Recently KrebsOnSecurity has written a post detailing a rash of fraudulent 9.84 charges on credit cards across the globe. He tracked these charges through to dozens of randomly named websites that appear to be set up like affiliate sites. However, he ventures to guess (and so do savvy commenters) that the sites are not really affiliate sites at all but a front for a network set up to scam lots of people for such a small amount that the banks will just take the loss and ignore them.
The interesting thing about this is that Krebs was easily able to track a lot of this through simple means. He tracked them all the way to a credit card processing company in Cyprus, which then later told him they had cut off their business relationship with that particular client due to the complaints about unauthorized charges.
Basically this is not new – these complex crime setups are commonplace and have been for years. It’s similar to what has been going on with the infamous “ebook” websites for several years.
The process is complicated but not that hard to understand, although it would seem rather difficult at first. Somehow these folks have access to credit card information beyond what they should have, and this is a big question mark. They then set up merchant accounts for the individual websites, two accounts per site to siphon the money so the charges can’t be reversed, and then the money is wired out internationally in increments too small to be regulated. Third they hire “mules” who are actual US citizens who are quite in the dark about what’s going on. They are simply hired as liasons to an overseas firm and are asked to set up LLC companies in their name and obtain a tax ID number. This should set off alarm bells but some people have literally no idea what they are doing.
The point is, you should absolutely keep a close watch on your credit card and debit card account statements on a regular basis. Report any mysterious charges as fraudulent and give the bank or institution as much information as you can. If you ever get any unauthorized charges you must replace your card as your data is floating around there on the internet somewhere and it could be sold or used again.