Report: Refusing Certain CNP Transactions Key to Stopping Spam

June 6, 2011

Since 95 percent of spam-advertised orders are cleared through only a handful of banks, researchers suggest that U.S. issuing banks refuse to settle CNP transactions from known spammers, according to a new report. A team of 15 researchers from University of California, Berkeley, University of California, San Diego, the International Computer Science Institute and Budapest University of Technology and Economics examined spam from the payments perspective , rather than the delivery that usually gets the most attention. The team made more than 100 purchases from spam-advertised Websites and found that just 13 banks handle 95 percent of spam transactions and just one U.S. bank (Wells Fargo). The majority of transactions were handled by three banks: Azerigazbank in Azerbaijan, DnB NOR in Latvia and St. Kitts-Nevis-Anguilla National Bank in the Caribbean. Applying pressure to the merchant banks to stop the spammers may not be feasible, according to the researchers, but another tactic may be. “Since spam is ultimately supported by Western money, it is perhaps more feasible to address this problem in the West as well,” the research team concluded in its paper. “To wit, if U.S. issuing banks were to refuse to settle certain transactions (e.g., card-not-present transactions for a subset of Merchant Category Codes) with the banks identified as supporting spam-advertised goods, then the underlying enterprise would be dramatically demonetized. Furthermore, it appears plausible that such a ‘financial blacklist’ could be updated very quickly (driven by modest numbers of undercover buys, as in our study) and far more rapidly than the turn-around time to acquire new banking resources—a rare asymmetry favoring the anti-spam community.”