A New Approach To Reducing Spam: Go After Credit Processors

WrongSizeGlass writes "A team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, and they think found a 'choke point' [PDF] that could greatly reduce the flow of spam. It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies. If a handful of companies like these refused to authorize online credit card payments to the merchants, 'you'd cut off the money that supports the entire spam enterprise,' said one of the scientists." Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."

Competitors

[bleble]

So, they will just open new credit card processors, or worse yet, start spamming random websites to get them shut down? Great way to take your competitor down.

Re:

[spun]

Well, the way I see it, we have two choices: make some laws and put some cops on the most effective beat we can; or we can accept that we will not regulate this area of human interaction and live with the consequences. On the gripping hand, there is always the avenue of educating the populace. My credit union has signs up for people to read while waiting in line laying out how to detect and avoid problems with online scams and spam.

Regulate and you have the problem of regulatory expense and potential for ca

Re:

[interkin3tic]

If your group gets branded 'spammers' unfairly, who do you appeal to, and how?

The people themselves. Via unsolicited mass e-mailings.

Re:Competitors

[RobDude]

Laws are entirely theoretical until they are enforced. Until that point there is no difference between a law and a polite suggestion. The posted speed limit only has meaning if and only if there is a system that enforces that law. IE - in many parts of the US, there are many roads where 'everyone speeds'. Because 'everyone knows' cops won't pull you over until you are going some arbitrary speed faster.

The problem with cyber crimes (including credit card theft and identity theft) is that there is (largely) no enforcement. We don't enforce those laws. Mostly because we can't.

If we can make another aspect of these crimes both illegal and enforceable, then we could cut down on the crimes. But as it is now - there is no risk to the criminals. This is a true example that just happened to me on Monday....I had a friend whose e-mail was hacked and the hacker sent out e-mails to everyone on his contact list (from his e-mail address) saying he needed money. The IP address originated from Nigeria.

Call up the police and get them to act on that.
Go to the FBI website and report that IP address.
Call the local Nigerian officials and tell them what has happened.

All of them will laugh at you and say, 'Never send money to someone without verifying their identity'. We blame the victim. We say, '*YOU* need to be smarter and avoid dangerous activities'. Nobody *does* anything. I had a similar experience when my credit card number was used fraudulently....the investigation only went far enough to determine if *I* used the card. They didn't even try to track down the crook who used it.

Could you imagine if we did this with other crimes? The public outcry that would come from it?

"Well, most rapes happen at parties with alcohol and young males - it's too bad you got raped, but hey, next time....avoid parties with college guys and alcohol"
"Well, most hate crime happens to someone who is ethnically or racially different from the local population.....it's too bad you got your house burned down - but you should live with your own kind...."

But with cyber crime - that's exactly what we do.

"Well, memorize a different, complex, long, secure password for every site you log into. And change them. Frequently!"

I'm not against prevention, but it's a shame that we stop at that point. The only international cyber criminals that get caught are the ones who go far beyond scamming regular people. IE - steal my credit card, nothing happens to you. Defraud my wife, nothing happens to you. Hack into a large company and get a LOT of money or a LOT of information - you might get caught.

Re:

[Corbets]

Call up the police and get them to act on that.
Go to the FBI website and report that IP address.
Call the local Nigerian officials and tell them what has happened.

All of them will laugh at you and say, 'Never send money to someone without verifying their identity'. We blame the victim. We say, '*YOU* need to be smarter and avoid dangerous activities'.

In the end, as you point out, we CAN'T do anything else. And instructing somebody to think before acting in future situations isn't blaming the victim, it's protecting them against future incidents.

People need to take personal responsibility rather than falling for every get-rich-quick scam. As for identify theft and other cybercrimes, well, when other actions are possible (such as tracking the perpetrators within the country and arresting them) the FBI does that sort of thing. Not particularly well, yet, b

Re:

[L0rdJedi]

'Never send money to someone without verifying their identity'

Why would anyone ever do anything but this? If you get an email from a friend saying he needs money, wouldn't you at least pick up the phone and attempt to reach them first? Don't you think if they really needed money, they'd find a way to call you rather than send you an email?

Re:

[L0rdJedi]

IE - in many parts of the US, there are many roads where 'everyone speeds'. Because 'everyone knows' cops won't pull you over until you are going some arbitrary speed faster.

From the Wikipedia, and I know its true because I live there. Quote-mined for clarity:

In California...Drivers moving slower than the general flow of traffic are required to stay in the right-most lanes (by California Vehicle Code (CVC) 21654) to keep the way clear for faster vehicles and thus speed up traffic. However, faster drivers may legally pass in the slower lanes if conditions allow (by CVC 21754). But the CVC also requires trucks to stay in the right lane, or in the right two lanes if the roadway has four or more lanes going in their direction. The oldest freeways in California, and some freeway interchanges, often have ramps on the left, making signs like "TRUCKS OK ON LEFT LANE" or "TRUCKS MAY USE ALL LANES" necessary to override the default rule. Lane splitting, or riding motorcycles in the space between cars in traffic, is permitted as long as it is done in a safe and prudent manner.[2]

As long as you are an average driver, you can abide by the choice phrase "flow of traffic" and that's the easiest way to cope with it. Otherwise the whole thing looks like a group of nested if-else statements gone horribly wrong.

That's because of a bunch of stupid laws that get passed many years apart with no care of the previous law. It use to be very simple. Slower traffic stay to the right (it is still marked like this on many four lane highways, but hardly anyone follows it). Then the speed limit got reduced from 65 to 55 (I know it went back up many years ago, but there are still freeways marked with 55) and now the "fast lane" is no longer fast. I've seen stories on the news where a policeman is giving a reporter a ride a

Re:

[spun]

Further regulation can only help so much. It's not like making illegal stuff more illegal does anything to stem the tide.

Really? If we shot all spammers, it might deter some. There are other problems with that, but generally, when a crime is hard to catch and prosecute, we increase the penalty to increase the risk/reward ratio. Deterrence is, theoretically, one of the reasons we punish criminals.

In another sense, if we put more cops on this particular beat, we would catch more criminals. And if we regulated more effectively, we might manage to cut off a choke point in the process completely.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ColdWetDog]

It's actually a constitutional republic.

More like a Banana Republic, these days.

Re:

[spun]

Dur hur, are you saying we don't vote? Dipshit.

Re:

[Fjandr]

start spamming random websites to get them shut down

Only if those websites also happened to use the same shady credit card processors. Which is not likely.

95%?

[superdave80]

Indicating there are still other companies willing to process these transactions. The spammers will just switch to them if the 'big 3' refuse to do business with them.

Re:

[Anonymous Coward]

Indicating there are still other companies willing to process these transactions. The spammers will just switch to them if the 'big 3' refuse to do business with them.

Which the article mentions and states that it would result in increased costs for the spammers.

Re:

[L0rdJedi]

Only temporarily. Once a massive amount of transactions starts to go through the new payment processor, the payment processor will likely start offering lower prices to everyone which would end up driving the cost down.

Re:

[jklovanc]

Possibly because 95% of the spammers have tried other services but were only accepted by these three. If they were cut off by these three they might not be accepted by other vendors and their money would be cut off. Maybe the other 5% are just operating low volumes and under the radar.

Re: 95%

[geekmux]

Indicating there are still other companies willing to process these transactions. The spammers will just switch to them if the 'big 3' refuse to do business with them.

Look deeper. The only thing this proves is there are still that many gullible idiots out there who will gladly swipe a credit card for magic penis enlarging cream.

It really is sad when spam can't die due to lack of profitability.

Re:

[hedwards]

This has been a strategy for a while now, look for ways of making the business of spamming more expensive. And there's all sorts of things that can be done, such as switching to a greylist, cleaning up malware infestations, shutting down ISPs that look the other way to spam complaints and other such things. The goal with that isn't so much to shut it down, but it's to make it so expensive that hopefully it will be less expensive to conduct email marketing legally.

Fight Fire with Fire

[retroworks]

I've never understood why not, when a computer can generate millions of spam ads for viagra, that another computer cannot generate millions of (fake) orders for the viagra.

Re:

[SheeEttin]

With what? Fake credit card numbers? They'll immediately be rejected by the system.

Re:Fight Fire with Fire

[FudRucker]

but not just one fake credit card number, send them billions or trillions of them, just flood their system to the point that the credit companies just throw in the towel and refuse to process products advertized by spammers, spam the spammers, give them a large heaping helping of their own medicine...

Re:

[StripedCow]

That's fine, as long as you filter MY credit card number out of your random number generator, thank you very much.

Re:Fight Fire with Fire

[bleble]

That's fine, as long as you filter MY credit card number out of your random number generator, thank you very much.

Sure! Just post your credit card number here and everyone promises to filter it!

Re:Fight Fire with Fire

[Anonymous Coward]

Next possible spam :

Hi, we are a new anti-spam group generating random cc to bring down spammy sites. We want to ensure your card is not billed accidentally. Please send us your valid credit card number so that we can filter out yours.

Thanks
Anti spam group

Re:Fight Fire with Fire

[Khyber]

I just tried it, and it fucking worked. I used a totally unknown e-mail account and just socially-engineered my brother.

I have ZERO faith left in humanity.

You're fucking evil and insightful.

Re:

[Compaqt]

What would be totally funny is to actually come up with a complete web-2.0-colors site about this new antispam method, complete with a logo like that used by Verisgn Verified, BBB, etc.

Re:

[Registered Coward v2]

That's fine, as long as you filter MY credit card number out of your random number generator, thank you very much.

While I seem to recall that someone actually did this - randomly generated loads of credit card numbers for billing to a sex site, and hoped that most people would be to embarrassed to complain about a $9.95 charge for wierdsex.com; if credit card processors simply ignored bad cards and paid the good ones if you submit a massive amount of transactions there's o need for spamming. Criminals would simply push thousands of card numbers through since even if only 1% were good that's still potentially a lot of

Re:Fight Fire with Fire

[rickb928]

Don't bother. The processors have fraud detection systems that are sensistive to a few card numbers. Any processor tryng to spam the actual issuers will find out quickly it won't work.

Really.

But going after the few processors that serve the majority of spammers is not impossible. Perhaps better to answer the spam and buy stuff, then dispute the charges, and taint the spammers so much that the processors have to give up on them. And the spammers won't be able to just move to a new processor - they tend to share data on deadbeat 'merchants'.

Except this doesn't work well enough to deal with the offshore poker houses. Better to get the spammers labeled as illegal. Card issuers hate that.

Good luck. I'm not hopeful.

Re:

[IonOtter]

It didn't vanish on it's own. It was taken down by a very concerted attack by criminals who resented it's success.

I thought I'd read somewhere that PharmaMaster had been relieved of his gray matter by a "common street thug" wielding a ball-peen hammer and a desire for easy cash.

Re:

[Opportunist]

Do not ignore the obvious: DDoS. Try to get your server to process a few million requests per second. Can do that? Try a few billion. At some point, your expense to run the server gets out of hand.

Re:

[hedwards]

With spammers you don't need to go that route. Because they typically have more capacity to send than to receive, routing one unsubscribe request per spam received is frequently enough to take down their website. Sort of a slashdotting of the site. And even if the site doesn't go down, it definitely cuts into their profits to have people not only not buying, but expending resources in their quest to not buy.

Re:

[Opportunist]

Hmm... I just had an idea for a spiffy mail plugin...

Re:

[Ruke]

Where's the money in that?

Re:

[airfoobar]

Spammers with captchas? Inglip will approve.

Re:Fight Fire with Fire

[_KiTA_]

I've never understood why not, when a computer can generate millions of spam ads for viagra, that another computer cannot generate millions of (fake) orders for the viagra.

Because one is legal, the other is not.

We worship Capitalism in the west, as much if not more so than freedom. While distasteful, spam is pure Capitalism -- people do it cause it works. Intentionally flooding the system with fake orders goes against the holy tenants of Capitalism, ergo, it would not only be illegal, it would be actually investigated. Rule #1 of America, you never get in the way of someone making money.

(Rule #1.1 is "Unless someone making more money objects," of course.)

Re:

[FranTaylor]

What makes you think that placing fraudulent advertisements is legal? At best they are inducing their customers to commit crimes.

Re:

[dontmakemethink]

It would congest servers and conventional anti-spam measures, a.k.a. a bigger fire.

Re:

[hedwards]

Yes, but how do you know if spam is the same as a duck?

Re:

[hedwards]

Blue frog was having some luck doing something along those lines. Basically whenever a subscriber got an email from a spammer, they would send one unsubscribe request to the ISP for the whole group. If that failed, they would instruct the client to leave a generic opt out at the advertised website. And the total number of requests would typically overwhelm the server as most of the spammers were using botnets to send the spam, but only a small number of servers to actually take orders. Which was totally leg

Re:

[gbjbaanb]

I understand they gave up when certain spammer organisations told them to - "or else".

The BlueFrog company (BlueSecurity) was DDoSed regularly, and spammers tried to do the same to BlueFrog members.

I think the way it was shut down says more about its effectiveness. You can't run a spam business if you get 1 response for every spam email you send out, you just couldn't filter out the people who really did want herbal creams from those who sent in fakes.

But again, it shows that the way to stop spam is at the

Re:

[eexaa]

Now you've invented that.

Peace Through Superior DDoS Power!

Re:

[StripedCow]

The best way to fight spam is still to "steal back" the time the spammer has stolen from you. Just order a product with a wrong credit card number. Let the spammer take some time figuring it out. Then contact him, ask him some questions, etc... keep him on hold for some time. If everybody did that, then there would be no spamming at all.

Re:

[StripedCow]

Or better, place an order for an "erectile enhancement kit" you read about in your email, with your own credit card number. Use the credit card company's address as the shipping address. Then call the credit card company and declare that an unauthorized payment has been made, and make them roll back the transaction.

Re:

[BertieBaggio]

Or better, place an order for an "erectile enhancement kit" you read about in your email, with your own credit card number. Use the credit card company's address as the shipping address. Then call the credit card company and declare that an unauthorized payment has been made, and make them roll back the transaction.

Isn't that fraud?

Re:

[StripedCow]

It is a way to fight spam. I didn't say it was legal.
(Please don't do everything people tell you to do on the internet.)

Re:

[BertieBaggio]

(Please don't do everything people tell you to do on the internet.)

Sage advice :)

Re:Fight Fire with Fire

[retroworks]

Tough Crowd! Sorry for not explaining that the credit card companies can generate a number for this purpose which would appear to be a real number but they would not execute payment. I'm assuming that at least one bank could be found that doesn't like spam. I'm not saying there isn't a reason it cannot be done, just that I've never understood why not, and the retorts here don't really resolve that.

Re:

[insecuritiez]

Yes but they can also just shut down the transactions. Why DoS something when you can just turn it off? That's what the paper advocates.

Re:

[plover]

The idea is that you get someone else to shut them off for a different reason: bandwidth, inability to pay hosting provider, whatever.

However, retroworks' idea is likely to be too risky for a bank to try. If a bank "approves" an authorization, they are contractually taking on the obligation to pay. They can't lie about it, or they can be sued. Even by a spammer.

Re:

[Opportunist]

Not at all. But all those numbers have to be processed by the CC clearing system. How happy do you think they're gonna be with a merchant that sends a few million fake CCs per second? And how long 'til they shut him down?

Re:

[martin-boundary]

I think what the OP is saying is that flooding the spammers' system with fake purchase requests using fake credit card details would cause the spammers' payment computers to be flagged automatically by the credit card processing companies, causing the spammers' systems to be penalized where it hurts them.

There's no need to design the credit card numbers close to legitimate, since the purpose is to make the purchase bounce. They just have to look good to the spammers' frontline purchasing web forms, so tha

Because going to another provider wouldn't occur

[jhoegl]

Like they wouldn't go to another provider... much like they do now if they get shut down.

Where's the weak link?

[Ruke]

The study identified 3 top payment-processors for spam sites. Surely these processors aren't the weak link; their business model is to process payments for spammers. You can't simply ask them not to process spam payments - there is a financial disincentive for them to do so.

We could move one rung up the ladder, and ask Visa and Mastercard not to authorize any paments to these top-3 processors. However, we've just "widened" the narrowest point, plus, these companies have a financial incentive to grin and pass the buck. Maybe less so; I'd be interested in the number of consumers who later try to contest these payments, but I'm willing to bet that dealing with fraction of unhappy customers now is less expensive than the net amount the credit cards pull in while processing these shady payments. Otherwise, Visa would have done something by now.

Re:

[bleble]

I don't even think the number of unhappy customers is that big. They do actually send the products you order. It's just the patent-holding pharmaceutical companies that are unhappy with people ordering cheaper drugs from 3rd world countries.

Re:

[hedwards]

Unfortunately, that's typically not true. They do actually send products, but they're frequently tampered with and contain little if any of the ingredients promised. Which means that not only are the people paying money for less than what they were wanting, they might end up with dangerous drug interactions when the medication isn't what they think it is.

Additionally because these firms don't employ doctors or pharmacists there's no way of knowing what sorts of dangerous side effects are going to be over lo

Re:

[Dahamma]

Actually, moving up to the credit card companies would hugely narrow the bottleneck. You convince VISA, Mastercard, Discover, and Amex to adopt a policy of refusing transactions from any institution knowingly processing spammers' requests, and you're pretty much done. Convincing all of the random shady "banks" around the world to do the same would be a LOT harder (until they lose all credit card processing capability unless they comply!)

I do agree that if they really cared, the problem would already be so

Like Wikileaks

[nbauman]

They already refuse to process payments to Wikileaks.

Re:

[plover]

Actually, moving up to the credit card companies would hugely narrow the bottleneck. You convince VISA, Mastercard, Discover, and Amex to adopt a policy of refusing transactions from any institution knowingly processing spammers' requests, and you're pretty much done.

Let me see if I understand this idea well enough to hear one side of the phone call.
Us: "Hi, Visa, it's us, and we're fighting spam. Please shut off these following merchants who sell via spam."
Us: "Why yes, we do believe you're correct in that they do $80,000,000.00 per year of business with you."
Us: "Yes, we know you take 3% of that money in interchange fees."
Us: "Well, no, we're not going to make up the $2,400,000.00 in lost revenue, we just want you to help us end spam."
Us: "Um, because you care abou

Re:Where's the weak link?

[Dahamma]

Yep, that's exactly what would happen when you ask them to voluntarily lose revenue for the sake of general goodwill.

If, however, you make it illegal to knowingly process payments from a merchant using (already illegal) spam to generate sale (after proper notification from a government entity), that would be a different story.

Here's how a similar process already works today:
US govt: "Here's the merchant number of an organization that may or may not be funding terrorist organizations. Shut it down."
[...approximately 2.5 seconds later...]
VISA: "Done! Would you like us to destroy their credit rating and kidnap their dog as well?"

Re:

[10am-bedtime]

VISA: "Done! Would you like us to destroy their credit rating and kidnap their dog as well?"

USGOV: No need, we have a seal team for that.

2.5 seconds? I don't think so.

[sgtrock]

More like 170 ms. (Gotta allow for processing time plus the wait for the acknowledgement to get back to the gov't or it'd be more like 60 ms.)

Re:

[mjwalshe]

simple bank/credit card organisation gets its credit license taken away if they don't play ball - or have Sir Humphrey have a quiet word with the Banks CEO (or his wife) pointing out that if they don't play ball they wont get a K (a Knighthood) for services to industry when they retire.

Re:

[Anne Thwacks]

Where? COngress, that s where!

The problem is not solved because Congress is populated by spineless morons. As I have posted since t'Internet was Arpanet: if it looks like a duck and quacks like a duck, you need to stop voting for it!

It's the business model, stupid

[amicusNYCL]

If a handful of companies like these refused to authorize online credit card payments to the merchants

You suggest that as if this specific activity was not these people's business model. A credit processor in Azerbaijan doesn't just one day decide to start processing spam purchases, they open their business specifically for that purpose. Good luck getting them to switch business models just because you want them to.

Re:It's the business model, stupid

[insecuritiez]

Yes it is the business model of these banks. However, they are processing through a credit network (Visa / Mastercard) and consumers credit cards are backed by an issuing bank (think Chase, Citibank, etc). Either the credit network or the issuing bank can prevent the transaction without the cooperation of the shady acquiring bank. In fact, there is a "Merchant Category Code" (food, entertainment, drug stores and pharmacies, etc) that the credit network requires be on each transaction and requires to be correct. The credit network or issuing banks don't have to stop all credit transactions to the offending acquiring banks, they can just stop drug stores and pharmacies transactions. You should read the paper.

Re:

[Anne Thwacks]

We too would expect that convincing foreign banks to dump their customers would, at best, be a slow process and would be unlikely to succeed as an general approach

However, the use of drones might solve the problem.

Hilarious

[airfoobar]

This approach is already being used against the "evil pirates", but they haven't even gotten started on the spammers. Getting their priorities straight: they go after the teenagers sharing music first instead of the real criminals sending out phishing emails, viruses and shit like that. FTW.

Questions answered in this thread...

[nweaver]

I'm one of the MANY coauthors of this paper. Myself or others will try to answer questions in this thread.

Re:

[RobertLTux]

actually i think the "error" is that Others or Myself is reversed (but grab and eight-grade English teacher to confirm)

Re:

[martin-boundary]

I wouldn't grab an eight-grade English teacher if I were you. First, you might be mistaken for a pedophile, and secondly, eight-graders generally don't know English that well, let alone teach it.

Re:

[Paradise Pete]

actually i think the "error" is that Others or Myself is reversed

The order doesn't matter. "Myself" is just plain wrong there. Myself is proper when you are both the subject and the object, as in "I did it myself."
An easy way to know is to simply remove the other person. You certainly wouldn't say "Myself will answer," or "Please give it to myself." Adding another person doesn't change that.

BTW, that same test works for knowing whether to say "Robert and I" or "Robert and me," as in "Please give them to

Re:

[sourcerror]

"Myself is proper when you are both the subject and the object, as in "I did it myself.""

It's not object there, it's emphasis on subject. (Therefore I think the whole thread is nitpicking, but I'm not a native speaker.)

Re:

[StefanSavage]

Reprising a previous comment:

While the universe of banks willing to accept high-risk merchants is smaller than the total number of Visa association affiliates it is certainly far larger than three. If you got these three banks out of the game, there would be others to replace them. However, the more important asymmetry here is not in the size of the set, but in the switching time. If a merchant (or their payment processor more likely) starts to route transactions through a new acquiring bank, their identi

Re:

[ion++]

I suspect the connection is via DnBNord... the bank in our study was the Latvian branch, but I believe the headquarters are in Copenhagen (although as I recall the whole lot may be owned by DnB NOR in Norway.

Does that make it a Danish bank or a Norwegian bank?

Re:

[ion++]

In this day and age its hard to tell. You could call it a Latvian bank too (that's what we did in the paper).

I would call it Latvian too.

Obligatory checklist

[dkleinsc]

Your post advocates a

( ) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the mone

Re:

[insecuritiez]

( ) You read the paper
(X) You did not read the paper

The paper specifically covers merchant relationships with acquiring banks and credit processing. Purchases were done to track the credit processing. It isn't possible to anonymously spoof that. Also, stopping the transactions is more legislative than market-based.

Re:

[way2trivial]

(X) No one will be able to find the guy or collect the money

Visa international (the folks at visa.com) could easily work into their merchant contracts language forbidding such transactions
they could then generate card numbers to accounts that don't exist but would processes
they could then order things advertised via spam from honeypots setup
they could then shut down the individual merchant, or processor, based on history

they can be found.

In fact, individual merchants can have their account discount rate ch

why charging for email won't work ?

[cinnamon colbert]

In the original article, or in the NYTimes version I read, the number of email per order was something like 12.8 million email So, if you charged even 0.001 penny per email, you would completly shut downn spam. Since email goes thru the web, which has ISPs and routers and so forth, I really don't see an implementation problem

Re:

[cinnamon colbert]

sending email should be free
why ? your assignement is to write a 500 word essay defending the proposition that email should () shouldnot (X) be free.
I mean, why ?

Good idea, but...

[dskoll]

It's a great idea to go after payment processors. I bet it could stop a lot of spam.

But there's a lot more spam besides the ones that try to sell you something quasi-legitimately. Going after payment processors won't do anything to stop phishing attacks, lottery scams, Nigerian scammers, porn ads, wacko conspiracy theorists or questionable "newsletter" subscriptions. Also, the big spam rings will take advantage of dumb spammers who don't realize they'll get cut off for spamming. Unfortunately, there is

Not new

[damn_registrars]

I've been saying for years that the only way to stop spam is to go after the money that keeps it going. I have the comment history here to back that up, as well.

However, whoever wrote this summary got one thing wrong at the end. A "Joe Job" - sending out fake spam to smear someone you dislike - is useless. I've seen plenty of them in the past, and the result is questionable at best. People who dislike spam won't see it, and those who buy spamvertised products will just be confused by it.

Regardle

Re:

[WrongSizeGlass]

However, whoever wrote this summary got one thing wrong at the end. A "Joe Job" - sending out fake spam to smear someone you dislike - is useless.

I submitted the story but did not write the following:

Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."

The above was added by the editor. The article and linked PDF are about cutting off the payment processing for those selling the "spammed" products in order to indirectly reduce the amount of spam. They are not about going after companies who send the spam (either under their own name or those of others).

Re:

[Lehk228]

Spam filters that bot respond with junk data to disrupt spam sites

Problem

[PPH]

Are these three credit card processors in cahoots with the spammers? Or are they being used only because they are cheap? How much of these three processors' business is derived from spam (95% of spam transactions doesn't mean the same thing as 95% of these processors business is derived from spam).

What, legally, can one do to prevent other payment processors from picking up the slack? Legitimate business is legal and, as a payment processor, how do I know the transaction originated from spam? Why should I

Re:

[mousse-man]

Their damn problem if they get cut off. By staging examples and publicizing them, other companies will stop working for spammers.

A similar method is used against drug dealers in some countries - deal 15g of hard stuff, get an appointment with the hangman. And drug dealing is harder to catch than spam-based credit card processing.

Re:

[PPH]

And drug dealing is harder to catch than spam-based credit card processing.

I disagree. There is no way of identifying a legal commercial transaction as having originated from a spam message.

We could demand that credit companies refuse to process any transaction from vendor that uses spam. But then I could put your company out of business by generating a bunch of spam pointing to your web site. And then have you blacklisted.

Seriously? in 2011?

[TheABomb]

Hasn't Gmail more or less made the problem obsolete? Or am I supposed to shed a tear for people who willfully refuse to use freely-available tools that already do the job they're struggling with?

Re:

[TheABomb]

Because it's smart enough to filter >99% of crap. Actually reading spam -- the first step in falling victim to it -- is so 1997.

Kill it with FUD

[Marrow]

People are taking an enormous risk purchasing these products. So make the risks seem so high they justs wont do it.
1. They never got what they ordered.
2. They got sugar pills.
3. They got mislabeled pharma that fucked them up. Heart meds, psychotropics
4. They got their card defrauded.
5. It got sent to their next door neighbor
6. They got something instead that was really illegal and they got arrested, lost their job, etc.
7. It was a mega-dose and they had to go to emergency. And then had t

Hey, I was there first!

[RonBurk]

With my Three Geeks, Three Lawyers [slashdot.org] post.

Which company in Denmark?

[ion++]

handled by just three financial companies â" one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies

Please point more specific to where the Danish company is identified, because I can not find the word Denmark in the PDF paper, but I can find both Nevis and Azerbaijan.

That did not work with casinos....

[dindi]

10 years ago I heard "we are out of business, mastercard stopped processing for online casinos" from a friend. Then Visa followed, then "alternative" and "high risk" processors pop up. Sure it will make it a little harder for them, and the weak will fall, but the big ones stay, There are also legit stores who use affiliates, who are a competitive bunch. Some of them wealthy, some of them tech savvy. They will click the crap out of competitor's ads (with bots they buy, hire or develop, and they will sometim

Re:

[mjwalshe]

Have you not seen the bilion dollar case the DOJ is going after Google with for selling pharma ppc adverts.

Re:

[dindi]

No. Too much work, then family, then hobby project, then sleep then goto 1.

Interesting, just googled it. But Google is a legit company anyway, they won't go to "high risk" processors to do fishy business that way.

BTW google does not serve bootleg pharmacy ads for a looooong time, they had an approval program 5+ years ago to advertise pharmacies that require a real prescription, not some pillpusher fresh doctorate from the countryside, writing 1000+ from a basement.

The real sad thing about this, is that the

So what you're telling me is...

[gestalt_n_pepper]

that if I want to profit from spam with no risk, then I should open a credit-card processing center in lower Buttfukkistan. Hmm... Interesting idea.

Re:

[rossjudson]

It's against the law to send the spam. Visa is aiding and abetting the crime by handling the transfer payments from US banks to the foreign banks through its payment network. If this study is accepted, it will be hard for them to deny accurate and full knowledge of their role in the crime. Each link in the financial chain is explicitly aware of nature of the transaction, save the originating bank in the US.

I don't believe it is a simple thing to set up a new credit card processor, at these scales. Doesn't V

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[somersault]

They might as well do something useful for a change. Spam isn't his personal problem anyway, it's a global nuisance.

Re:

[Husgaard]

Bank DnB NORD [dnbnord.com] has headquarters in Copenhagen, Denmark.

It is quite interesting to see their web page. Here they are forced by the Danish Financial Supervisory Authority to publish a serious reprimand in both Danish and English. Turns out they did not disclose information they were required by law to disclose in their annual report for 2009.

DnB NORD is owned by DnB NOR with headquarters in Norway. And it looks like DnB NOR also have problems [finanstilsynet.no] with the local financial authorities. And last year DnB NOR acc [norway.com]