Bullet-Proof Credit Card Processing

Monday, January 25, 2016 - 10:30am11:00am

Damon McCoy, New York University


There is a thriving ecosystem of online counterfeit websites that utilize abusive spam based advertising and compromised websites to promote their websites. Third-party entities, who I call rogue payment facilitators, have emerged that offer bullet-proof credit card processing services to online merchants selling trademark infringing goods, such as counterfeit electronics and luxury goods. These bullet-proof credit card processing services have become essential for the continued profitability of these abusive online merchants as brand holders have intensified their efforts to disrupt the credit card processing abilities of online counterfeit shops with the assistance of the International AntiCounterfeiting Coalition (IACC) and law firms.

In this talk, I will first describe the process of disrupting counterfeit credit card processing which involves placing a test purchase with an online counterfeit website to trace the merchant account accepting payments and then filing a complaint with the card holder association, such as Visa or MasterCard. This need for a test purchase to identify the merchant account has led to the rogue payment processors building systems that attempt to filter test purchases while allowing actual customer orders to complete. These systems are often built out of a combination of traditional anti-fraud systems that block suspicious purchases and custom blacklists that are shared between rogue payment facilitators.

Damon McCoy, New York University

Damon McCoy is an Assistant Professor of Computer Science and Engineering at New York University. He received his Ph.D. in Computer Science from the University of Colorado, Boulder. His research focuses on security and privacy measurements of deployed systems. Currently his primary focus is on online payment systems, economics of cybercrime, automotive systems, privacy enhancing technologies and censorship resistance.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {206252,
author = {Damon McCoy},
title = {{Bullet-Proof} Credit Card Processing},
year = {2016},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = jan

Presentation Video