In payment card fraud the game remains the same, it’s the technology and the names that change. In the 1990’s, when pick-pockets (dip-ins) stole peoples wallets they pocketed the cash and then went to well known bars and pubs to sell the debit and credit cards to ‘converters’ who had a team of people ready to use the cards to buy goods that could be sold for cash. This small scale business model still exists. However, it has been replaced by a new cyber model. 

New cyber stolen payment card business model

1. Card details still need to be stolen, this time by hackers who steal the payment card details, no longer 10 or 20 cards at a time, but in millions, e.g. 40 million credit card numbers were stolen from Target in the US. Every-day millions of card details are hacked.
2. Professional Dump Shops (Dumps’ is street slang for stolen credit card data) have been set up on the web to sell the credit card details. One leading ‘dumps’ shop is “McDumpals” which first went online in April 2013. Its logo and mascot are given below:
   • 
   • like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale
   • the store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud.
   •   3. Converters (professional thieves, and gangsters) buy the card details to create counterfeit new cards and then go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash.  

(The basic information for this item is from the excellent KrebsonSecurity.com web-site. For details on this item see, highly recommended.)

---

CTMfile take: The payment card schemes now put much of the responsibility for fraud control on the retailers who have to bear much of the card fraud costs if they do not comply with the required standards. This item shows that a major breach of your e-commerce systems could cost your company millions, McDumpals and many other ‘shops’ are ready to receive and exploit your customers’ payment card details. For best practices for minimising payment system fraud, see.