Credit card transactions for products and services advertised via junk email originate with just a handful of banks, according to a team of California academics.
Researchers from the University of California, Berkeley and the University of California, San Diego used prepaid Visa and MasterCard debit cards to follow the money trail from their inboxes to the offshore bank accounts of spammers and their suppliers. In their report, published on a UCSD website, the research team revealed that just three offshore banks processed payments for 95 percent of websites featured in common spam messages.
Spam systems uncovered
Credit card details play a crucial role in the growth of spam networks, such as the "Grum Botnet" spotlighted by researchers. Although most investigators and credit card fraud teams focus on minimizing cybercrime and identity theft activities launched through spam attacks, the California teams discovered a network of businesses that developed complex fulfillment systems to prevent chargebacks and to encourage repeat business.
Under this model, a team of spammers could make more money over time selling many of the same goods to repeat customers than by simply selling credit card account details to fraud rings. Out of 56 completed transactions during the study, only seven of the team's orders failed to arrive.
Though top rated credit cards already offer significant consumer protection, few customers feel compelled to file transaction disputes after packages arrive from fulfillment centers in India, China, and even the United States.
Visa, MasterCard could team up to block spam funding
Efforts by the technical community to block consumers' access to potentially fraudulent websites have often been thwarted by a combination of hacker attacks and customer frustration. The researchers suggest that American credit card issuers could help curb the growth of spam-sending botnets by choking off the supply of cash to merchants on a "financial blacklist."
The team suggested that a partnership between credit card platform providers like Visa and MasterCard could eliminate many spammers' financial incentives, just as a similar enforcement action closed off most Americans' access to illegal online gambling operations.