Are any of you experiencing "carding" fraud?
OK, here's a touchy question. Touchy because:
a) no one wants to admit they're a victim of fraud
b) no one wants to attract more fraud by talking about it
That said, my website, bankjobs.com, experiences something known in the banking industry as "carding" on a somewhat regular basis. We stop most of it before it goes through, but it's an annoying aspect of online business today.
Here's how it seems to work:
* Underground internet credit card thief gets a bunch of card numbers/addresses
* Underground internet credit card thief wants to re-sell this information
* In order to sell this info, thief must prove that it's valuable (that the card limits are desirable)
* For this, he/she turns to the internet, and websites that sell an "intangible good" that doesn't actually ship. All he/she needs is an email confirmation of their purchase, noting the amount charged, to verify that the card will go through for a large purchase.
* Card thief then sells the stolen card info, along with proof that it works for X amount.
* If we catch it (we have a fraud team for this), we stop it and void it before it goes through
* If we don't catch it, it goes through and ka-ching, we get hit with a minimum $35 charge from our bank for every chargeback (once the person whose card was stolen realizes it and begins contesting charges)
I recall hearing that non-profits, in particular, are being hit with these fairly regularly -- I read something about an unfortunate percentage of United Way and Red Cross pledges being actual acts of "carding," not giving.
We've wondered why bankjobs.com might have attracted such attention.
For one thing, our natural search placement (#1 on Google and more other top search engines for "banking jobs") may actually be hurting us here. (Not complaining, though. It's nice to be up top.)
And our url might also attract some attention (it's an obvious one for our industry).
And maybe the industry that we're in, and the amount people can put through a charge of resume database access ($1K) -- all these things might be adding up to us being attractive for such things.
Some questions for the group:
To what extent does your board experience carding?
Do you have systems in place to watch for it?
When it happens, to whom do you report it? (We've found that unfortunately the card issuers do a poor job of knowing what to do with that kind of information.)
And finally...am I absolutely insane to post this?!
a) no one wants to admit they're a victim of fraud
b) no one wants to attract more fraud by talking about it
That said, my website, bankjobs.com, experiences something known in the banking industry as "carding" on a somewhat regular basis. We stop most of it before it goes through, but it's an annoying aspect of online business today.
Here's how it seems to work:
* Underground internet credit card thief gets a bunch of card numbers/addresses
* Underground internet credit card thief wants to re-sell this information
* In order to sell this info, thief must prove that it's valuable (that the card limits are desirable)
* For this, he/she turns to the internet, and websites that sell an "intangible good" that doesn't actually ship. All he/she needs is an email confirmation of their purchase, noting the amount charged, to verify that the card will go through for a large purchase.
* Card thief then sells the stolen card info, along with proof that it works for X amount.
* If we catch it (we have a fraud team for this), we stop it and void it before it goes through
* If we don't catch it, it goes through and ka-ching, we get hit with a minimum $35 charge from our bank for every chargeback (once the person whose card was stolen realizes it and begins contesting charges)
I recall hearing that non-profits, in particular, are being hit with these fairly regularly -- I read something about an unfortunate percentage of United Way and Red Cross pledges being actual acts of "carding," not giving.
We've wondered why bankjobs.com might have attracted such attention.
For one thing, our natural search placement (#1 on Google and more other top search engines for "banking jobs") may actually be hurting us here. (Not complaining, though. It's nice to be up top.)
And our url might also attract some attention (it's an obvious one for our industry).
And maybe the industry that we're in, and the amount people can put through a charge of resume database access ($1K) -- all these things might be adding up to us being attractive for such things.
Some questions for the group:
To what extent does your board experience carding?
Do you have systems in place to watch for it?
When it happens, to whom do you report it? (We've found that unfortunately the card issuers do a poor job of knowing what to do with that kind of information.)
And finally...am I absolutely insane to post this?!
Tags: card-not-present, fraud
Replies to This Discussion
-
Permalink Reply by Chris Russell on
-
Shannon you are not alone. My job boards are targeted as well. Fortunately I can spot them them almost 99% of the time and remove their account before any damage can be done. We check every order that comes through to make sure its legit and issue refunds to the card immediately after discovering any fraud.
I think any job board that accepts credit cards have been targets over the years. The amount of fraudulent attempts seem to be much worse this year. Just ask Monster.
-
Permalink Reply by Jeff Testerman on -
Hi Shannon, you are exactly correct in your assessment of this type of criminal activity. We had a few brief episodes of this earlier in the year as well. We tightened down some security measures for online purchases and it seems to have ceased. Our industry is an easier target as it’s an intangible product and nothing ships and credit cards are validated immediately.
-
Permalink Reply by Brendan Delaney on -
I see it fairly often. Beyond.com has set up a double verification system whereby when a job is paid for with a credit card, the poster gets an email that they have to click a link to confirm. You might want to reach out to Adam Berkowitz in biz dev at Beyond.com, he might be willing to elaborate as a professional courtesy. Just call the main line and ask to be put through to him.
As a general rule, I have found that anyone posting jobs with a yahoo, hotmail, msn, or gmail email address doesn't double confirm, and are probably frauds.
© 2008 Created by Chris Russell
