You can buy and sell just about anything online these days, thanks to big retailers and auction sites like Amazon and eBay and advertising boards like Craigslist – but did you know that identity thieves, credit card fraudsters and other criminals are also doing brisk business online, selling stolen data on websites as slick as any legitimate online retailer?
That business should slow down significantly this week, after the seizure of 36 websites that sold stolen credit card numbers. Law enforcement from around the globe participated in the investigation and crackdown on sites such as cvvplaza.com and ccstore.biz.
The United Kingdom`s Serious and Organised Crime Agency (SOCA) worked with the US Department o Justice and the FBI to target these sites and shut them down. Lee Miles, the head of Cyber Operations for SOCA, said that the sting was “an excellent example of the level of international cooperation being focused on tackling online fraud.”
Shopping for Stolen Goods
How do these websites work? Criminals who deal in stolen personal data can peddle their wares – in this case, credit card numbers and security codes – by selling them via Automated Vending Carts (AVCs) on these sites. Anyone looking to use someone else`s stolen credit card information to make purchases can buy the data from the site. Essentially, these are criminals selling to other criminals.
AVCs allow cyber thieves to sell their stolen data quickly in large volumes, something that used to be more difficult to do. Technology that makes it easier for retailers to conduct commerce online, unfortunately, also makes it easier for criminals to do their business online.
All the sites, including cvvplaza.com and ccstore.biz, are now shut down and redirect visitors to a notice saying, in part, “The United States Government has seized this domain name pursuant to a seizure warrant … If you registered this domain name, or otherwise claim an ownership interest in this domain name, you should consult an attorney about your rights.” SOCA and its partners declined to identify any of the other URLs at the time.
Slick Sites Claim to be “Legit”
Before the seizure of cvvplaza.com, visitors to the site were greeted by a spokeswoman in a business suit who says that cvvplaza.com is “the number one CVV shop on the internet since 2010,” calling it a “legit” CVV website featuring “handpicked cards with high balances” and offering a “free CVV checker” to guard against invalid cards. The term CVV stands for Card Verification Value and refers to the last three numbers on the back of a credit card, also known as the security code. Customers making secure transactions online need to enter the CVV in addition to the credit card account number and expiration date.
Protecting Your Information
One thing that consumers can do to keep their credit card data secure when shopping online is to use a secure online account code, offered by many major credit cards, including Discover Card and MasterCard, which calls its version SecureCode. These are numbers that are generated specifically for consumers to use online, so that they never need to enter their actual credit card account number or CVV for any online purchase. A separate code can be generated for each purchase, or for each online merchant that a card holder frequents, depending on the credit card and their specific program.
As more and more purchases are made online and the exchange of money is increasingly virtual, consumers must be savvy about online security and protecting their card information. All major credit cards offer zero liability for fraudulent purchases, so customers should always check their statements carefully and alert their card issuer to any unusual or unfamiliar activity.