 |
|||||
 |
|
 |
|||
 |
|||||
Which is easier: To steal a million from one person or one dollar from a million people? The latter, according to the Federal Trade Commission (FTC), and the FTC knows what it’s talking about. A recent FTC investigation uncovered an elaborate credit card scam that extracted up to $10 million from over 1.35 million credit and debit cards, all in increments ranging from 20 cents to $10.
The fraudulent “micro charges” may be the new trick up the sleeves of cyber scammers. Not only do small credit card charges often go unnoticed, even when cardholders do spot the unusual activity, few bother to investigate the charge, simply because the amount is so small. According to the FTC, out of the 1.35 million affected by the micro payments fraud, only about 10 percent of the victims actually filed complaints.
The scam began in 2006, when the thieves established over 100 fake limited liability companies through which to run payments from compromised credit cards. The companies were set up by unknowing “money mules,” recruited by the fraudsters through a spam campaign advertising the need for a U.S.-based financial manager for an international service company. In addition to setting up the limited liability companies, the money mules were also employed to open multiple bank accounts and wire the stolen money to a number of banks in Eastern Europe.
The fraudsters went through elaborate hoops to give their identity heist a convincing front. They purchased domain names and set up phone numbers (forwarded overseas by a legitimate business service) as well as virtual addresses for their fake companies. They used stolen tax ID numbers from real companies to set up merchant accounts with credit card processors, and when asked for information on company executives, the thieves provided stolen names and social security numbers from their victims. In order to go undetected, the thieves logged into their payment processor websites from IP addresses located near their virtual offices.
Through these measures and more, the criminals managed to evade credit card issuers’ fraud detection systems and rack up $10 million in micro charges on the compromised credit card accounts. Charges showed up on victims’ card statements with a merchant name and toll-free number. Of course, the toll-free number lead straight to a recording stating the number had been disconnected and instructing the caller to leave a message—which, needless to say, was never returned.
While the nine-month investigation has enabled the FTC to unearth in-depth information on how the criminals ran their business, authorities are still in the dark about who the credit card thieves actually are. The FTC has shut down the merchant accounts used by the scammers and tracked down at least 14 of the money mules, who unwittingly were helping the international cyber gang. However, the money mules appear to have been kept as much in the dark as the victims of the scam. Authorities have also been unable to determine how the credit card numbers used were compromised. According to FTC staff attorney Steven Wernikoff, no discernable pattern has been found between the type of card abused and the scam.
The tale offers a sobering reminder for cardholders that credit card fraud remains an ever present threat; in these days of large-scale cyber fraud, no one is immune to credit card fraud. Check your credit card statement carefully each month, and if there are charges you don’t recognize, however minor, call your card issuer immediately.
