Interview With A Financial Vampire
There’s a lot of money in stolen credit cards. Fraud magnate Bern Ersell declined to tell PYMNTS exactly how much, but he did give a virtual tour of his international fraud syndicate.
The tour ran the gamut: risk estimation, revenue forecasts, investors, partners, scaling, bad employees and honor among thieves. But the most surprising thing was this: Ersell manages his operation’s finances like any other CFO would for any other business, and his associates, criminal or not, seem to play by the rules.
As you can imagine, we had a lot of questions, which Ersell did his best to answer — without, of course, compromising the identity of his syndicate or any of the players within it. The conversation is excerpted below.
PYMNTS: So, you’re the CFO of a fraud syndicate, and your business is dealing in the economics of stolen credentials and financial information. The portfolio of assets you are managing on your balance sheet — is that credit cards, is that personal information, is that Social Security numbers? What are the line items?
Bern Ersell: From a profitability perspective, we have a lot of options, and we’ve chosen the ones with a lower degree of risk and a higher propensity to scale. Stolen financials are the “snatch-and-grab” category of online fraud.
We’re not really into account takeover. That’s more sophisticated and time-consuming, although it does have the potential for higher rewards. Our service in the market is stolen financials: We sell stolen credit card credentials and the related information that’s needed to buy and then sell goods on a large scale.
PYMNTS: Describe your workforce. Are they for-hire? Part of other syndicates? Do you control what they do, or do they come to you with their goods, and then you buy them and then resell them?
BE: This is the gig economy. Employee loyalty is an outdated idea.
We recruit based on a specific skill set. We have largely young men on our team, some more experienced than others. Many of our agents are in their late 20s and skilled when it comes to computers and networks.
PYMNTS: So what makes these gig economy workers that you’re buying products from “low risk,” or how do you know who will give you the best stolen financials?
BE: The low risk is in the portfolio, not in the agents.
The value for stolen cards ranges from $2 to $30, depending on how much related information is available with it. For $2, you just get the number, and those usually get bounced out immediately. If you run a few thousand of those, it starts to threaten your anonymity. It makes my agents more known for activity that just looks wrong — it’s not like normal consumers.
For $30, you’re getting a card that comes with not just a number, but an expiration date, a CVV code, a name and a billing address. That’s something you can use multiple times and achieve a lot of payback.
That being said, there is honor among thieves — there is credibility. There’s always the risk that the product we’re getting is inferior, but with the volume we do, we’ve established the right pricing and the right suppliers based on performance.
PYMNTS: How do you forecast your revenue? How do you know how much a $30 card is going to return?
BE: You don’t. Even the $30 investment on the higher end of the credit card spectrum isn’t a one-to-one match. Sometimes you won’t be able to secure a purchase due to a particular merchant’s fraud prevention. But, if you’re strategic, you can get the most out of the cards that do go through.
Apart from the obvious products which we can liquidate quickly, such as gift cards, our associates focus on related product areas to build an inventory of “sellable” goods they know we can liquidate quickly for near full value, and “reliable” merchants from whom they are confident their orders will be approved.
A fundamental challenge we face in the stolen financials business is the mismatch of shipping and billing addresses for our orders. While we pay a little extra to ensure our credit cards have a perfect [address verification system] AVS match and our infrastructure ensures we can place the IP address close to the billing address, we have very few options for matching the shipping address to the cardholder’s billing address.
With this in mind, let’s look at the numbers from two ends of this spectrum: toys and high-end sneakers.
Since higher end toys are often gifts, we have a much higher likelihood of getting our orders approved with toys than in many other categories. Let’s take the extremely popular BB8 droid with the Force band which allows for “Jedi-like” control over this little rolling robot.
Thanks to Disney, Star Wars is massive around the world and children everywhere dream of such a toy. In fact, this toy sells for more in India and China than it does in the U.S., and there are plenty of parents who can afford this futuristic toy for their tech-savvy children.
We acquired a credit card to purchase the BB8 for $20.
Since this toy retails between $120 and $200, our associate expects to successfully order 10 BB8’s before we reach the credit limit on this card or the card’s billing cycle expires and the cardholder reports our fraudulent purchases.
To liquidate quickly but without raising suspicion, we’ll sell these toys at the lower end of their price range for net $120 each. So that’s $1,200 worth of revenues.
For each toy, we need to split the sale price with our “drop” location since they are receiving and reshipping the product for us. So that costs us another $600.
While we’re using 10 BB8s for our calculation, what’s more likely is the acquisition of 10 toys with a similar selling price though not too many of the exact same product to avoid suspicion.
So, conservatively speaking, our initial $20 investment yields $580 in gross profits, or a return on investment of 2,900 percent.
On the other end of the spectrum are high-end men’s sneakers, and most merchants won’t ship orders where billing and shipping addresses don’t match. Since we want sneakers that we can resell quickly, let’s look at the extremely popular Adidas Yeezys in collaboration with Kanye West. These are hard to get and are thus easy to sell. For this reason, we would prefer these over the even higher-priced Nike Air Jordan Retros.
We acquired a credit card to purchase Yeezys for $20.
Since these sneakers retail between $1,200 and $1,500 and are available in very limited quantity, our associate expects to successfully order only one of these before we reach the credit limit on this card.
We’ll sell these for $1,200 to ship them out immediately.
Again, we need to split the sale price with our “Drop” location so that costs us $600.
So, our initial $20 investment again yields $580 in gross profits, or a return on investment of 2,900 percent. What’s different is the likelihood of our first associate acquiring 10 toys that sell for $120 each versus our second agent’s ability to successfully order even one high-end men’s sneakers.
Most of the time, our agents acquiring the lesser priced products in higher quantities are securing our revenues and margins. I also like the predictable nature of these revenues instead of the bigger hits and misses of higher end goods.
PYMNTS: Do you need to have lots of $30 cards in order to get your $300? The scale isn’t just one $30 card nets you $300 every time – maybe you need 1,000 of them and only 200 are successful.
BE: So let’s say the average associate gets one out of five cards to go through. The total investment cost at that point is $150. The mule is only paid on the one that went through. Now you’re at a $500 cost for a $700 sale. The return on investment isn’t that great. Our goal is to succeed more often than that.
PYMNTS: Do you have specialists who focus on certain products or merchants?
BE: Absolutely. Over time our associates become experts in which products will sell for how much in varying markets and they gain increasingly better knowledge of which merchants are more and less likely to ship goods with a billing and shipping address mismatch.
PYMNTS: Why is this such a good business? It’s kind of like playing roulette.
BE: In the higher-end products, it may seem that way, but for lower-ticket items, the likelihood of actually securing the purchase is much higher. Plus, the agent could be trying to make 30 to 100 different purchases with that same card just to see what works. We want to secure as many purchases as we can because we want to scale, so we choose a product that is very in-demand. And, when our stolen credentials get through the merchants, at that point, we want to complete as many purchases as possible before the original cardholder notices activity on their credit card statement that would lead them to report the card. At that point, then the investment is terminated.
PYMNTS: How do agents fall out of favor? Do you ever worry that they’ll squeal on you?
BE: Same as any business, our agents fall out of favor due to failure on the job and outright bad employee behavior, like stealing from the corporation.
Failure in this business means being sloppy; it means making a mistake that merchants notice and reducing our transactions. An agent making 30 purchases from the same IP address using 30 different cards? He’s not spreading it properly, and as a result, he didn’t just burn that credit card and IP address, but also established a pattern that can be used against us. It’s a rookie mistake.
The other mistake agents make is being too impatient and trying to buy five expensive items all at once. I get it — they’re working off commission, so they want to make as much as possible as soon as possible and guarantee their income early in the month. But if they were more patient, we could have gotten two or three transactions out of that card and secured more items.
PYMNTS: How big is your syndicate?
BE: I can’t share our exact financials, because we’re privately held. I can say that we’re investing tens of thousands of dollars on credit cards on a regular basis. If you think about the return, it’s hundreds of thousands per month, and soon we’ll be over the million-dollar mark so we can afford even better services.
We’re not in the early stages. We’re past the most rapid growth. But there’s still a lot of demand. What we’re doing is not in any way commoditized.
PYMNTS: Do you pay your suppliers, agents and shippers in dollars or Bitcoin?
BE: If we’re buying from newer sources, Bitcoin is preferable because we don’t know who we’re dealing with. But once you know someone well, you can do everything in cash. Bitcoin values fluctuate and it can cost a lot more to do it that way.
Plus, you don’t even have to go on the dark web to buy stolen credit card credentials today — people are selling them on the internet. The added complexity and cost of operating in Bitcoin is more reserved for things like illegal weapons and drugs.
What we do, stealing credit card information — it’s almost become a “lite” crime today.
That concludes PYMNTS’ interview with fraud magnate “Bern Ersell.”
As a matter of fact, Bern Ersell is a fabrication of Sourabh Kothari based on his study of dozens of international fraud syndicates. Kothari is the director of merchant advocacy at Signifyd, a San Jose, California-based software company focused on consumer fraud protection and chargeback prevention in eCommerce. Having dealt with a few fraud syndicates in his day, Kothari knows how “Ersell” would have answered our questions.
Signifyd and PYMNTS jointly produce the Global Fraud Index, which includes detailed information about stolen financials and what’s trending in the world of eCommerce fraud today.
While high-value orders — especially jewelry, precious metals and consumer electronics — remain extremely vulnerable categories, the Index shows that since Q1 2016, fraud overall has gone down by 34.7 percent. It looks like the industry is starting to put the pressure on syndicate CFOs like Bern Ersell, but it still has its work cut out. Find out which strategies can keep these financial vampires at bay in our next discussion with Kothari.