Who’s using stolen payment cards?

Hint: They’re well organized. 

Part 2 | Part 3

In this three-part series, we’ll look at how individuals and organizations involved in card data crime operate. We’ll begin by looking at their highly organized nature.  

Much like with legitimate businesses, each contributor in these criminal enterprises has a particular role to play. Some are specialists; others oversee and manage the entire operation. Every part of the industry organizes itself differently. Some are part of discrete, vertically-integrated organizations. Others provide specialized services, “for hire”. . The complexity of the “stolen card supply chain” continues to mature as thieves find new efficiencies to increase proceeds, reduce cost, and minimize risk.   

Last year, the Department of Justice hit a sophisticated fraud ring known as "Carder.su.” This international criminal organization is believed to have stolen more than $50 million. The syndicate trafficked in, compromised payment card data, stolen identities, and even narcotics, among other things. 

U.S. Attorney Daniel G. Bogden described the group as “sophisticated and designed to prevent attack by rival organizations and detection by law enforcement. Its members had defined roles . . .” The vetting process for new participants included references from two well-reputed existing members. 

Two particular convictions offer an intriguing view into the inner workings of this group.  

The first such conviction is that of Makyl Haggerty of California in August 2014. His role as part of the Carder.su enterprise was that of “vendor.” He employed the trade names “Wave” and “G5” when peddling his wares—fabricated credit cards and identity documentation—downstream to others under the Carder.su umbrella.  He wasn’t  an “employee”, so to speak, but rather a service provider. Ultimately, he was sentenced to serve 100 months in federal prison and ordered to pay approximately $50.5 million in restitution to the victims.  

Another convicted member that we’ll discuss was a man from Georgia, Cameron Harrison. His role in the operation of Carder.su was different than Haggerty’s. He worked downstream and, in fact, was a customer of vendors, like Haggerty. He purchased stolen and counterfeit credit card data and forged identity documentation. He, in turn, was part of another group called “Shadowcrew,” to which he served as a vendor. As you can see, middle men aren’t limited to legal commerce.  

How can you counter the attacks of well-organized individuals and crime syndicates? Be just as organized, or more so, when it comes to your business operations and fraud mitigation strategy. Leverage the power of the network by partnering with other merchants, your processor, and/or provider to tap into a shared database of timely intelligence to detect fraud.  

Neeraj Gupta, Product Manager, Vantiv eCommerce