Cyber criminals are using stolen credit cards to give money to charities, but it’s not because they’re trying to do the right thing.

Writing on the Symantec’s Enterprise blog, Yazan Gable, a researcher in Symantec’s Security Response group, noted that criminals need some way of determining whether stolen credit cards work without arousing suspicions. Donating small amounts of $10 or so to charities, such as the Red Cross, is an effective way of doing this.

Symantec found about this technique by monitoring IRC channels set up to discuss stolen credit cards.

“In the world of carding, where stolen credit card information is bought and sold, carders need to know if the credit cards they are buying or selling can actually be used,” wrote Gable. ”It is sometimes difficult for them to verify this without raising any alarm bells and risking that their cards will be identified as stolen and disabled.”

Gable predicts that this method of credit card validation will grow.

Bank behavior monitors may be less likely to pick up on donations to charities,” said Gable. “Legitimate charitable donations are not daily transactions for anyone with a credit card, and so it would be difficult to determine if they are out of the norm. As such, it wouldn’t be too surprising to see this trend grow. “

Gable ends his post on a somewhat positive note: “I guess the one thing to note here though is that at least some of the stolen money is going to a good cause.”

For the record, charities such as the Red Cross return money that has been donated using stolen credit card details.

Related:

Entry was posted on Saturday, July 7th, 2007 at 11:15 am under Internet, Security.

Read more entries by John Pospisil.
Stumble It!