US Credit Card Fraud Props Up The Russian Black Market

Researchers have uncovered a complex web of shipment scams, which rely on US operators and stolen credit card information to provide goods fraudulently to customers in Russia.

Credit card fraud is big business. Data breaches at high-profile companies are becoming commonplace, and as data collection -- and theft -- surges, the sale of stolen information has become established as a business in its own right.

Unfortunately for victims that often bear no responsibility for such theft, this can lead to pillaged bank accounts and identity theft as goods are purchased using their funds for other purposes.

Large-scale criminal operations often rely on fraud to keep going. According to Hewlett-Packard Enterprise (HPE)'s security research analyst report, stolen credit card data is being used in "reseller" operations in areas where many US companies will no longer ship due to high levels of fraud -- such as Eastern Europe.

Items in high demand are purchased in the US using stolen information and then resold for cash through international scams made possible through the Internet.

Bypassing these corporate restrictions is important, and so cybercriminals will often find an intermediary able to receive the goods before they are sold on in other countries.

This intermediary part of the supply chain is of particular interest to HPE's researchers. In a study taking place between August 2015 and February 2016, the team found that reshipping websites are commonly used to maintain contact with "stuffers" -- those who use stolen credit card data in the United States to purchase items fraudulently -- and "drops," who often unwittingly will accept these products for reshipment across restricted areas, such as Russia and Ukraine.

Drops are most often recruited in the United States through email, where they later visit reshipment websites to be assigned their tasks.

"Bosses make their profits by selling high-demand goods in grey markets, realising high margins due to low acquisition costs," said the report, released recently.

"Admins make a cut of these profits by creating the website, recruiting drops, providing fraudulent shipping labels and selling the goods. Stuffers make their cut of the goods purchased typically as a percentage assigned to each product type."

Most drops are located in the US however Germany is also impacted by such schemes. Everything from consumer electronics to clothes and toys are purchased online by stuffers.

While a number of the reshipping websites have only been in operation for a few months, business is booming. HPE found that despite this short time frame, hundreds of drops have taken place, leading to thousands of products already being purchased using stolen information before shipment.

People seeking a "work from home" setup are most often recruited. They may be promised a base monthly pay or as cash-per-package. Often, however, the stuffers are scammed and no payment is ever made, bumping up the profit margins of the cybercriminal operator -- who makes every effort to appear legitimate to recruit staff.

In short, not only are the victims of credit card fraud left potentially out of pocket, but the mules which support the underlying structure of the scam through their efforts under the belief the work is a legitimate enterprise receive nothing, either.

"Spotting these fraudulent transactions can be difficult as they often occur soon after a card is breached and before the issuer is able to shut down the card number," HPE says. "HPE Security Research advises retailers to monitor for this activity and stay aware of scam operations such as these, as the operations in turn evolve their tactics to avoid detection and maximise profit."

ZD Net

 

« FBI Calculate $2.3 Billion Lost In CEO Email Scams
Hackers-For-Hire Services Booming »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.