I get a lot of hits on my blog for people searching for more information on "CardersMarket.com" so I thought I would put out some more information on it. Bruce Schneier blogged about an interview with a debit card scammer. To that post there were many comments but one of them was more important than the post itself.

It was posted by a British guy who writes that law enforcement (LE) does not have the proper connections with banks to curtail fraud. He argues that instead of working with the banks (who don't wish to disclose fraud) they set up fake carder sites.

Take cardersmarket.com

Here is a site hosted in Ft Lauderdale Florida. Matter of fact, its hosted right out of a guys house. Yet, LE refuses to shutter them. Instead, this site promotes vending of pins and numbers and paypals and ebays and so forth, all the while LE looks on at all the players.

LE claims they cant do anything to a site hosted on US soil. Yet, truth be told, its LE running the site just like they ran Shadowcrew. They build these sites hoping criminals will come to them and start trading. After a few years of victimizing and people from all over getting ripped off, they bust in and close it down and arrest a few token suspects. Then another site is opened up and the story is repeated over and over and over.

That is LE's way of trying to do something. However, LE is just enabling others to find a spot to trade, which in turn makes the data valuable. If you close the sites that trade the info, the data eventually loses its value because there is no buyers.

LE just wants to run crime sites so they can track it all. In order to run a crime site though, one must BE a crime site, therefore LE is involved in running crime sites unbeknowst to the general public.

The commenter, David Thomas a.k.a. "ElMariachi," puts in a plug for his book "Shadowcrew". I recommend reading the CanWest News series on their site (local copy).

Update: Credit card theft is a growing problem but it does not happen the way most people envision it.  It's not the lone hacker who goes it alone to compromise one site and sell the credit card numbers to fraudsters.

These days it's a network of carders who each have a specific role.  Roman Vega of Boa Factory fame was known for having lawyers, botnet owners, hackers, traffickers, and pushers all on staff.  These days the professional carder will knock over several merchants and store the information without using it for up to two years.  Once they have amassed enough information they join the databases together forming a master datasheet on peoples lives.

Once they join databases with your credit card number and others with your e-mail address they can perform 'spear phishing' where they send you a targeted e-mail, with your credit card number, asking for your PIN number.

The stories continues and become even more complex.