SAN FRANCISCO, 28 JUNE 2010 - The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.
The scam, which had been run for about four years years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.
"It was a very patient scam," said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. "The people who are behind this are very meticulous."
The FTC has not identified those responsible for the fraud, but in March, it quietly filed a civil lawsuit in U.S. District Court in Illinois. This has frozen the gang's U.S. assets and also allowed the FTC to shut down merchant accounts and 14 "money mules" -- U.S. residents recruited by the criminals to move money offshore to countries such as Bulgaria, Cyprus, and Estonia.
"We're going to aggressively seek to identify the ultimate masterminds behind this scheme," Wernikoff said. According to him, the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit card transactions through legitimate credit card processing companies.
Wernikoff doesn't know where the scammers obtained the credit card numbers they charged, but they could have been purchased from online carder forums, black market Web sites where criminal buy and sell stolen information.
The scammers stayed under the radar by charging very small amounts -- typically between $0.25 and $9 per card -- and by setting up more than 100 bogus companies to process the transactions.
U.S. consumers footed most of the bill for the scam because, amazingly, about 94 percent of all charges went uncontested by the victims. According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed. Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC.
As credit cards are increasingly being used for inexpensive purchases -- they're now accepted by soda machines and parking meters -- criminals have cashed in on the trend by running this type of unauthorized charging scam.
"They know that most of the fraud detection systems won't detect anything under $10 and they know that consumers won't complain about a 20 cent fee," said Avivah Litan, an analyst with the Gartner research firm who follows bank fraud. "What's different here is the scale, and that they got away with it for so many years," she said.
Sign up for Computerworld eNewsletters.