An editorial in today’s New York Times follows up on an article ten days ago describing work led by UW CSE Ph.D. alums Stefan Savage and Geoff Voelker. Savage, Voelker, and 13 collaborators carry out an end-to-end analysis of the spam value chain, and determine that 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.
The New York Times editorial states: “The Times’s John Markoff reported that computer scientists at two University of California campuses have found another vulnerability: spammers’ banks. To track the flow of information, the researchers made hundreds of purchases. Buying Viagra from the Pharmacy Express group in Russia involved computers in Brazil, China and Turkey. The Viagra came from India. But 95 percent of the purchases were handled by three banks — in Azerbaijan, Latvia and St. Kitts and Nevis. This suggests that if banks or credit card companies refused to settle payments for some transactions with these banks, they could deliver a blow to the spam economy. After Congress moved to suppress online gambling, Visa and Mastercard blocked payments for American players. Similarly, Congress might require them to block, say, card-not-present pharmaceutical purchases on the grounds that it is illegal for individuals to import drugs. Though spammers might be able to change banks, the process would be cumbersome. The concentration of business in three banks suggests there aren’t that many willing to deal with spammers. It’s certainly worth pursuing.”