

A way to take out spammers? 3 banks process 95% of spam transactions - stonemetal
http://arstechnica.com/tech-policy/news/2011/05/a-way-to-take-out-spammers-3-banks-process-95-of-spam-transactions.ars

======
nowarninglabel
The paper itself (linked to in the article) is pretty accessible, and a good
read. Interesting that they noted for their research, 93.18% of the requests
were for pharmaceuticals.

As for the banks: Azerigazbank in Azerbaijan, St Kitts & Nevis Anguilla
National Bank in St Kitts &Nevis, and Danish-owned DnB Nord in Latvia, there
is some more interesting factoids in the actual paper:

"most herbal and replica purchases cleared through the same bank in St. Kitts
(a by-product of ZedCash’s dominance of this market, as per the previous
discussion), while most pharmaceutical afﬁliate programs used two banks (in
Azerbaijan and Latvia), and software was handled entirely by two banks (in
Latvia and Russia)"

As well as the fact that most of the merchant codes were correct:

"For example, all of our software purchases (across all programs) were coded
as 5734 (Computer Software Stores) and 85% of all pharmacy purchases (again
across programs) were coded as 5912 (Drug Stores and Pharmacies). ZedCash
transactions (replica and herbal) are an exception, being somewhat deceptive,
and each was coded as 5969 (Direct Marketing—Other)."

It does make one wonder if spam is a solvable problem.

~~~
uggedal
DnB Nor, the largest Norwegian bank, just happened to buy a Latvian bank with
customers dealing in the spam business. DnB Nor has stopped their engagement
which these customers. Source:
<http://www.facebook.com/DnBNOR/posts/229307870419535> (in Norwegian).

------
bmcleod
Unfortunately it's likely the spammers are simply going with whichever bank is
easiest to work through.

Any changes will just cause them to move to the next easiest option.

~~~
JacobAldridge
Sure, but in the banking world "next easiest option" does not equal "easy
option". Switching banks is considerably more difficult than switching hosts.

~~~
tibbon
Plus, most banks are pretty traceable overall. They have document keeping
requirements if they want to deal with other banks and governments. No bank is
an island.

~~~
pavel_lishin
Not even <http://www.bankoftheislands.com/> ?

------
staunch
Credit card processors love the money but will absolutely shut down people
based on bad PR.

If TechCrunch published a monthly list of what spammers are using what credit
card processors/merchant banks they'd put a huge dent in the business.

~~~
ori_b
I'm not sure that enough "normal" people would read TechCruch for credit card
processors to care. But it would be a good start, at least.

~~~
gaius
The mainstream press would pick it up, and put a "big business is evil" spin
on it. No way would they risk that, not with all the flak banks are getting
right now.

------
eli
Sure, just like if you take out the 3 guys in charge of Al Queda, you would
end terrorism.

~~~
bad_user
If those 3 guys in charge are the bottleneck of Al Queda, then it's a serious
blow to terrorism. But terrorist networks operate with independent cells,
their bottleneck being more about resources and less about leadership.
Freezing bank accounts, shutting down operations that are financing terrorism
does a lot more good than the killing of Bin Laden.

In the case of spam, banks know when transactions are made for fraudulent
products. For this whole industry to work you need their cooperation as online
transactions are only possible through banks.

Take this away and I could see spammers in real trouble.

------
zaidf
My hunch is that even if all banks magically cut off spammers in a
hypothetical scenerio, the spam industry will figure out a way to collect
payments, even if it means collecting cash.

Of course this may reduce their margins. But there is one cure for it: send
more spam!

~~~
mcherm
> Of course this may reduce their margins. But there is one cure for it: send
> more spam!

Actually, that's not true. The cost of sending spam is _very_ low, but it is
NOT zero. If the profits are lowered (by making payments difficult to collect)
and the costs raised (by better blocking of mail, forcing botnets and such)
until these cross, then spamming will become unprofitible. Then it will
rapidly disappear.

Once killed off, like an infection it may STAY gone. The anti-spam
infrastructure we have put in place over the years (spam filtering tools,
blacklists of open relays, etc) would remain. The infrastructure (like
affiliate programs) that supports the spammers would die off. That would make
it MUCH harder for someone to begin spamming again.

~~~
zaidf
_then spamming will become unprofitible. Then it will rapidly disappear._

Unlikely. Spamming has _already_ been less and less profitable over the years
margin-wise to the point that for many spammers, it is actually not
profitable. Yet, for every spammer that drops it because it is no longer
profitable, another dozen n00bs join the trade.

The idea of killing a few key companies/guys will significantly lower spam is
a sexy idea but little else, IMO. In short-term, getting rid of a key
component that kills a third of spam may help. But it doesn't take a long time
for someone else to fill in those shoes using different
technologies/products/banks.

I actually dabbled in this industry for a little bit during my teenage years
so I have some insights though some of it is obviously outdated. The only
thing I am still confident of is that there are more spammers today and
margins are lower than when I was messin with it.

~~~
mcherm
Based on your personal experience, you may well know more about this industry
than I do. But I certainly had the impression that, while spamming is LESS
profitable today, that it still had a net-positive income flow. This
impression came from sources like this:
[http://www.icsi.berkeley.edu/pubs/networking/2008-ccs-
spamal...](http://www.icsi.berkeley.edu/pubs/networking/2008-ccs-
spamalytics.pdf) (admittedly, 3 years old).

A brief dip into unprofitability will not destroy the industry because (as you
say) another dozen n00bs will join. But I believe that an extended period
(say, a year or two) might kill it off -- the "n00bs" could not operate
without the extensive infrastructure of tools and those WOULD be damaged or
destroyed by unprofitibility.

------
dwlathrop
Seems like a spam-banker blacklist could make a real dent if there are truly
only three major players. The existence of only three major players suggests
that there aren't a lot of banks lining up for this business ...

------
jrockway
Everyone talks about how awesome Bitcoin is, but as Bitcoin becomes more
popular, we're going to start getting a lot more spam, and it's going to be
impossible to "follow the money".

~~~
nasmorn
You know bitcoin has gone mainstream when spammers accept it for fake viagra.

~~~
jrockway
Actually, when the porn sites accept it, you know it's mainstream. That would
be a nice way to end all the recurring billing bullshit.

------
Semiapies
Very interesting, but I'd really like a report that gave more than
"implication[s]" on the question of whether other banks are reluctant to work
with spammers.

~~~
btilly
Whether or not that is true now, if banks that were friendly from spammers
found themselves suffering major penalties, this implication could be made
true.

Unlike the other links in the spam problem, banks have the problem that they
can only stay in business if they are seen as legit by legitimate banks,
credit card companies, and the like. The same is not true for botnets
(illegal), spammers (already breaking the law) or the manufacturers (as long
as they have money, they can get supplies, and they are hard to regulate as
long as their countries turn a blind eye). But if you're a would be Viagra
purchaser, and your credit card won't let you purchase your Viagra, the
spammer is out of luck.

------
tomjen3
The best way to end this is to make it illegal to buy things advertised in a
spam mail. This would absolutely kill their margin.

~~~
gjm11
Only if it actually stopped people buying things advertised in spam emails.
That would probably need there to be a credible risk of getting caught when
buying something advertised in a spam email. That seems awfully difficult: how
are the police -- or whoever -- going to know you're buying something from a
spammer? how could they prove it? why would they bother, given all the other
crimes they could be going after?

Now, maaaybe making it illegal to by Hrebal Vigara would dissuade potential
customers despite the negligible chance that they'd get into any trouble for
it. But do you really think it would dissuade them enough to make much
difference to the profitability of the spam? Doesn't seem at all likely to me.

------
random42
Spammer are major annoyance. I have an obsessive compulsion to keep my email
clean including my spam folder. Because I have to keep cleaning my spam
folder, whenever I check my email, I loathe them with a passion, like of
people here. HOWEVER, even with all these annoyances, this does not make
spamming _illegal_ for bank to not extend them their services.

