Tag Archives: Credit card fraud

Phishing And The U.S.-Europe Link

A 23–year old man called Daniel A. Defelippi in the U.S. has pleaded guilty to three years of phishing and identity fraud, according to the the Democrat & Chronicle:

A Rochester man admitted Tuesday that he engaged in widespread identity theft, pilfering credit card numbers through fake Web sites and even collaborating with computer hackers in Eastern European countries.

So far there’s no more detail about the Eastern European angle, but attorneys are quoted as saying the fraud added up to about $400,000. Defelippi was arrested last December:

That arrest prompted a search of Defelippi’s Rochester-area business — Compumasters, at 3495 Winton Place — where the federal Secret Service unearthed evidence of a major identity-theft operation.

Among the items seized were devices to create counterfeit driver’s licenses and credit cards, and computers used to fabricate Web sites.

Defelippi, whose address was unavailable, admitted that he stole thousands of credit card numbers from unsuspecting people across the country.

It’s interesting to see how phishing and more traditional credit card fraud go hand in hand here, and how the phishing operation had a quite active U.S. end to it.

A Glimpse Of A Tentacle From The Phishing Monster

Gradually the tentacles of the Russian gangs behind phishing are appearing. But we still have no idea how it really works, and how big the beast is.

The Boston Herald reports today on the arraignment of a “suspected Russian mobster” on multiple counts of identity fraud, having allegedly obtained personal information from more than 100 victims by phishing emails.

Andrew Schwarmkoff, 28, was ordered held on $100,000 cash bail after being arraigned in Brighton District Court on multiple counts of credit card fraud, identity fraud, larceny and receiving stolen property. He is also wanted in Georgia on similar charges, and is being investigated in New Jersey.

What’s interesting is that clearly phishing is tied in, as if we didn’t know, with broader financial fraud. Schwarmkoff — if that is his real name, since investigators are unsure if they have even positively identified him — was found with “$200,000 worth of stolen merchandise, high-tech computer and credit card scanning equipment, more than 100 ID cards with fraudulently obtained information and nearly $15,000 in cash,” the Herald says.

That would at least indicate that phishing is not just an isolated occupation, and that the data obtained is not necessarily just used to empty bank accounts, but to make counterfeit cards, ID cards and all sorts of stuff. What’s also clear is that the Russians (or maybe we should say folk from the former Soviet Union states) are doing this big time. The Herald quotes sources as saying “Schwarmkoff is a member of the Russian mob and has admitted entering the country illegally. “We know some things that we don’t want to comment about,” a source said, “but he’s big time.”

Schwarmkoff, needless to say, isn’t talking. “‘Would you?’ the Herald quotes the source as saying. “Schwarmkoff,” the Herald quotes him as saying, “is more content to sit in jail than risk the consequences of ratting out the Russian mob.” That probably tells us all we need to know.

Credit Card Fraud And Keeping The Customer In The Dark

Banks have failed customers over credit card fraud; why should they do any better over phishing?

Further to my piece on how banks had failed customers over phishing by continuing to communicate with them by email and failing to warn customers about possible breaches of security, here’s an example from the world of credit card fraud, which still remains the avenue of choice for most scammers.

Gartner reports in a recent ‘FirstTake’ briefing (no URL available) of the recent arrest of 28 members of an alleged cybercrime ring from seven countries. Gartner’s authors, Avivah Litan and Richard Hunter, reckon that the stated activities of the gang — 1.7 million credit card numbers stolen, with financial losses estimated at $4.3 million — doesn’t “give the entire picture”. The reason: Those figures translate to little more than $2.50 of fraud per stolen card. Much more likely, the two say, is that the gang used a small number of them to perpetrate big frauds, and the rest of the cards weren’t used, or were protected in some way by fraud detection software.

This, Gartner says, begs a question: If your credit card number is stolen, but no one successfully buys something with it, are you informed? No, Gartner says. Issuers “reason that they don’t know whether the card theft will ever result in fraud, and that it costs too much (about $10) and poses too much inconvenience to close an account and issue a new card.” This, sadly, is the same sort of fuzzy logic the bank in yesterday’s piece was using: ‘Our customers’ security has just been compromised but until something bad happens, let’s not worry them about it.’ As Gartner says: “The stolen card information will likely be used one day to commit either new account fraud or card fraud. Consumers would be better protected if they knew their card number had been stolen.”

My suspicion is that banks don’t want to inform customers of the problem, not just because of expense, but because they don’t want to scare them. Credit card fraud is a massive industry, processing, or attempting to process, millions of stolen card numbers a day. Most of those transactions don’t go through, for one reason or another. But how would you feel if your bank was not telling you that your credit card was out there, circulating on the darker corners of the Internet? My guess is you’d rather know about it, just as you’d rather know whether your account is vulnerable to phishers. Ignorance is not bliss.

News: The Ugly Truth About The Self-Checkout Lane

 I live in Indonesia, which teaches you tons about credit cards and how easy they are to get fraudulent with. But at least here they don’t allow you to swan past security with riding lawn-mowers you haven’t paid for. From the Sacramento Bee, a cautionary tale about the self-checkout lane in supermarkets where you swipe your credit card, wave a scanner over your goodies, and leave.
 
 
Speed and convenience, the paper says, have made the most basic fraud deterrent — checking IDs — nearly obsolete. Crooks know this, police say, and are abusing the technology with frequency. Sacramento County sheriff’s detectives estimate they receive 140 cases of credit card fraud each month.
 
Another interesting snippet: Most credit card companies and retailers don’t reveal their fraud numbers because if consumers knew how much fraud really occurs, they might lose faith in the credit system and the technology that accompanies it, said Stuart Taylor, vice president of VeriFone, the leading manufacturer of point-of-sale terminals. The company reports that payment systems fraud is growing at an alarming rate in many countries, including the United States.

News: Come To Australia, Skim Central

Looks like Australia is becoming a haven for credit card fraud, or at least a part of the business. An article on News Interactive says that losses by Australian banks to credit card skimming have risen by more than 400 per cent in the past year, according to The Australian Crime Commission (ACC). Organised groups have used portable card skimmers to obtain credit card data at gas stations, restaurants and in taxis, before selling this data to gangs in Malaysia, Indonesia, Hong Kong and Thailand, where it was transferred to plastic cards bearing the logos of Australian banks, before making fraudulent purchases.

Credit-card skimming involves the unauthorised copying of electronic data from a legitimate card. It is often done by dishonest shop assistants. Stolen data can then be encoded onto a counterfeit card, with the original card holder none the wiser until details of unauthorised spending start appearing on his or her statement. Current laws still allow the importation of skimmers, embossing machines and credit card blanks, but the ACC is calling for closer co-operation with police.“From some of the material [the ACC] has gathered so far, it would seem that since 2001, the problem of card skimming and card fraud has migrated to Australia”, ePaynews.com quoted cybercrime co-ordinator Scott McLeod as saying.