back to article How scareware scumbags avoid getting flagged by banks

A study of cybercrime economics shows that peddlers of rogue antivirus scams rely on legitimate banks to run their businesses, carefully ensuring that the volume of chargebacks they incur stay just on the right side of being flagged-up as obviously fraudulent. Researchers from the University of California in Santa Barbara …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Why ?

    I really can't understand why the bank's can't just block these transactions? Just as the phone companies never seemed to be able to block the spurious phone charges run up by auto dialers?

    I know that the companies own interests kick in here, in the case of the credit card company the percentage rake back from the vendor, just as the phone company would get a percentage of the phone call before passing onto the auto dialer. But .......

    1. Fred Flintstone Gold badge

      It's not that easy..

      The problem is that you are asking a bank or credit provider to ask as judge and jury, with all the resultant liabilities. The argument that "they make money anyway" is actually not valid for the company providing the credit line as a refund process costs a lot more than an actual transaction brings in revenue.

      There is also another problem: those who *are* in the position to do something about fraud centrally are exactly the ones who will not do so - the card network (VISA; Mastercard; AMEX et al). Because here you are right: they make a profit on every transaction, fraudulent or not. They don't suffer the cost of fraud - they just elevate transaction costs to offset the loss.. That's the main reason why I will never go even close to any RFID (NFC) based payment service - they don't care that you can read that chip from a good 30m if you have a decent transceiver and aerial..

      1. MyronC

        Do we want payment processors judging this?

        Everyone freaked out when payment processors 'chose' (after governmental pressure) to stop working with WikiLeaks, is this much different from a procedural standpoint? We know who's a scam and who's not, but does that mean that the CC companies will, and will be able to reliably distinguish between the baddies and just normal operators?

        1. Mike Row

          "Government pressure" NO. "Accountablitly to legitimate customers" YES

          Your argument is an example of the current behavior of these self interested . pocket lining greedy bastards. Screw their customers as long as they get their cut.

          First accountability to the stockholders instead of the customers is the underlying flaw in modern economics. (emphasis on LYING).

          It is simply the institutionalization of the old monarch mandated "monopoly" system but without cutting in the monarch (screw him too!)

          The banking/finance industry constantly advertises they are doing things for You their customer.

          Bullshit. If they were they would have done somthing about this problem a long time ago.

          As another poster noted. They know how to recognise this type of fraudwithout some outside group doing a study for them.

          I worked with a guy in the phone industry in the USA who developed a method to detect fraudulent calling card charges ON THE FIRST CALL. It worked so well the manufacturer of the switching equipment invited him to their facility to educate them on it.

          So YES I expect they should be looking for this type of fraud. For the benefit of their customers who are paying them to perform AND protect their transactions.

  2. Tony Paulazzo


    >To avoid this, support personnel for scareware firms occasionally give refunds – but only up until the point their rate of chargebacks has dropped again<

    Well surely a recurring pattern of refunds as the chargebacks approach red overload makes it obvious something is amiss. After all, all financiers are math heads and the big thing about numbers is seeing patterns in the chaos. But of course, the banks make money out of every conceivable transaction (£20 for a letter), so of course they're going to ignore a successful company, even if their job is fleecing people... Sorry, confused bankers with 'scareware scumbags' - fnord.

    1. horse of a different colour


      == Only a minority – estimated at one in 10 users – of the 2.3 million purchasers of fake antivirus software during the two-year study ever complained. An even smaller percentage tried to initiate a chargeback ==

      Presumably if banks began to profile chargeback activity, fraudsters could refund all chargebacks. Question is, do they stop being fraudsters at that point?

      1. ArmanX

        That's what I'm wondering...

        If greater than 90% of customers never ask for a refund... giving a refund to anyone who asks is good business sense. Never mind not having to track chargebacks at that point, you'll have 'good customer relations,' and might even get an award...

    2. Fatman

      RE: Sorry, confused bankers with 'scareware scumbags'


      Aren't they one and the same?? (More likely if you took "scareware" out of the description.)

  3. John G Imrie


    The researchers argue that credit card networks ought to do more to detect patterns of chargeback activity that are the hallmark of scareware firms, and to take action to protect both consumers and the overall integrity of financial service networks.


    Why would the banks want to do this when they are making so much money?


    The only way to change the banks behavior is to make the cost of doing business with these scamers more expenditure than not doing business with them.

  4. Anonymous Coward
    Anonymous Coward

    Ya wanna bring the banks to heel on this issue?

    File a class action lawsuit against them in one them thar Texas towns.

  5. nyelvmark

    You see? - The software works.

    Over 90% of people don't complain it, so obviously it's good for them. Why doesn't it work for you? You've got to BELIEVE in it, that's why.

    Homeopathy cures, anyone?

    1. Paul Crawford Silver badge

      @You see? - The software works

      Maybe the fake AV disabled McAfee & Norton? So the user fells their PC is suddenly faster and healthier...

  6. Anonymous Coward

    The other question:

    How do you tell a fake antivirus company from a real one?

    1. Anonymous Coward
      Anonymous Coward

      simple answer

      I assume the Fake AV companies don't come back every year demanding more money for bad coverage. Sounds like getting a refund from these guys is easier than the big AV companies.

    2. Mike Row

      Because the fake ones actually remove the virus.

      And don't ask you for any more money.

      Hmmmm. Doing for the customer EXACTLY what you told them you would do and what you charged them for?

      Now I'm CONFLICTED!!!!!!

This topic is closed for new posts.

Other stories you might like