Following the money: how spammers do their banking

Brian Krebs is continuing to report on the latest research on spammers and scammers, today naming and shaming the banks that process payments for fake anti-virus and rogue pharmacy affiliate networks, and on the system used by scammers to prevent being cut off by Visa and Mastercard.

Researchers from the University of California, Santa Barbara spent several months infiltrating three of the most popular fake antivirus (fake AV) "affiliate" networks, organized criminal operations that pay hackers to deploy the bunk software. The researchers uncovered a peculiar credit card processing pattern that was common to these scams; a pattern that Visa and MasterCard could use to detect and blacklist fake AV processors.

The pattern reflects each fake AV program's desire to minimize the threat from "chargebacks," which occur when consumers dispute a charge. The fake AV networks the UCSB team infiltrated tried to steer unhappy buyers to live customer support agents who could be reached via a toll-free number or online chat. When customers requested a refund, the fake AV firm either ignored the request or granted a refund. If the firm ignored the request, then the buyer could still contact their credit card provider to obtain satisfaction by initiating a chargeback; the credit card network grants a refund to the buyer and then forcibly collects the funds from the firm by reversing the charge.

Excessive chargebacks (more than 2-3 percent of sales) generally raise red flags at Visa and MasterCard, which employ a sliding scale of financial penalties for firms that generate too many chargebacks. But the fake AV companies also don't want to issue refunds voluntarily if they think a customer won't take the next step of requesting a chargeback…

According to the researchers, the banks are:

FMBE Bank Limited, Cyprus (SWIFT Code FBMECY2N)

Bank Hapoalim BM, Israel (SWIFT Code POALIL)

Ceska Sporitelna A.S., Czech Republic (SWIFT Code GIBACZPK)

International Bank of Azerbaijan (SWIFT Code IBAZAZ2X)

JSCB Bank Standard, Azerbaijan (SWIFT Code MOSZAZ22)

Makes me proud of my Azerbaijani background, it does (my dad was born in a refugee camp near Baku).

Which Banks Are Enabling Fake AV Scams?