Online credit card scam stole millions, pennies at a time

a photo illustration of online identity theft scams

An online credit card scam using identity theft and fake merchants raked in millions by charging millions of victims pennies at a time. Don Hankins photo.

An online credit card scam that stole millions of dollars, pennies at a time, was halted by the U.S. Federal Trade Commission. The online credit card scam used fake companies and identity theft to steal small amounts of money that went undetected by consumers or fraud detectors. Over four years, more than a million people were charged anywhere from 25 cents to $9 on their credit cards in an online scam that added up to more than $10 million.

Most scam victims didn’t notice

The elaborate online credit card scam operated undetected because scammers made very small charges and set up more than 100 bogus companies to process the transactions. PC World reports that U.S. credit card holders financed most of the scam because about 94 percent of all charges went uncontested by the victims of identity theft. According to the FTC, the scammers charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed. Typically they made just one charge per card number to fake business names such as Adele Services or Bartelca LLC. Avivah Litan, an analyst with the Gartner research firm who follows bank fraud, told PC World:

“They know that most of the fraud detection systems won’t detect anything under $10 and they know that consumers won’t complain about a 20 cent fee. What’s different here is the scale, and that they got away with it for so many years.”

A trend in credit card fraud

The online scam is a textbook case about how online services used to facilitate business in the 21st century can be exploited for credit card fraud. As credit cards are increasingly being used for inexpensive purchases–they’re now accepted by soda machines and parking meters–credit card fraud criminals have cashed in on the trend. The IDG News Service reports that the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than 1 million fake credit card transactions through legitimate credit card processing companies. One of the largest payment processors in the U.S., First Data, was a favorite of the scammers. Of the 116 fake merchant accounts the FTC uncovered, 110 were with First Data. The scammers also set up bogus accounts with Elavon and BBVA Compass.

Source of identity theft uncertain

The FTC believes the defendants may have run credit checks on the identity theft victims to be sure they were creditworthy. The FTC doesn’t know where the scammers obtained the credit card numbers they charged, but they could have been purchased from online carder forums, black market Web sites where criminals buy and sell stolen information.

A textbook online credit card scam

To create the virtual infrastructure for the online credit card scam, Webpronews reports that the scammers set up fake physical addresses and fake web sites pretending to sell products, along with a real company’s tax number found online. Scammers then sent out spam e-mail pretending to recruit American finance managers for offshore financial service companies. Those selected by the scammers were persuaded to set up dummy corporations to receive the credit card payments and send the money to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan.

Other recent posts by bryanh