Credit card fraud – want to join the party?

Usually, when you see those little icons of payment cards put up on a web page, you assume it’s a list of the cards you can use when you pay for something on the site:

Sometimes, though, it’s a list of cards available to buy.

How does that work?

Let’s take a look.

Like me, you probably get a persistent stream of bogus email from phishers, carders, scammers and the like. They’re trying to trick you out of your money, your passwords and your digital identity.

That’s hardly unexpected. Scamming is, after all, what scammers do.

But sometimes you’ll get legitimate emails from the crooks.

OK, perhaps legitimate is the wrong word. What I mean is that they are overtly proposing criminality – not with you as the victim, but as a co-perpetrator:

In short, they sometimes use marketing EDMs (electronic direct mails – spam, in the vernacular) just like regular, legitimate companies.

They want your details not to steal from you, but to sell you things so you can steal from others:

They’re happy for you to be anonymous – indeed, it’s paradoxically probably slightly safer for them if they don’t know who you are. They only really need to care whether you’re an undercover cop or a genuine crook.

The terminology speaks largely for itself. Scam pages, bank accounts and credit cards are obvious. The others are common in carder-speak:

CVV Card Verification Value: the digits stamped on the back (or sometimes on the front) of your card that are not encoded on the magnetic strip. These are often used in online transactions to “prove” you have the card in your hand, not just a skimmed copy of the magstripe data.
SSN+DOB Social Security Number (the closest thing to a national ID number you get in the USA) and date of birth.
FULLZ Detailed (“full”) database records of personally identifiable information. For any individual, this might include full name, address, telephone number, full bank account details, SSN, DOB, employment details, and more.
DUMPS Copies of the raw data off payment card magnetic strips. Handheld or device-mounted skimmers capture and record dumps directly off the card. Modern malware also sniffs for raw card data in memory. Writing a dump to a blank magstripe creates a clone of the skimmed card.
PLASTICS Blank plastic cards for writing dumps onto. They may be plain, if they don’t have to pass human inspection (for example in an ATM). Or they may be counterfeits of cards in circulation, with varying degrees of quality and verisimilitude.

That’s really all you need to know. Unless you genuinely intend to become a criminal, keep clear of this stuff. Don’t sign up and play around with the Baddies just to see what happens. It’s tempting, but not a good idea.

It’s hard to keep perfectly anonymous online (whatever the legislators who are baying for yet more internet surveillance regulations might say). And if you aren’t as anonymous as you think, you might well end up on the radar screens of both the crooks and the cops.

As Mr Miyagi, of Karate Kid fame, pointed out, “Best way to avoid punch – no be there.”