Inside Organized Credit Card Fraud

David Thomas is a former con artist who worked for the FBI running a credit-card-trading site used to track crooks, and Wired has begun posting a three-part series about his work.

It was November 2002, and Thomas, then a 44-year-old Texan, was in Washington to collect more than $30,000 in merchandise that a Ukrainian known as “Big Buyer” ordered from with stolen credit card numbers. His job was to collect the goods from a mail drop, fence them on eBay and wire the money to Russia, pocketing 40 percent of the take before moving to another city to repeat the scam.

But things didn’t go as planned

After being apprehended, Thomas switched sides, helping the FBI track and catch criminals.

From bedrise to bedrest, seven days a week, he rode the boards and forums of his and other carding sites using the online nickname El Mariachi. He recorded private messages and IRC chats for the FBI as “carders” schemed to, among other things, sell stolen credit and debit card numbers, defraud the George Bush and John Kerry campaign sites, drain hundreds of thousands of dollars from bank and investment accounts, sell access to Paris Hilton’s T-Mobile account and run phishing scams against U.S. Bank and the FDIC. He did it all while battling denial-of-service attacks against his site and dodging attempts by his old partner Taylor and other carders to track his whereabouts and out him as a fed.

Interesting stuff. —MEGHANN MARCO

This isn’t the first time we’ve encountered Thomas, Small World Podcast did a great interview with him back in July, where Thomas told the listeners, “If you’re not willing to protect yourself from people like me, you will get screwed. It’s not a question of if, it’s when.” — BEN POPKEN

I Was a Cybercrook for the FBI [Wired via BoingBoing]


Edit Your Comment

  1. timmus says:

    I’ve been a merchant for 16 years and could practically write a book on how to con and swindle financial information, with all that I’ve seen over the years.

    A couple of times when I was naive enough to think that Visa and Mastercard actually cared about security rather than their bottom line, I called them about big orders that had bogus written all over them, with shipping addresses like Jakarta. Nobody I spoke to was interested, and they scoffed at my suggestion that they at least have the common courtesy to tip off the cardholder (Visa/Mastercard do not provide you with any mechanism to initiate contact with a cardholder). I shredded the order and you can bet the scammer continued using the card to get goods from elsewhere.

    My guess is that Visa and Mastercard have learned how to trim costs by dumping as much security work as possible onto the FBI and law enforcement, and such a scheme requires that preventable problems be allowed to fester into criminal incidents.

    From the trenches I can say that being a merchant has been an interesting journey of disillusionment.

  2. the sad thing is that there isn’t enough of an incentive for corporations to protect the financial information in the first place. so many dollars spent on enforcement, so few dollars spent on prevention.

  3. dayjayvw says:

    I read this article because I’m a Marshalls shopper with OCD and now feel unsafe with every CC purchase now, virtual, retail, etc.

    Now what?