Thieves Using Stolen Credit Cards to Make Donations 104
JagsLive writes with a link to a Newsday.com article about 'philanthropist identity thieves'. Credit card thieves appear to be donating to charity with their stolen goods. While it may sound like a strange form of generosity, it's really a method to determine whether a stolen card is valid. "The verification method has become popular because the monitoring software at credit-card companies may not question donations to charities, according the Symantec blog. Santoyo said the schemers usually donate less than $10. American Red Cross spokeswoman Carrie Martin said, 'This happens all the time. We have people at the Red Cross who deal with this type of activity.' Last month alone, the Red Cross refunded 700 fraudulent credit-card transactions, Martin said. That figure doesn't include the transactions the charity blocked because they appeared fraudulent."
Just plain thieves (Score:5, Insightful)
There is no reason to call them philanthropist identity thieves. They are identity thieves or just plain thieves.
Re:Just plain thieves (Score:5, Funny)
Lets just call them plain thieves as the term 'identity theft' is just something invented by the banks to blame us for when their money get stolen.
Actually, a comedy programme I listen to on UK radio had a great little skit on this. A guy being called by his bank who told him his was a victim of 'identity theft' and lost his money. He responded by telling the bank manager that he was sorry to hear that they had been robbed... "No no, you don't understand, this is identity theft!". When it was put like this, it was not only pretty funny, but held a mirror up to how absurd this 'identity theft' thing really is.
It ended with the customer overhearing a bank robbery happening at the bank with the robber shouting... "Put all the money in the bag" and the manager responding... "I think you mean all the *identities*"
Re: (Score:1, Troll)
If the bank made an error on a transaction, would you say they lost their money? Hell no... you would say they lost your money. How is this any different?
Please think before bringing a rediculous argument to the table.
And to the grandparent... thieves are thieves, indeed.
Re: (Score:2)
Re:Just plain thieves (Score:4, Informative)
A service provider accepted falsified credentials and assumed an agreement because of fraud by an improperly authorized third party. Why should I be involved, responsible, or at fault? It's completely between the fraudulent third party and the defrauded lender... or, rather, it should be.
The only reason the banks don't get their share of the fault is that performing satisfactory identification of potential borrowers would acutely cut into their margins, so it's called "identity theft", and the "defrauded" third parties are simply assumed to have racked up debts or made agreements based on identification that is obviously too flimsy (given the widespreadness of the problem.)
If the bank made an error on a transaction, would you say they lost their money? Hell no... you would say they lost your money. How is this any different?
The bank lost track of the money you entrusted to them. If the bank uses this to deny you access to that money, then you "lost" the money you entrusted to the bank (by virtue of poorly picking a bank). Still, this isn't even similar-- you were the party that entrusted that money to an incompetent bank. In identity theft, you may have no connection at all to either the service provider or the fraudulent requester.
Re:Just plain thieves (Score:4, Insightful)
"So if someone steals your SSN and fraudulently obtains a credit card, it's the institution's fault?"
Well, yeah. SSNs were never intended to be secret numbers that only the owner would know, so in theory it shouldn't matter if the whole world knew your SSN. If the institution issues a credit card without doing a sufficient job to verify your identity (which unfortunately is usually the case), it damn well is their fault.
Re: (Score:3, Funny)
College-Aged Cosmo: Oh, this is a challenge. Marty, we have to find someone truly worthy to give his money to.
College-Aged Bishop: How about... the National Organization to Legalize Marijuana?
College-Aged Cosmo: Perfect!
Re: (Score:2)
Not only are these scum ripping off the card holders, they are costing charities time and money.
I'm sorry but I have a bigger problem with the credit card companies that charge $15 to $30 for each fraudulent charge. Consider the fact that the chargeback fees are several times more than the actual charge. If a donation turns out to be fake it's not a big deal because you are back to where you started, nothing right? Except that's not true, thanks to the fees you get slammed with. Most of the time the merchant loses, sometimes the customer loses but the credit card companies always win and they are the
Re: (Score:1)
Re: (Score:2)
As someone posted earlier, the credit card companies aren't the ones groaning financially at the cost of fraud
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Robin Hood (Score:1, Interesting)
Re: (Score:2, Funny)
Not Robin Hood. (Score:5, Insightful)
2. Using charities as a confirmation method to make extra money, illegally selling access people's bank accounts.
3. Charities have to refund the money when the credit card is reported stolen.
If criminals such as these were truly charitable or showing a change of heart, $10 or less seems a peculiar way to show it. The fact that these crooks are using charities for their own dirty deeds shows a selfishness that I don't recall Robin Hood having..And, the fact that charities have to refund the money in the end, means that money might be spent that the charity would have otherwise saved in the reserve fund. So it's basically stealing from the charity's perceived pool of funds.
I know we Slashdotteurs have a 'stick-it-to-the-man' attitude and like to see the underdog rise up. But these people are crooks..Nothing of what they're doing is charitable or moral in anyway. The Robin Hood association is definitely inappropriate here. It just diminishes the real work people do for society.
My 2 cents.
Re: (Score:1)
Since they are donations, and (presumably) not purchases, the only cost of these non-donations is administrative. If they're big enough to accept credit cards, they're presumably also big enough to have a competent treasurer (or accounting department, if they're really big) who will include this form of loss-of-revenue in the budgets.
For the stores whose goods are purchased after the cards are verified, life will suck a lot more.
-
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I must mention my favourite charity (Score:3, Funny)
Please give what you can.
Re: (Score:2)
Sneakers (Score:3, Funny)
Re: (Score:2)
Why reverse charges (Score:3, Interesting)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:1)
Re: (Score:1)
700 refunds (Score:4, Insightful)
Re: (Score:2, Insightful)
Re: (Score:2)
Which brings to mind another completely off-topic question:
What the hell kind of incompetent parents are giving lollipops to infants, anyway?
Re: (Score:3, Informative)
Re: (Score:2)
Typically, you tell a credit card when the card went missing and what the first fraudulent charge was. You have to sign an affidavit to attesting to those facts under penalty of perjury. Somehow, I don't think the niceness of giving less than $10 to charity is worth a possible 20-year prision term.
IANAL, just a guy whose credit card was once stolen.
Re: (Score:2)
Re: (Score:2)
You're accusing the credit card companies of being cheap but they[visa,mastercard] have donated to the Red Cross [paymentsnews.com] in the past. During the tsunami disaster there was a $1 million donation as well they waived transaction fees for donations. It was a similar story for Katrina.
I won't go so far as to say these corps have morals, these donations were high profile and probably cost less than a short ad campaign. But those donations do dwarf their refund
Re: (Score:2)
Why refunds? (Score:4, Insightful)
Surely, a fraudulent credit-card transaction is caused (in theory) by the credit-card company fucking up? I would have thought that the credit company would absorb the loss instead of being able to make the receiving party refund the money.
If I buy a $6000 HDTV using a stolen credit card, and I fake the signature on the receipt very convincingly (so the TV shop follows due diligence), when it emerges that the card was stolen is the TV shop out 6k? How can the CC company force the shop to refund the money? Isn't it the CC company's fault for having poor security measures?
Re:Why refunds? (Score:4, Informative)
when it emerges that the card was stolen is the TV shop out 6k?
Yep. The merchants absorb the cost of fraud, and the CC companies have very little incentive to create effective fraud-prevention measures.
Re:Why refunds? (Score:4, Interesting)
Re: (Score:1)
Ask for ID
The signature behind the card means absolutely nothing. The only way to be sure is to ask for ID.
If stores will charge 6k to any CC out there,not checking, too bad for them.
Re: (Score:2)
Re: (Score:2)
So, you want to ask someone for a little plastic card with a name on it to make sure that another little plastic card with a name on it is theirs?
Yes! :) Both are little plastic cards, but the thing is: they have to have identical names and signatures. The small crook, just on pickpocket level, will not be able to abuse this card. He'll will have to sell it to a pro-level crook who's able to generate a matching ID-card. And befóre the card is reported stolen. It's not fail-proof, but it buys time.
I wrote 'he', but it also applies for female crooks.
Re: (Score:2)
Alternatively, require that any credit card configured with a PIN require that PIN and forbid signatures - then if it does get used by someone else it probably is my fault.
Re: (Score:2)
Actually, I don't know why people think that the signature on the back is for verification purposes. It isn't.
Signing the back of the card is a contractual measure saying that you agree with the cardholder terms and conditions. That's why merchants are not supposed to allow blank signature panels, "Check ID" or other crap on there. Because without a signature, the card is merely a piece of plastic with no potent
Re:Why refunds? (Score:5, Informative)
On a related note, there are other *per-transaction* costs of such bogus on-line "test" transactions mentioned in the article that many people aren't aware of, such as:
* Gateway fees
* Authorization fees
* AVS / CVV2 surcharges
* Settlement fees
These are IN ADDITION to the discount fees (ie. ~3% or so) of the dollar amount of sales.
Even if later the transaction is voided / refunded, the merchant typically still pays the above per-transaction fees regardless.
And even worse, depending on the merchant processor, the discount fees may not be refunded either; upon refund it may even be charged again! Doing "auth-only" and hand verifying sales before submitting the batch can help mitigate such refund costs, but is often labor intensive.
One nasty scenerio for an on-line merchant is a carder running thousands of card "tests" on their small business / charity website
Large merchants have more favorable merchant agreements / absorb such costs with no problems; often have advanced fraud screening in place to throttle such extraneous transactions. The small merchants, such as charities, are those who really suffer from such card "tests".
Ron
Re: (Score:1)
Be aware that it is not force they use. They don't call the merchant and say "return the money or else." What a CC company does is automatically reverse the charge against the merchant. They take all the money back even though some of the money made by the merchant goes to the merchant operations (the company who provides the ability to accept credit cards from customers in the first place). Then on top of that, they also charge the merchant a fee for the return (anywhere between $12 and $35 depending o
Re: (Score:2)
I'm not the type that will get upset with the person at the till if they ask for ID for a credit card transaction (actually, I'll either avoid that merchant in the future or make sure I have the cash to cover the transaction before entering the store, just because of the inconvenience), but how do you know that the angry ones are using fraudulent cards? Do you hav
Re: (Score:1)
Re: (Score:2)
Future headline: (Score:2, Funny)
Seen this happen... (Score:5, Interesting)
I've set up and managed online donation systems for various charities, and see this happen all the time. Most of the time, the donor doesn't bother asking for a request, although they may inquire about it. Requiring the CVV2 code [wikipedia.org] (the extra 3 digits on the back of Visa/MC or the extra four digits for AmEx) really does make a difference for fraud prevention: our logs show people attempting to use the same credit card number with wildly different CVV2 codes, failing time after time. They're just guessing and eventually give up.
Re: (Score:2)
Re: (Score:2)
"Sir, could you please read me the 768-character hexadecimal public key printed on the back of your credit card?
Re: (Score:2)
Re: (Score:2)
And anyone who has checked your signature for an old-fashioned in-store purchase.
Banks warn you not to write your PIN on the card (duh), so why print the verification number on it?
Re: (Score:2)
PIN is there to stop somebody to use your card right after it goes missing. It is a lot easier to know that if your physical card has disappeared than knowing if some online shop has had your creaditcard info stolen. Verifications number shouldn't be stored anywhere else than in the back of the card, online payment methdos can't store this info on their database. Card numbers are stored for various tracking re
Re: (Score:2)
Right. How about, the cardholder, the issuing bank, anyone who has looked at the card, and any of the countless businesses that has ever asked for the CVV2 code.
And... The more businesses that ask for the CVV2 code, the more stolen credit card databases will have the CVV2 code as part of them.
Re: (Score:2)
surely the banks should be able to spot such attempts to brute force the ccv2 number.
Re: (Score:2)
You would be right except that the issuing bank would freeze the card after several attempts. Also, as noted elsewhere, merchant processing gateways can do "IP velocity checks" -- to determine the quantity and frequency of credit card transactions from a given computer IP number, and only allow a specific # of transactions per day.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Yeah, the CVV2 check is not infallible. The IP velocity checks are useful, and some merchant accounts (like Verisign's Payflow Pro) offer this as a built-in feature. Another approach is to set up minimum donation amounts (like $10 or $25) which are more likely to be noticed by the credit card holder than just a $1.
Sounds like the government (Score:1)
Charge-backs suck (Score:3, Informative)
Re: (Score:1)
Credit card companies charge $25 for a charge-back. So if you buy something for $10, then return it and have the money charged back to your card, you get $10 back and the store pays out $35 to recover the $10 item.
Do you have a source for this? It doesn't seem to fit with how stores behave. Brick and morter stores usually choose to refund items bought with a CC back to the card. Many insist on it. If they could give you a $10 cash refund out of the drawer and avoid paying a $25 fee, wouldn't they? My understanding has been that any significant chargeback fee only applies when the card holder disputes the charge. With so many stores requiring refunds to go back to the card, that behavior led me to believe that volunt
Re: (Score:2)
$25 is ballpark accurate. I saw some for $35, and some for $10. It also depends on things like the issuing bank (since Visa & MC are issued through banks, versus Discover & AmEx which are monolithic companies), t
Refund != Chargeback (Score:2)
Obligatory (Score:2)
But thanks to Insta-trace we've learned it's Homer Simpson of 783 Evergreen Terrace.
Old news (Score:1)
When the merchant is a charity, none of this changes by magic. The charity/merchant is still responsible for dealing with fraud. It's ridiculous
Don't Make It Hard For Your Customers (Score:2)
Costing charity money (Score:2)
That's pretty low, even for thieves.
No one see NBC?? (Score:1)
Re: (Score:1)
Fighting back (Score:2)
The tactic that I've recently started involved visiting the sites found in spam e-mails that I receive (for example, the My Canadian Pharmacy [spamtrackers.eu] series of spams), take an identity generated from a fake name generator (that also provides CC and CVV numbers), and place an order. This series of companies tends to queue up the order for processing in 24 hours before shipping.
While fun, it doesn't seem directly productive if I'm the only one d
Its been happening for YEARS (Score:2)
Re: (Score:1)
thats nonsense (Score:1)
Re: (Score:2)
Damn merchant processors (Score:2)
My favorite part? "For privacy reasons, the name of the processor cannot be revealed." I think it should be a fucking law that they have to name the guilty party in these sorts of things, so that we (everyone whose number was compromised
You're missing the big cost here... (Score:2)
There's one piece of this fraud that isn't being talked about, but it is where the REAL crime is happening.
We have been accepting donations [plkr.org] for several years now using PayPal, and very recently, we've seen this happening with donations being given to our project.
Example: We receive a $5.00 donation from someone through PayPal. Roughly two weeks later, after we've withdrawn the funds to our bank account, the original donator disputes the "charge we made" to their credit card (we make no such charges, and
Re: (Score:1)
These peices of software have so many adjustable 'rules' that responding to these sort of behavioral fraud trends is a few mouse clicks and real-time. It is up to the users of the software to adjust to these trends. Fina
This happened to me (Score:1)