How Fraud Happens: The Eastern European Fraudsters Who Tricked Even the FBI

While the impacts of cybercrime are huge — breaches cost affected companies upwards of $15 million per incident — it can often feel like a nameless, faceless crime. As Bill covered in his post on the future of cybercrime, criminals are constantly innovating new ways to carry out fraud. Who are the people who steal credit cards, buy stolen numbers and attempt transactions with them? An article from May’s WIRED Magazine provides an interesting glimpse into the actual people behind fraud schemes, how credit card numbers fall into the wrong hands and how difficult it is to prevent and address this kind of crime. Businesses aren’t the only ones who are fooled by online criminals: As this article details, these fraudsters have even fooled the FBI.

The feature tells a story of lying, cheating, mistaken identity, double-crossing, double-agents and international espionage. But these fraudsters aren’t James Bond-style villains, as the article reveals. Here’s an anecdote on how the FBI caught a kingpin of the credit card theft Internet underground:

“[FBI informant] Popov mentioned to [RES, the fraudster] that some of his money came from a day job he held with a company called HermesPlast that was in the credit card printing business. Suggesting that the Russian apply for work there himself, he pointed RES to the company’s website and shared the email address of his purported boss, “Anatoly Feldman.”

RES sent Feldman an application the same day, with a copy of his résumé and a scan of his Russian national ID card.

HermesPlast, of course, was a fake company set up by [FBI agent] Hilbert and Popov. Now the FBI had RES’ real name, date of birth, and address. It was a surprisingly simple ploy that would work again and again. One thing Popov had always known about Eastern European hackers: All they really wanted was a job.”

Clearly, the perps out there stealing credit cards aren’t the mob masterminds consumers might picture when they hear of a big breach. That fact can also make this kind of theft harder to fight. This article lays out that fighting cybercrime isn’t as simple as sending bad guys to jail: There are complicated economics and geopolitics that go into preventing stolen credit card numbers from falling into the wrong hands. Even the FBI’s most successful efforts rarely lead to prosecutors:

“By [Agent] Hilbert’s count, the operation had taken some 400,000 stolen credit cards off the black market and alerted over 700 companies that they’d been breached by Eastern European hackers. Ten suspects would eventually be charged…but none extradited.”

That’s why technology like Sift Science is so crucial: Online businesses have to be prepared to protect themselves. In fighting cybercrime, law enforcement agencies have to deal with factors of international law, shifting diplomatic loyalties and the potential cybercriminals are involved in larger crime networks. This article paints a stark picture of exactly why it falls to businesses and their technology partners to protect customers, their data and their online experiences from those who seek to manipulate and steal from it.

There will always be stolen credit cards out there for sale. Building an internet based on trust requires e-commerce sellers to invest in building an online experience that prioritizes giving real customers a great experience rather than feeble attempts to give hackers a bad one.