The story of one crook. Should a business resist theft, and what happens to it

Most recently, we had an interesting story that we want to share on Geektimes, since we have an official blog here. This can be an illustrative case for managers of small companies that operate on the Internet and, accordingly, face the traditional problems of online business. Is it worth it to be led by scammers, even if they threaten to “ruin your reputation” and that you will no longer have clients? Do you even need to think about what products customers send with your help (if you are mailforwarder) and how do you pay your customers?

Today we will talk about the fraudulent use of other people's credit cards and what happens when a company brings a scammer to clean water.
')
Immediately it is worth mentioning that we consider the security of payments to be a very important aspect of our work. We view the prevention of fraud on the site as our area of ​​responsibility. The department that deals with these issues in Banderolk has been operating for several years and even runs a separate project Anticarder.com (which is used by many large Russian mail forwarding services). But the conversation is not about him.

So, a few weeks ago, Banderolk discovered suspicious activity in one of the accounts. The initial check revealed that the actions of the client really look atypical. Therefore, we continued the investigation. In the course of it, it became clear that the client was involved in the theft of foreign credit cards. And he does it for a long time, on an ongoing basis.

Apparently, assuming that law enforcement agencies do not care about him, he was not particularly hiding, which allowed us to gather a substantial evidence base, on the basis of which we came to the conclusion that we were dealing with a fraudster and that he was behind the names on the forums. Please note that all third-party data published in our mini-investigation are taken from public sources.

Who is our “hero”? His name is Konstanin Gennadievich Besprozvanny , born on August 7, 1993 (23 years old), lives in Yekaterinburg. In warning the guardians for the safety of personal data, we emphasize that he did not even think about hiding and several times published posts in our Vkontakte group directly from his account.

Let's start with email. He is quite noticeable at Konstantin - jiks1993@gmail.com , another of his mail is on Yandex and starts with the same letters - jiks13@yandex.ru , well, and the third box is right here - jiks@bk.ru . As you can see, they all coincide with his own Vkontakte address - vk.com/jiks13

As we have said above, whether it is from the feeling of complete impunity, or due to the nature of the mindset, Konstantin has inherited the network using these data.



Therefore, our first step was to establish a fundamental connection between the “client” and the fraudulent schemes. It's easy to see that this can be done quickly and easily. And on different sites.

Here he is at the well-known international forum of Internet fraudsters, where he has his account, thanks for describing the next fraudulent scheme and promises to try it out:



leakforums.net/thread-672489&page=4

And this is another Carder forum, where the hero of our story takes part in the discussion about cashing stolen bank cards through replenishing the balance of SIM cards:



www.dublikat.co/threads/zavliv-sim.15010

Pay attention to the dates of discussions. It is quite obvious from them that for our “hero” this is not some random episode of his biography, but an old and constant activity.

Go ahead. After we found out that Konstantin the Impenetrable, to put it mildly, is not a highly moral person, it is interesting to look at his activity precisely on the Bandera website. Here, as it turns out, our “client” didn’t bother too much either and made the classic mistake of a presumptuous carder. They call it “hammering carriage (or cardboard) on the middle.” What in normal language means that Konstantin decided to use stolen credit cards directly on the Bandera's website. And immediately brute force many cards. It is worth emphasizing the word "credit". As you probably know, cards are different: credit, debit, and prepaid. And if a debit or prepaid foreign card is not difficult to get, then you need to be a resident of the card issuing country for a credit card, or at least live in the country for a long time, have local legal status, earn income and pay local taxes. This is what allows you to rely on a loan from a local financial institution. And, as a rule, not immediately, but only after several years.

Maybe, you say, it was like that, and Konstantin managed to somehow get an American credit card? Maybe. Moreover, many customers of the Parcel Package use cards issued in the USA without any problems. For example, our “hero” could have relatives abroad. But how to explain that Konstantin the Independent simultaneously owns credit cards of Germany, Belgium, Australia, France, the Republic of South Africa, and also cards of Ireland and Italy? And the maps of some countries are presented not in one copy. For example, only German credit cards Konstantin used 4 pieces on the Bandera's website, Australia - 2 pieces.

Here you can see some of the payments of our “hero”. We look at the status of payments. Blocked means that the payment is found fraudulent by the processing center. Such payments are called chargebacks. Processing minus them from the business account and each such chargeback, as a rule, is added a penalty of 15-35 dollars.



And here you can see the details of a separate blocked payment. These are just two examples of many. We will not give screenshots of each payment, but you can pay attention to the fact that the cards are credit cards.





Naturally, having received such a number of suspicious payments from Konstantin, we contacted our processing center, and after a while they confirmed that all payments were found to be fraudulent and the cardholders stated that these transactions were unknown to them.

After we were convinced that all the funds with which Konstantin was trying to replenish his balance, were returned to their rightful owners, we blocked his account and told him that two parcels that had come to our warehouse by that time should be returned to sellers, that we terminate any cooperation and in the future the account will be closed forever.

Unfortunately, instead of quietly returning the parcels to the sellers and then resolving the issues with them separately, Konstantin decided to give black as white and published a post that Banderolk had taken his parcels. Moreover, he initiated spamming attacks on our official Vkontakte communities, on Facebook, and on YouTube. It is worth emphasizing that these were not attempts to really clarify the situation, these were precisely the attacks of hundreds of spammers and bots with obscene expressions and insults against both our company and individual employees.



The behavior of Constantine is somewhat different from the typical behavior of the carder after the ban. He appeals to the public, posting on the Internet several posts about the Banderolk “scammers”, where he shows screenshots, how he used some unnamed referral to get money for which the goods were bought, to prove the legitimacy of his activity (like screenshots of iPhones on some site ads explain something - leave it to the reader for reflection).

That is, he does not sit "quietly", even knowing that Banderolka, and potentially the law enforcement agencies of the Russian Federation, have his data, and even triumphant, thinking that the only information against him is his suspicious registration in a strange "referral system" . Konstantin’s confidence in his abilities can be explained by several factors: firstly, judging by the activity on the Internet, besides carding, he tries to deal with spam and doorways, secondly, he didn’t know that all the failed attempts of stolen credit cards from Our processing center is also visible, or, perhaps, thinks that this is not a criminal activity.

And here you can observe an interesting phenomenon: “the public” believes him, because if you do not get a grasp of the posts of Constantine, the position of an ordinary person-buyer (even if with a slightly muddy history) going against a big and “presumptuous” company is understandable and close to the heart the Russian man, and the Banderolk at this moment turns out to be pretty stingy with comments and is not in a hurry to upload a bunch of screenshots. All those who doubt and ask questions under the posts of Constantine are mercilessly driven into a minus and banyat, apparently - not without the help of bots.

Obviously, spamming attacks on all fronts (VC, YouTube, Instagram, Facebook) are detrimental to any company operating on the Internet, and surely many companies would be smaller in size and go to the conditions of a fraudster - who now needs a negative "noise "? We, unfortunately, have already seen this in the market of mail forwarders, however, for a company this usually ends sadly.

We are rightfully proud of our reputation and we value, and we are not going to carry on negotiations with obvious fraudsters, which we wish for our colleagues from other companies.

One can only speculate why Konstantin the Impenetrable did not want to send parcels back to the store. For us, the fact that he tried to pay for the services of the parcel with a stolen credit card is enough. In this connection, he was blacklisted, and not only here, but also in other mail forwarders.

Separately, it is worth emphasizing: we give the law enforcement agencies all the necessary information about each such case, but, nevertheless, we are convinced that it is the company's responsibility to prevent any fraudsters from using its services. This is a responsibility both to customers and to the law. Because otherwise, the law in the face of US law enforcement agencies will come to us as accomplices of the crime, and then not only our company will suffer, but also tens of thousands of customers whose purchases are in our warehouses every day.

Also, if we are talking specifically about the damage to the business, then upon receipt of payment by stolen credit cards, he suffers direct financial losses, because every fraudulent transaction is also a penalty that processing centers apply to the business. And if such cases are repeated regularly, then it is the business that loses the license and, in general, the ability to accept payment using credit cards.

Therefore, as you understand, besides the moral aspect (which is very important and lies in the concept that it is not good to steal, but the thief should be in prison), there are also quite prosaic reasons that any responsible business should do everything possible to ensure protection themselves and their honest customers from the actions of fraudsters.

Over the past few days, we have been asked the same question more than once in different forms: “Does Banderol have the right to call someone a fraudster? Doesn't it make it easy for Parcel Banners to send parcels without being interested in how legitimate this or that purchase is? ”

These and other similar questions can be answered with a quotation from Jerzy Lec: “It’s ugly to suspect, if you are quite sure.” In this case, we are fully confident that Konstantin the Impenetrable is a fraud. He can argue with that by suing us. There we will be happy to provide all the facts already on paper. True, there is a suspicion that Konstantin will not go to any court. Well, or go for a completely different reason and in a different capacity. In the meantime, we are waiting for the agenda and we will continue to close the accounts of fraudsters, send their purchases back to the stores and do everything in our power to ensure the safety of honest customers of the Banderolka.

All the parcels of Constantine the Impossible are sent back to the sellers.





You can check the tracking of these packages here:

tools.usps.com/go/TrackConfirmAction?tLabels=9405510200828099042918
tools.usps.com/go/TrackConfirmAction?qtc_tLabels1=9405510200829098966861