's fault? Who's the victim? You are.

A service provider accepted falsified credentials and assumed an agreement because of fraud by an improperly authorized third party. Why should I be involved, responsible, or at fault? It's completely between the fraudulent third party and the defrauded lender... or, rather, it should be.

The only reason the banks don't get their share of the fault is that performing satisfactory identification of potential borrowers would acutely cut into their margins, so it's called "identity theft", and the "defrauded" third parties are simply assumed to have racked up debts or made agreements based on identification that is obviously too flimsy (given the widespreadness of the problem.)

If the bank made an error on a transaction, would you say they lost their money? Hell no... you would say they lost your money. How is this any different?

The bank lost track of the money you entrusted to them. If the bank uses this to deny you access to that money, then you "lost" the money you entrusted to the bank (by virtue of poorly picking a bank). Still, this isn't even similar-- you were the party that entrusted that money to an incompetent bank. In identity theft, you may have no connection at all to either the service provider or the fraudulent requester.

Re:Just plain thieves

[nwbvt]

"So if someone steals your SSN and fraudulently obtains a credit card, it's the institution's fault?"

Well, yeah. SSNs were never intended to be secret numbers that only the owner would know, so in theory it shouldn't matter if the whole world knew your SSN. If the institution issues a credit card without doing a sufficient job to verify your identity (which unfortunately is usually the case), it damn well is their fault.

Re:

[Agripa]

College-Aged Bishop: Richard Nixon's personal checking account is in here!
College-Aged Cosmo: Oh, this is a challenge. Marty, we have to find someone truly worthy to give his money to.
College-Aged Bishop: How about... the National Organization to Legalize Marijuana?
College-Aged Cosmo: Perfect!

Re:

[Afecks]

Not only are these scum ripping off the card holders, they are costing charities time and money.

I'm sorry but I have a bigger problem with the credit card companies that charge $15 to $30 for each fraudulent charge. Consider the fact that the chargeback fees are several times more than the actual charge. If a donation turns out to be fake it's not a big deal because you are back to where you started, nothing right? Except that's not true, thanks to the fees you get slammed with. Most of the time the merchant loses, sometimes the customer loses but the credit card companies always win and they are the

Re:

[j79zlr]

I don't know where you've pulled that number out of, but I've had fraudulent charges made three times on my credit cards in the last 10 years on different cards each time. Each company had a policy of $50 that the customer is responsible for and in each case I was refunded ALL of the money. I did not have to pay any charge-back fee or be responsible for the $50. I once had to have the affidavit that I did not make the charges notarized which cost $1.

Re:

[sunwukong]

Chargebacks cost the store/supplier/seller, not the customer. It's one reason why stores/sellers will sometimes be reasonable when there's a dispute over a credit charge.

As someone posted earlier, the credit card companies aren't the ones groaning financially at the cost of fraud ...

Re:

[Afecks]

but I've had fraudulent charges made three times on my credit cards in the last 10 years on different cards each time

You obviously missed what the hell I was talking about. You are a CUSTOMER I'm talking about the MERCHANTS that have to pay $15 to $30 just because some asshole used your card. Please don't respond unless you know what you're saying.

Re:

[j79zlr]

You are an angry little man, aren't you?

Re:

[grolb]

It costs some charities, not all. When my credit card was used by an identy thief, he charged gifts to three "Christian" churches. I checked - they did exist - but all accepted the payment.

Robin Hood

[cpirate]

Steal from the rich and give to the poor.

Re:

[Creepy Crawler]

Steal from the rich and give to MEEE!!!!

Not Robin Hood.

[Anonymous Coward]

1. Less than $10 'donated' per card.
2. Using charities as a confirmation method to make extra money, illegally selling access people's bank accounts.
3. Charities have to refund the money when the credit card is reported stolen.

If criminals such as these were truly charitable or showing a change of heart, $10 or less seems a peculiar way to show it. The fact that these crooks are using charities for their own dirty deeds shows a selfishness that I don't recall Robin Hood having..And, the fact that charities have to refund the money in the end, means that money might be spent that the charity would have otherwise saved in the reserve fund. So it's basically stealing from the charity's perceived pool of funds.

I know we Slashdotteurs have a 'stick-it-to-the-man' attitude and like to see the underdog rise up. But these people are crooks..Nothing of what they're doing is charitable or moral in anyway. The Robin Hood association is definitely inappropriate here. It just diminishes the real work people do for society.

My 2 cents.

Re:

[RealGrouchy]

True, it's not Robin Hood, but it isn't too big a problem (for the charities).

Since they are donations, and (presumably) not purchases, the only cost of these non-donations is administrative. If they're big enough to accept credit cards, they're presumably also big enough to have a competent treasurer (or accounting department, if they're really big) who will include this form of loss-of-revenue in the budgets.

For the stores whose goods are purchased after the cards are verified, life will suck a lot more.

-

Re:

[Kalriath]

Actually, the only cost of it is the 50 TO 75 US DOLLAR PER CHARGE chargeback fee if they don't catch the transaction in time. I don't have enough faith in the generousity of banks that they'd waive that.

Re:

[geekoid]

"I cannot steal from people who are comfortable and give to the moderately impoverished; " E-Izzard

Re:

[dunkelfalke]

Dennis Moore [youtube.com]

Re:

[Stormwatch]

"It is said that he [Robin Hood] fought against the looting rulers and returned the loot to those who had been robbed, but that is not the meaning of the legend which has survived. He is remembered, not as a champion of property, but as a champion of need, not as a defender of the robbed, but as a provider of the poor. He is held to be the first man who assumed a halo of virtue by practicing charity with wealth which he did not own, by giving away goods which he had not produced, by making others pay for th

I must mention my favourite charity

[Timesprout]

The Cocaine and Hooker Party for Timesprout Foundation.

Please give what you can.

Re:

[ResidntGeek]

Sorry, I've already pledged to the Palm Beach Golf and Tennis Resort.

Sneakers

[Anonymous Coward]

"In a surprise announcement, the Republican National Committee has revealed it is bankrupt. A spokesman for the party said they had plenty of money in their accounts last week, but today they just don't know where the money has gone. But not everybody is going begging. Amnesty International, Greenpeace and the United Negro College Fund announced record earnings this week, due mostly to large, anonymous donations."

Re:

[xtracto]

Aaaa great movie [wikipedia.org] that one! I think it is one of the few movies which portrait in a credible manner what hacking was all about in those times... of course with a hollywood cut... I used to watch that movie in open TV and 10 years after I didnt remember the name and could locate it after asking in usenet for a movie where there was a deaf guy who recognized a place after simulating the sounds =o)... pretty clever argument!

Why reverse charges

[ghoul]

Why reverse the charges? The credit card companies make enough from usurious interest rates to absorb the small payments to charity

Re:

[Colin Smith]

The credit card companies make enough from usurious interest rates to absorb the small payments to charity

WTF? They're bankers.

 

Re:

[TubeSteak]

I'm not sure if this was your point, but under Federal law, banks are exempt from the usury limit... which means they can charge whatever rate they like.

Re:

[ghoul]

We could just put them to work on sugarcane plantations to grow ethanol like they do in Brazil. Much more productive than debtors prison

Re:

[mulhollandj]

Because it is their money. If they choose to donate then let them. If they choose not to then don't.

Re:

[N3Z]

It has more to do with the fees that get charged to businesses by the credit card companies for outstanding fraudulent charges. If the charge is reversed before the credit card company discovers that it is fraudulent, there are no extra (punative) fees.

700 refunds

[acidrainx]

700 refunds of (probably) less than $10 each? I realize they've just had money stolen from them, but they're asking for a $10 refund from a charity? Nice.

Re:

[Anonymous Coward]

$10 makes a difference for some people who are always at their credit limits. plus, i think Red Cross refunded them because it's the principle of taking money that wasn't really given to them. they don't want to look like cheap ripoffs. it's like having somebody supply you with say, stolen candy. sure, it's seemingly cheap and you could easily eat it, but does that make it ok?

Re:

[zippthorne]

Candy stolen from.. babies perhaps?

Which brings to mind another completely off-topic question:

What the hell kind of incompetent parents are giving lollipops to infants, anyway?

Re:

[stonecypher]

FTFA, American Red Cross is refunding without being asked, as a matter of principle, and frequently to people who didn't even realize they'd been defrauded.

Re:

[Actually, I do RTFA]

Typically, you tell a credit card when the card went missing and what the first fraudulent charge was. You have to sign an affidavit to attesting to those facts under penalty of perjury. Somehow, I don't think the niceness of giving less than $10 to charity is worth a possible 20-year prision term.

IANAL, just a guy whose credit card was once stolen.

Re:

[gordgekko]

Most charities I would let it slide but not with the American Red Cross, not after some of the games they've been caught playing with donations.

Re:

[Stunning Tard]

but they're asking for a $10 refund from a charity? Nice.

You're accusing the credit card companies of being cheap but they[visa,mastercard] have donated to the Red Cross [paymentsnews.com] in the past. During the tsunami disaster there was a $1 million donation as well they waived transaction fees for donations. It was a similar story for Katrina.
I won't go so far as to say these corps have morals, these donations were high profile and probably cost less than a short ad campaign. But those donations do dwarf their refund

Re:

[xouumalperxe]

Nowhere did it say that the owners of the cards had *requested* the refunds. If I were in the place of the Red Cross, I'd certainly want to give the money back, if only to make sure that my image remained immaculate.

Why refunds?

[Odiumjunkie]

> Last month alone, the Red Cross refunded 700 fraudulent credit-card transactions, Martin said.

Surely, a fraudulent credit-card transaction is caused (in theory) by the credit-card company fucking up? I would have thought that the credit company would absorb the loss instead of being able to make the receiving party refund the money.

If I buy a $6000 HDTV using a stolen credit card, and I fake the signature on the receipt very convincingly (so the TV shop follows due diligence), when it emerges that the card was stolen is the TV shop out 6k? How can the CC company force the shop to refund the money? Isn't it the CC company's fault for having poor security measures?

Re:Why refunds?

[qengho]

when it emerges that the card was stolen is the TV shop out 6k?

Yep. The merchants absorb the cost of fraud, and the CC companies have very little incentive to create effective fraud-prevention measures.

Re:Why refunds?

[geekoid]

Make it so the CC company has to give the money to any merchant that followed the prescribed security procedure as dictated by the CC company. Then we would see some real security in the CC industry.

Re:

[JamesP]

Well, it is very simple.

Ask for ID

The signature behind the card means absolutely nothing. The only way to be sure is to ask for ID.

If stores will charge 6k to any CC out there,not checking, too bad for them.

Re:

[Odiumjunkie]

So, you want to ask someone for a little plastic card with a name on it to make sure that another little plastic card with a name on it is theirs?

Re:

[Jerry Smith]

So, you want to ask someone for a little plastic card with a name on it to make sure that another little plastic card with a name on it is theirs?

Yes! :) Both are little plastic cards, but the thing is: they have to have identical names and signatures. The small crook, just on pickpocket level, will not be able to abuse this card. He'll will have to sell it to a pro-level crook who's able to generate a matching ID-card. And befóre the card is reported stolen. It's not fail-proof, but it buys time. I wrote 'he', but it also applies for female crooks.

Re:

[Kalriath]

Awesome. I'd never be able to use a credit card then - after all, I can't sign my OWN signature twice identically.

Alternatively, require that any credit card configured with a PIN require that PIN and forbid signatures - then if it does get used by someone else it probably is my fault.

Re:

[tlhIngan]

The signature behind the card means absolutely nothing. The only way to be sure is to ask for ID.

Actually, I don't know why people think that the signature on the back is for verification purposes. It isn't.

Signing the back of the card is a contractual measure saying that you agree with the cardholder terms and conditions. That's why merchants are not supposed to allow blank signature panels, "Check ID" or other crap on there. Because without a signature, the card is merely a piece of plastic with no potent

Re:Why refunds?

[Ron Bennett]

"Card Present" and "Card Not Present" transactions are treated very diffently. The latter is what the article is discussing - and yes, the merchant is most always the one liable for bogus charges.

On a related note, there are other *per-transaction* costs of such bogus on-line "test" transactions mentioned in the article that many people aren't aware of, such as:

* Gateway fees
* Authorization fees
* AVS / CVV2 surcharges
* Settlement fees

These are IN ADDITION to the discount fees (ie. ~3% or so) of the dollar amount of sales.

Even if later the transaction is voided / refunded, the merchant typically still pays the above per-transaction fees regardless.

And even worse, depending on the merchant processor, the discount fees may not be refunded either; upon refund it may even be charged again! Doing "auth-only" and hand verifying sales before submitting the batch can help mitigate such refund costs, but is often labor intensive.

One nasty scenerio for an on-line merchant is a carder running thousands of card "tests" on their small business / charity website ... the per-transaction auth fees alone can easily run into many hundreds, or even thousands of dollars.

Large merchants have more favorable merchant agreements / absorb such costs with no problems; often have advanced fraud screening in place to throttle such extraneous transactions. The small merchants, such as charities, are those who really suffer from such card "tests".

Ron

Re:

[funkyloki]

Be aware that it is not force they use. They don't call the merchant and say "return the money or else." What a CC company does is automatically reverse the charge against the merchant. They take all the money back even though some of the money made by the merchant goes to the merchant operations (the company who provides the ability to accept credit cards from customers in the first place). Then on top of that, they also charge the merchant a fee for the return (anywhere between $12 and $35 depending o

Re:

[holt]

Most customers do not mind this, and some are actually glad we do it. The ones who get angry and walk out are usually using a frauded card.

I'm not the type that will get upset with the person at the till if they ask for ID for a credit card transaction (actually, I'll either avoid that merchant in the future or make sure I have the cash to cover the transaction before entering the store, just because of the inconvenience), but how do you know that the angry ones are using fraudulent cards? Do you hav

Re:

[funkyloki]

It was just an assumption that the ones who won't show me an ID are the frauded cards. Probably a poor assumption, but 90% of my customers do not mind showing me an ID to validate their credit card. Just like ones who are writing a check don't mind either. But, you would actually avoid a merchant who is only looking out for their best interest (as well as yours, in effect to prevent someone from fraudulently using your card) by asking for an ID when using a credit card? A little inconvenience can go a lo

Re:

[holt]

Well, it's one of those things where if I have two stores right next to one another, no cash, and I'm in a hurry, I'll pick the one where I don't have to show ID just so I don't have to dig it out of my wallet. About the only time I have to use my ID these days is when a new guy starts working at the liquor store where I buy beer (they have an excellent selection and good prices, so I almost always go there unless I have a good reason not too), and they don't recognize me (and they're being extra careful).

Future headline:

[Tatisimo]

Red Cross Busted in Credit Card Stealing Scheme. Hundreds of non-profit hospitals around the world close due to lack of funding.

Seen this happen...

[Dekortage]

I've set up and managed online donation systems for various charities, and see this happen all the time. Most of the time, the donor doesn't bother asking for a request, although they may inquire about it. Requiring the CVV2 code [wikipedia.org] (the extra 3 digits on the back of Visa/MC or the extra four digits for AmEx) really does make a difference for fraud prevention: our logs show people attempting to use the same credit card number with wildly different CVV2 codes, failing time after time. They're just guessing and eventually give up.

Re:

[ghoul]

3 digits are a thousand codes. Say each website allows turns before freezing. Just trying out 200 charities will give them the cvv2. we need public key encryption

Re:

[SpottedKuh]

3 digits are a thousand codes [...] we need public key encryption

"Sir, could you please read me the 768-character hexadecimal public key printed on the back of your credit card? ... Yes, sir, the one in the really tiny font."

Re:

[D-Cypell]

The CV2 code is known only to the cardholder and the issuing bank. To validate a code the the details must be sent to the issuing back for validation. Issuers will block the card after a certain number of failed transactions on the card, so it is not quite as easy as just trying it over and over until you get it right.

Re:

[ozbird]

The CV2 code is known only to the cardholder and the issuing bank.

And anyone who has checked your signature for an old-fashioned in-store purchase.
Banks warn you not to write your PIN on the card (duh), so why print the verification number on it?

Re:

[Fire Dragon]

Banks warn you not to write your PIN on the card (duh), so why print the verification number on it?

PIN is there to stop somebody to use your card right after it goes missing. It is a lot easier to know that if your physical card has disappeared than knowing if some online shop has had your creaditcard info stolen. Verifications number shouldn't be stored anywhere else than in the back of the card, online payment methdos can't store this info on their database. Card numbers are stored for various tracking re

Re:

[zCyl]

The CV2 code is known only to the cardholder and the issuing bank.

Right. How about, the cardholder, the issuing bank, anyone who has looked at the card, and any of the countless businesses that has ever asked for the CVV2 code.

And... The more businesses that ask for the CVV2 code, the more stolen credit card databases will have the CVV2 code as part of them.

Re:

[petermgreen]

3 digits are a thousand codes. Say each website allows turns before freezing. Just trying out 200 charities will give them the cvv2. we need public key encryption
surely the banks should be able to spot such attempts to brute force the ccv2 number.

Re:

[Dekortage]

You would be right except that the issuing bank would freeze the card after several attempts. Also, as noted elsewhere, merchant processing gateways can do "IP velocity checks" -- to determine the quantity and frequency of credit card transactions from a given computer IP number, and only allow a specific # of transactions per day.

Re:

[xgarb]

so they freeze the card.. move onto the next generated card number and have a go at guessing the CVV. All from multiple IP addresses of course. Automate and you'll get a successful transaction and therefore a card number + CCV number every now and then.

Re:

[bigNuns]

i have also set up donation systems for non profits and also seen this sort of thing, one for a fairly high traffic site that processes a decent number of donations. while cvv2 checks help, in my experience even with cvv2 checks and address verification checks you still need to do things like track the number of attempted donations per N minutes for a particular ip address. blacklisting anything that doesnt pass the test for a day or two... i do a few other strange things with the form submission to keep th

Re:

[Dekortage]

Yeah, the CVV2 check is not infallible. The IP velocity checks are useful, and some merchant accounts (like Verisign's Payflow Pro) offer this as a built-in feature. Another approach is to set up minimum donation amounts (like $10 or $25) which are more likely to be noticed by the credit card holder than just a $1.

Sounds like the government

[mulhollandj]

But they do it through taxes. Forced charity causes both resentment in the giver and the receiver.

Charge-backs suck

[bluefoxlucid]

Credit card companies charge $25 for a charge-back. So if you buy something for $10, then return it and have the money charged back to your card, you get $10 back and the store pays out $35 to recover the $10 item. These fraudulent donations hit the charities up the same way, leaving them poorer in the end; if it's not too much trouble, please do consider telling them to go ahead and keep the money, if it's just a few bucks.

Re:

[68th Overlord]

Credit card companies charge $25 for a charge-back. So if you buy something for $10, then return it and have the money charged back to your card, you get $10 back and the store pays out $35 to recover the $10 item.

Do you have a source for this? It doesn't seem to fit with how stores behave. Brick and morter stores usually choose to refund items bought with a CC back to the card. Many insist on it. If they could give you a $10 cash refund out of the drawer and avoid paying a $25 fee, wouldn't they? My understanding has been that any significant chargeback fee only applies when the card holder disputes the charge. With so many stores requiring refunds to go back to the card, that behavior led me to believe that volunt

Re:

[gbnewby]

Discover, Visa, etc. all have Web pages discussing their merchant fees, but they are not too detailed and are country-specific. I'm being lazy and not pasting any URLs here, but they're easy enough to find - I just did this for some research I was doing regarding PayPal's chargeback fees.

$25 is ballpark accurate. I saw some for $35, and some for $10. It also depends on things like the issuing bank (since Visa & MC are issued through banks, versus Discover & AmEx which are monolithic companies), t

Refund != Chargeback

[patio11]

Allow me to throw my IAAAIM (I Am Actually an Internet Merchant) two cents into the ring here: if somebody buys my product for $24.95 and then either asks me for a refund or I decide to refund it to them for whatever reason, including I suspect that the order was placed in error, that costs me either "nothing" (Paypal/Google Checkout both eat the CC fees) or "very little" (I end up paying the fee I paid for the transaction, in the neighborhood of a buck). The refund shows up right to their credit card stat

Obligatory

[Robber Baron]

We have reached our goal of $10,000 and its all thanks to one generous caller who didn't leave his name!
But thanks to Insta-trace we've learned it's Homer Simpson of 783 Evergreen Terrace.

Old news

[kd3bj]

What, has it been like 5 years this has been happening and suddenly it's news? Credit cards authentication is a total joke. The security of credit cards is based on chargebacks to the merchant, placing the burden of fraud prevention almost entirely on the merchant. Banks and processors profit on fraud because of chargeback policy, and consumers are protected by law.

When the merchant is a charity, none of this changes by magic. The charity/merchant is still responsible for dealing with fraud. It's ridiculous

Don't Make It Hard For Your Customers

[patio11]

Charities accept credit cards for the same reason that I (small merchant selling software on the Internet) accept credit cards: offering people the ability to satisfy their urge RIGHT NOW makes them orders of magnitude more likely to do business with you. If they are accepting them without asking for the CVV code, yes, somebody in their web development group needs to be hit upside the head with a copy of Security Best Practices for Online Merchants, but the sensible default is to accept the vast majority o

Costing charity money

[Joebert]

So realisticly, this is actually costing charities time & resources they shouldn't otherwise be using ?
That's pretty low, even for thieves.

No one see NBC??

[theillegalimmigrant]

Nobody saw the episode of NBC "To catch a ID thief"?? everytime that these people get a credit card number, the first thing they do is a small donation to verify that the stolen credit card number is right!! not because they are good people but just to see if the information is right!!

Re:

[AngryJim]

Holy shit. No, I did didn't see this show you're talking about, but apparently you didn't even read the third sentence of the description.

Fighting back

[Sigma 7]

Is there any effective methods of fighting back against identity theves?

The tactic that I've recently started involved visiting the sites found in spam e-mails that I receive (for example, the My Canadian Pharmacy [spamtrackers.eu] series of spams), take an identity generated from a fake name generator (that also provides CC and CVV numbers), and place an order. This series of companies tends to queue up the order for processing in 24 hours before shipping.

While fun, it doesn't seem directly productive if I'm the only one d

Its been happening for YEARS

[nweaver]

2+ years ago I had this happen to me. It is an easy way to validate old card #s that a hacker gets.

Re:

[alexeiz]

This happened to me back in 2002. $1 to some charity. At that time I didn't know this scheme and I was left wondering what it meant. But nontheless it was duly reported, the credit card was immediately cancelled and I avoided more fraudulent transactions.

thats nonsense

[yourmomisfasterthana]

i always donate 10$ to the red cross with my credit card before going on a 10~20 thousand dollar spending spree!

Re:

[account_deleted]

Comment removed based on user account deletion

Damn merchant processors

[QuasiEvil]

So it's a slight tangent from the main topic, but I got yet another letter today from my bank, letting me know that my bank card number was amongst those harvested from a compromised card processor, and that my card number would be cancelled and reissued within a few days.

My favorite part? "For privacy reasons, the name of the processor cannot be revealed." I think it should be a fucking law that they have to name the guilty party in these sorts of things, so that we (everyone whose number was compromised

You're missing the big cost here...

[hacker]

There's one piece of this fraud that isn't being talked about, but it is where the REAL crime is happening.

We have been accepting donations [plkr.org] for several years now using PayPal, and very recently, we've seen this happening with donations being given to our project.

Example: We receive a $5.00 donation from someone through PayPal. Roughly two weeks later, after we've withdrawn the funds to our bank account, the original donator disputes the "charge we made" to their credit card (we make no such charges, and

Re:

[jujuchef]

There are various fraud prevention software solutions that every bank (merchant(acquiring) or issuer financial institution) must use if they want to use the Visa/Mastercard/Insert Name here brands. If they do not, there are heavy fines (These have just went up at the end of June 2007).

These peices of software have so many adjustable 'rules' that responding to these sort of behavioral fraud trends is a few mouse clicks and real-time. It is up to the users of the software to adjust to these trends. Fina

This happened to me

[martinmarv]

I noticed a transaction to the British Red Cross in April for 4.00 GBP, which I hadn't made. I thought about it (it's only 4 quid, and it's to a charity, but on the other hand how the hell did it happen?), and decided to phone my bank, who reversed it. A month later, another 4.00 GBP transaction, so I rang my bank and cancelled the card. Later that day, another transaction for the same amount was authorised by my bank (who apparently hadn't processed the cancellation request as quickly as I would have liked