June 19, 2003, 12:00 AM

Criminals find a way to get a free trial online of stolen card numbers

Criminals are using free online trials of products to test validity of stolen or generated credit card numbers. Because the trial authorizes a number but does not generate a charge, months can pass before anyone knows a card number has been compromised.


Online fraudsters have a new target in their sights: e-retailers that offer free or nominal-fee trials of products or services, says Jeff Foster, executive vice president of payment processor and security consultant Retail Decisions - U.S.A. To authenticate stolen credit card account numbers, criminals will use them to sign up for free trials on retail web sites, he says. "This happens thousands of times a day across the online retail spectrum," he tells InternetRetailer.com.

Criminals generate by high-volume random selections of 15-digit numbers, then try them out at web sites. They know they have an authentic account number as soon as they get confirmation from an e-retailer of their acceptance into a trial program, such as for a subscription to books or movie DVDs ordered online and delivered through the mail. But because there is typically no fee for the trial program immediately charged to the stolen credit card account, the transaction doesn`t alert the actual cardholder, merchant or card issuer to fraudulent activity, Foster says.

The costs to e-retailers can be enormous, because they must pay transaction fees to card processors, which can amount to close to $1 per transaction, then pay penalties for chargebacks, Foster says. Visa U.S.A. and MasterCard charge a $25 penalty per chargeback under conditions that vary based on the type of chargeback. He notes that one e-retailer processed 45,000 trial program authorizations in fraudulent card transactions over the course of a single week.

Foster notes that, under most trial programs, a charge won`t show up on the actual cardholder`s account statement until after what is normally a 30-day or 60-day period--giving the criminal plenty of time to start using or to sell a stolen account number before the authorized cardholder becomes aware of fraudulent activity.

Foster notes that most online commerce fraud is now driven by highly organized criminals, who compile information on how, when and where to get the best returns on fraudulent activity. For example, if an e-retailer sets a lower threshold for checking suspicious activity--say, for all purchases over $200--criminals will quickly learn that they can charge up to $199 on that site without alerting the retailer.


comments powered by Disqus




From The IR Blog


Cynthia Price / E-Commerce

4 tips for improving email marketing results

Every piece of data you collect can help you serve your audience exactly what they ...


Bart Mroz / E-Commerce

How smaller retailers can utilize data as effectively as Amazon

Smaller companies have more constraints, but once they set priorities can still benefit greatly from ...

Research Guides