Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Spam The Almighty Buck The Internet IT

A New Approach To Reducing Spam: Go After Credit Processors 173

Posted by timothy
from the now-drag-out-the-list-of-why-it'll-fail dept.
WrongSizeGlass writes "A team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, and they think found a 'choke point' [PDF] that could greatly reduce the flow of spam. It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies. If a handful of companies like these refused to authorize online credit card payments to the merchants, 'you'd cut off the money that supports the entire spam enterprise,' said one of the scientists." Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."
This discussion has been archived. No new comments can be posted.

A New Approach To Reducing Spam: Go After Credit Processors

Comments Filter:
  • by amicusNYCL (1538833) on Friday May 20, 2011 @06:41PM (#36197390)

    If a handful of companies like these refused to authorize online credit card payments to the merchants

    You suggest that as if this specific activity was not these people's business model. A credit processor in Azerbaijan doesn't just one day decide to start processing spam purchases, they open their business specifically for that purpose. Good luck getting them to switch business models just because you want them to.

  • Hilarious (Score:5, Insightful)

    by airfoobar (1853132) on Friday May 20, 2011 @06:42PM (#36197402)
    This approach is already being used against the "evil pirates", but they haven't even gotten started on the spammers. Getting their priorities straight: they go after the teenagers sharing music first instead of the real criminals sending out phishing emails, viruses and shit like that. FTW.
  • by Anonymous Coward on Friday May 20, 2011 @06:58PM (#36197566)

    Next possible spam :

    Hi, we are a new anti-spam group generating random cc to bring down spammy sites. We want to ensure your card is not billed accidentally. Please send us your valid credit card number so that we can filter out yours.

    Anti spam group

  • by _KiTA_ (241027) on Friday May 20, 2011 @07:12PM (#36197708) Homepage

    I've never understood why not, when a computer can generate millions of spam ads for viagra, that another computer cannot generate millions of (fake) orders for the viagra.

    Because one is legal, the other is not.

    We worship Capitalism in the west, as much if not more so than freedom. While distasteful, spam is pure Capitalism -- people do it cause it works. Intentionally flooding the system with fake orders goes against the holy tenants of Capitalism, ergo, it would not only be illegal, it would be actually investigated. Rule #1 of America, you never get in the way of someone making money.

    (Rule #1.1 is "Unless someone making more money objects," of course.)

  • Re:Competitors (Score:5, Insightful)

    by RobDude (1123541) on Friday May 20, 2011 @08:11PM (#36198150) Homepage

    Laws are entirely theoretical until they are enforced. Until that point there is no difference between a law and a polite suggestion. The posted speed limit only has meaning if and only if there is a system that enforces that law. IE - in many parts of the US, there are many roads where 'everyone speeds'. Because 'everyone knows' cops won't pull you over until you are going some arbitrary speed faster.

    The problem with cyber crimes (including credit card theft and identity theft) is that there is (largely) no enforcement. We don't enforce those laws. Mostly because we can't.

    If we can make another aspect of these crimes both illegal and enforceable, then we could cut down on the crimes. But as it is now - there is no risk to the criminals. This is a true example that just happened to me on Monday....I had a friend whose e-mail was hacked and the hacker sent out e-mails to everyone on his contact list (from his e-mail address) saying he needed money. The IP address originated from Nigeria.

    Call up the police and get them to act on that.
    Go to the FBI website and report that IP address.
    Call the local Nigerian officials and tell them what has happened.

    All of them will laugh at you and say, 'Never send money to someone without verifying their identity'. We blame the victim. We say, '*YOU* need to be smarter and avoid dangerous activities'. Nobody *does* anything. I had a similar experience when my credit card number was used fraudulently....the investigation only went far enough to determine if *I* used the card. They didn't even try to track down the crook who used it.

    Could you imagine if we did this with other crimes? The public outcry that would come from it?

    "Well, most rapes happen at parties with alcohol and young males - it's too bad you got raped, but hey, next time....avoid parties with college guys and alcohol"
    "Well, most hate crime happens to someone who is ethnically or racially different from the local's too bad you got your house burned down - but you should live with your own kind...."

    But with cyber crime - that's exactly what we do.

    "Well, memorize a different, complex, long, secure password for every site you log into. And change them. Frequently!"

    I'm not against prevention, but it's a shame that we stop at that point. The only international cyber criminals that get caught are the ones who go far beyond scamming regular people. IE - steal my credit card, nothing happens to you. Defraud my wife, nothing happens to you. Hack into a large company and get a LOT of money or a LOT of information - you might get caught.

  • by Dahamma (304068) on Saturday May 21, 2011 @12:24AM (#36199666)

    Yep, that's exactly what would happen when you ask them to voluntarily lose revenue for the sake of general goodwill.

    If, however, you make it illegal to knowingly process payments from a merchant using (already illegal) spam to generate sale (after proper notification from a government entity), that would be a different story.

    Here's how a similar process already works today:
    US govt: "Here's the merchant number of an organization that may or may not be funding terrorist organizations. Shut it down."
    [...approximately 2.5 seconds later...]
    VISA: "Done! Would you like us to destroy their credit rating and kidnap their dog as well?"

The longer the title, the less important the job.