June 19, 2003, 12:00 AM

Criminals find a way to get a free trial online of stolen card numbers

Criminals are using free online trials of products to test validity of stolen or generated credit card numbers. Because the trial authorizes a number but does not generate a charge, months can pass before anyone knows a card number has been compromised.

 

Online fraudsters have a new target in their sights: e-retailers that offer free or nominal-fee trials of products or services, says Jeff Foster, executive vice president of payment processor and security consultant Retail Decisions - U.S.A. To authenticate stolen credit card account numbers, criminals will use them to sign up for free trials on retail web sites, he says. "This happens thousands of times a day across the online retail spectrum," he tells InternetRetailer.com.

Criminals generate by high-volume random selections of 15-digit numbers, then try them out at web sites. They know they have an authentic account number as soon as they get confirmation from an e-retailer of their acceptance into a trial program, such as for a subscription to books or movie DVDs ordered online and delivered through the mail. But because there is typically no fee for the trial program immediately charged to the stolen credit card account, the transaction doesn`t alert the actual cardholder, merchant or card issuer to fraudulent activity, Foster says.

The costs to e-retailers can be enormous, because they must pay transaction fees to card processors, which can amount to close to $1 per transaction, then pay penalties for chargebacks, Foster says. Visa U.S.A. and MasterCard charge a $25 penalty per chargeback under conditions that vary based on the type of chargeback. He notes that one e-retailer processed 45,000 trial program authorizations in fraudulent card transactions over the course of a single week.

Foster notes that, under most trial programs, a charge won`t show up on the actual cardholder`s account statement until after what is normally a 30-day or 60-day period--giving the criminal plenty of time to start using or to sell a stolen account number before the authorized cardholder becomes aware of fraudulent activity.

Foster notes that most online commerce fraud is now driven by highly organized criminals, who compile information on how, when and where to get the best returns on fraudulent activity. For example, if an e-retailer sets a lower threshold for checking suspicious activity--say, for all purchases over $200--criminals will quickly learn that they can charge up to $199 on that site without alerting the retailer.

 

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Jochen Moll / B2B E-Commerce

Grasping the global dimensions of B2B e-commerce

To successfully sell online to businesses around the world suppliers must get a lot of ...

FPO

Bart Schaefer / E-Commerce

Applying back-to-school lessons to holiday e-mail strategy

It’s time to begin holiday “drip” campaigns that send a sequence of messages to consumers, ...

Advertisement