Preface | The Verdict | Details | Pacific Bank | e-Commerce | Spammers | Links | History | Dsclaimer

Preface

This site was actively maintained in late 1998 and early 1999, but it has not been updated since. I have received commentary from expert sources pointing out some technical errors in my description of how the industry works, but the crush of time and other obligations does not allow for active maintenance. I continue to receive notes of appreciation, however, so I am keeping the document up for the ongoing benefit it seems to provide.

These scams continue, at least through 2002 ^[14]! The exact same frauds, but with larger amounts of money. Some of the same names associated with the 1998 NetFill scandal are associated with the 2002 frauds (see http://www.doublebillers.com/)!

Eventually the public will figure out that only Visa/MasterCard can fix the problem -- but that will take a while. We may have to wait for campaign finance reform before we'll see any serious governmental action.

BTW, I often hear from vendors telling me how they also are victimized by failure of Visa/MasterCard and their franchisees to fix their security problem. Although this site is oriented to customer-victims, the problem is no less severe (or even greater) for vendor-victims. The main thing I can tell them is too support use of American Express.

And it goes on and on ...

This web page is largely archival, but after at least four years of the banks (with the possible exception of AMEX) failing to implement well-known solutions I think it's interesting to add occasional links to ongoing scams.

• http://www.doublebillers.com/
• Massive credit card heist suspected, 9/13/2002
  • Slashdot 60,000 Credit Cards Numbers Stolen Online
• ‘Brute force’ card thieves attack 4/23/2002

Introduction

Over forty million dollars. Somewhere around 900,000 victims across 22 countries. The biggest credit card fraud ever. Fraudulent credit card transactions generated using adult web site merchant accounts.

A fascinating story, but not as new as one would think. Since this web site was first created in December of 1998, when I learned I'd had 6 months worth of fraudulent transactions on a business Visa card, I've learned that this type of fraud has been going on for years. Criminal merchant account holders collude with shady banks and transaction processors -- it's an old story that predates the Internet.

What's new is the ability to run this scam across the entire world, and to attack hundreds of thousands of victims in a very short period of time. The Internet has given an old scam new legs. It has exposed the smoldering weaknesses in our credit card processing system.

This site is dedicated to chronicling this fraud, and to focusing attention on important weaknesses in our banking, credit card, and e-commerce systems. Although I focus on the particular scam I was victimized by, the information here will be of interest to anyone who has been victimized by similar frauds or who wants to see e-commerce succeed.

J K Publications (alias Webtel, Netfill, etc) ran a sizeable fraud, somewhere in the range of 40-50 million dollars, distributed across about 900,000 credit cards in small recurrent charges ($20 US). JK Publications' front companies generated about a third of all customer complaints at one major credit card company in late 1998.  Their merchant accounts had a 'chargeback' rate 100 times the national average; each time a merchant account was closed by the credit card companies, they opened a new one. In late 1998 they alone accounted for 4% of all Visa chargebacks.

The JK Publications fraud operated under a number of business names. Court filings by the US Federal Trade Commission refer to 3 principals. Prior to the filings, from Dec 4-20, 1998 I and many contributors working togother over the Net, identified front companies involved in this operation. We also identified an individual, Ken Taves, (KT) who appeared to be active in all of the front companies, and a few others besides. Since that time KT has been named in a public inditement by the Federal Trade Commission (FTC). His career is described in more detail in two LA Times articles, this fraud has been well covered in the August 1999 issue of Scientific American.

J K Publications was aided in this fraud by the actions of Charter Pacific Bank (San Fernando Valley, California, see InterNic entry and more below). According to an LA Times story reporting on FTC investigations (Jeff Leeds, 9/11/99) CP Bank sold Ken Taves about 900,000 (90%) "of the credit card numbers that he allegedly used to run up $45.7 million in mostly bogus charges against consumers worldwide". ^[12] CP Bank also held J K Publications various merchant accounts, and kept them operating even as complaints mounted.

Apparently the bank made millions processing credit card transactions for adult industries. In addition to numbers harvested from the adult entertainment business, they also sold numbers from the two-third of the bank's 250 merchant accounts belonging to other merchant accounts including mail-order firms and retailers.

In addition to persons who'd used their credit cards online (some who'd used them to buy adult materials, most who had not), victims included persons who'd never used their credit card anywhere!

Leeds' article also confirmed one of the main allegations of this page -- that banks and processors often accept transactions that lack key identifiers, such as expiration dates and card holder name. The credit card number alone will suffice for small transactions.

A few sad lessons have been learned during this investigation. The banks who manage the credit cards have treated many of the victims fairly poorly. The processors who manage transactions do not have the technology for even trivial validation of transactions. There are some pretty crooked banks out there. Prosecution for this type of fraud is rare. Visa/MasterCharge, who have the ultimate authority, are not coordinating anti-fraud activities and are not providing the technology for a better transaction system. Existing credit card anti-fraud sanctions move extremely slowly, allowing a company to generate fraudulent transactions for at least a year.

Lastly, the companies allegedly involved in this fraud manage transactions for "adult" (pornographic web sites). I sympathize with employees who have been accused of using corporate credit cards to purchase pornography (several reports). I am willing to correspond with employers who have any further questions.

I can't answer all the email I receive directly, but I try to answer questions through additions to this page. I do read all the messages.