E-business vs. the perfect cybercrime

U.S. authorities cant touch credit card fraud from overseas By Mike Brunker ) MSNBC March 3  The Internet has revolutionized commerce by allowing businesses to sell globally, but it also has created what so far appears to be the perfect cybercrime  borderless credit card fraud. An investigation by MSNBC has learned that while criminals based overseas now account for up to a third of all online fraud directed at U.S. e-businesses, there is no evidence that a single one of these crooks has been prosecuted.

"IM NOT AWARE of any (prosecutions), said Mark Batts, the special agent in charge of the FBIs Financial Institution Fraud Unit. Thats not to say there arent any out there, but I think I would know about it if it had occurred.

The issue of international credit card thievery and fraud burst into the public consciousness in January with news of a heist of thousands of credit cards from the CD Universe Web site, allegedly by a teenage hacker from Russia. It continued to make headlines this week with news that Amazon.com had uncovered a Russia-based plot to defraud it and other e-merchants out of more than $70,000 worth of merchandise using stolen credit card information.

It has been known for sometime that organized crime groups and overseas free-lancers were responsible for some of the credit card fraud aimed at Internet merchants in the United States. But after more than a dozen interviews with industry insiders and e-business owners, it is clear that a much larger percentage of the fraud than previously known originates overseas. U.S. LAW ENFORCEMENT STYMIED

This new breed of international cybercriminals are aided by the fact that the address-verification system used by merchants to compare billing and delivery information in the United States is useless overseas.

It also has emerged that these criminals have thus far proven to be untouchable by U.S. law enforcement, which is hampered by the patchwork of laws on white-collar crime in other countries, jurisdictional questions, the indifference of some governments and the fact that investigation of such crimes is both time-consuming and expensive. Internet merchants fight back

Because consumers are generally not responsible for the fraudulent use of their credit cards online  the $50 they can be charged is usually waived by the issuing bank  and because fraud levels are near historic lows, banks and credit card companies have downplayed the seriousness of the problem. But for e-merchants, particularly those who run small online businesses, these criminals pose a significant threat that could destroy their business.

Batts, who took charge of the FBIs financial fraud unit late last year, said to his knowledge all investigative attempts that have attempted to track the international fraud artists have run into dead ends.

The Secret Service, which bears the primary responsibility for investigating credit card fraud, did not respond to repeated requests for an interview on the subject. But when informed that MSNBC intended to report that no credit card thieves based overseas have been prosecuted, the agency did not dispute that conclusion.

Neither were the The Justice Department, U.S. credit card companies, banks, credit card processors or Internet merchants able to identify such a case. THE RUSSIAN CONNECTION

Efforts to gauge the scope of such fraud are even more difficult because of the scarcity of data about online credit card abuse. But anecdotal evidence suggests the international fraud artists are netting many millions of dollars each year. Cards and the Web

Robert Aguirre, manager of the special investigations unit for Cardservice International, a credit card processor with a reputation for doggedly pursuing credit card thieves, said that the experience of his team suggests that approximately a third of all fraudulent Internet transactions originate in the former Soviet Union and its erstwhile allies in Eastern Europe. Many of the rings appear to be run by organized crime, he said.

"Weve had quite a few instances where the activity seemed to be coming out of what would be the old Soviet Union. Weve had several cases where monies were being created and were being wired to St. Petersburg, Russia. So I cant help but think that there are some Russian-influenced crime groups that are exploiting this thing. Other industry insiders offered higher and lower estimates of the percentage of fraud that originates overseas, but none disputed the contention that it makes up a significant portion of the overall picture. HOW THE CARDS ARE STOLEN The sophistication the criminals exhibit in harvesting the credit card information needed for their schemes supports his contention.

Betts, the FBI agent, and other experts say most of the credit card information used for the fraudulent online purchases apparently is obtained the old-fashioned way: stolen from mailboxes or swiped through a card reader by accomplices working in restaurants or stores. The stolen credit card information is then transmitted to the thief or thieves overseas, who begin their electronic assault on Internet merchants by charging as much merchandise as they can in as short a time as possible. In some cases, they will attempt to ship the goods directly to the country they are operating out of, where the credit card address-verification system cant be used because of stringent privacy laws. In other cases, since many Internet sellers are now leery of shipping expensive merchandise overseas, they will enlist accomplices in the United States who set up drop sites in vacant homes or rent living quarters under false names. By the time the e-merchant realizes the purchase was made using stolen credit cards, the goods  and the crooks  are gone. While anecdotal evidence suggests online credit card fraud is a growing problem, theres no way of telling for sure. NO TRACKING OF NET FRAUD

Officials at Visa and MasterCard said that they are in the process of establishing tracking systems for fraud committed over the Internet and cannot state with certainty what percentage of their overall losses are attributable to criminals based overseas.

We dont have any hard-and-fast numbers that say what the international vs. the domestic is at this point, said Vincent DeLuca, vice president of fraud control at MasterCard International. Its only anecdotal from some of our members and from some of the exchange of information that goes on with law enforcement, and things weve seen in the media and horror stories weve heard from some of our online merchants. http://www.msnbc.com/news/376973.asp

-- Jen Bunker (jen@bunkergroup.com), March 10, 2000