Cybercriminals who specialize in payment card fraud can verify the validity of stolen data by using an automated tool which conducts transactions on the websites of non-profit organizations, researchers at PhishLabs reported on Friday.
The card data verification service relies on a bot developed in the Perl programming language and an IRC channel. Fraudsters can use the IRC channel to communicate with each other, while the verification process takes place via private messages.
Once they log in to the IRC channel, cybercrooks must simply send a private message containing credit card numbers, cardholder names, and expiration dates to a moderator by using a special input syntax. The bot monitors messages and when the specific syntax is identified, and then conducts a transaction on the website of a charity or a non-profit organization. The fraudsters are then provided with transaction details from which they can learn if the stolen card data is valid, researchers said.