Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Visa has begun threatening banks that harbour spammer accounts in a move designed to crush the spam revenue model.
The initiative, described as a “major effort”, had been quietly underway since the start of the year and had already forced the closure of accounts held by major spam players.
Under the model, organisations who spot counterfeit products being sold by spammers can report the fraud to the International Anti-Counterfeiting Coalition, a task force composed of executives from corporations including Microsoft, Rolex and Apple.
The coalition would then investigate the compliant and refer the matter to Visa, which would then pressure the acquiring bank processing the spam transactions to shutter the accounts.
“Banking resources are drying up left and right,” Stefan Savage, a computer science professor at University of California and spam expert told SC Magazine Australia. “Merchant banks just roll over."
Savage led much of the work in fighting the economic model of spam. He said forcing banks to terminate spammer accounts targets a critical choke point in the spam revenue process and could destroy the current spam model.
“Acquiring banks have shown little effort to remove the accounts that spammers use,” Savage said. “They don’t care.”
Acquiring banks which process credit card transactions for spammers were identified in a study (pdf) led by Savage last year as the most significant choke point in the spam model.
Savage and a team of computer science researchers spent thousands buying about 120 spam products over a three month period in order to determine the nature of the spam revenue model. They identified that three banks based in Denmark, Azerbaijan, and the West Indies were responsible for processing credit cards used in 95 per cent of their spam transactions.
Precisely how Visa is threatening acquiring banks is not public, Savage said, but it is stern enough to see delinquent banks comply for the first time.
"It is promising, but it’s early days. People are now taking an approach that makes sense,” Savage said.
He said there were 15 steps required in the spam monetisation model, ranging from the creation of malware which harvests data, to processing victim credit cards.
Each step was critical to the model, but was also cheap and easy to replicate if disrupted. But while malware and web domains can be recreated, the point of transaction was the only step which could not easily be replicated, Savage said.
“We have been fighting this battle for a very long time … [Visa’s] effort is far more expensive (to spammers) and effective than anything else."
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.