The paper itself (linked to in the article) is pretty accessible, and a good read. Interesting that they noted for their research, 93.18% of the requests were for pharmaceuticals.
As for the banks: Azerigazbank in Azerbaijan, St Kitts & Nevis Anguilla National Bank in St Kitts &Nevis, and Danish-owned DnB Nord in Latvia, there is some more interesting factoids in the actual paper:
"most herbal and replica purchases
cleared through the same bank in St. Kitts (a by-product of
ZedCash’s dominance of this market, as per the previous
discussion), while most pharmaceutical affiliate programs
used two banks (in Azerbaijan and Latvia), and software
was handled entirely by two banks (in Latvia and Russia)"
As well as the fact that most of the merchant codes were correct:
"For example, all of our software purchases (across all programs) were coded as 5734 (Computer Software Stores)
and 85% of all pharmacy purchases (again across programs)
were coded as 5912 (Drug Stores and Pharmacies). ZedCash
transactions (replica and herbal) are an exception, being
somewhat deceptive, and each was coded as 5969 (Direct
Marketing—Other)."
It does make one wonder if spam is a solvable problem.
DnB Nor, the largest Norwegian bank, just happened to buy a Latvian bank with customers dealing in the spam business. DnB Nor has stopped their engagement which these customers. Source: http://www.facebook.com/DnBNOR/posts/229307870419535 (in Norwegian).
Sure, but in the banking world "next easiest option" does not equal "easy option". Switching banks is considerably more difficult than switching hosts.
Plus, most banks are pretty traceable overall. They have document keeping requirements if they want to deal with other banks and governments. No bank is an island.
In an interview on NPR, the lead writer of the paper explained that while there's no shortage of banks willing to process spammers' transactions, they can take down a merchant account in a matter of hours but it takes days to set a new one up so, at least right now, the advantage would go to the defense. (If banks make setting up new merchant credentials near frictionless then we're back to square one. And we know we can't do anything about banks.)
The mainstream press would pick it up, and put a "big business is evil" spin on it. No way would they risk that, not with all the flak banks are getting right now.
If those 3 guys in charge are the bottleneck of Al Queda, then it's a serious blow to terrorism. But terrorist networks operate with independent cells, their bottleneck being more about resources and less about leadership. Freezing bank accounts, shutting down operations that are financing terrorism does a lot more good than the killing of Bin Laden.
In the case of spam, banks know when transactions are made for fraudulent products. For this whole industry to work you need their cooperation as online transactions are only possible through banks.
Take this away and I could see spammers in real trouble.
My hunch is that even if all banks magically cut off spammers in a hypothetical scenerio, the spam industry will figure out a way to collect payments, even if it means collecting cash.
Of course this may reduce their margins. But there is one cure for it: send more spam!
> Of course this may reduce their margins. But there is one cure for it: send more spam!
Actually, that's not true. The cost of sending spam is very low, but it is NOT zero. If the profits are lowered (by making payments difficult to collect) and the costs raised (by better blocking of mail, forcing botnets and such) until these cross, then spamming will become unprofitible. Then it will rapidly disappear.
Once killed off, like an infection it may STAY gone. The anti-spam infrastructure we have put in place over the years (spam filtering tools, blacklists of open relays, etc) would remain. The infrastructure (like affiliate programs) that supports the spammers would die off. That would make it MUCH harder for someone to begin spamming again.
then spamming will become unprofitible. Then it will rapidly disappear.
Unlikely. Spamming has already been less and less profitable over the years margin-wise to the point that for many spammers, it is actually not profitable. Yet, for every spammer that drops it because it is no longer profitable, another dozen n00bs join the trade.
The idea of killing a few key companies/guys will significantly lower spam is a sexy idea but little else, IMO. In short-term, getting rid of a key component that kills a third of spam may help. But it doesn't take a long time for someone else to fill in those shoes using different technologies/products/banks.
I actually dabbled in this industry for a little bit during my teenage years so I have some insights though some of it is obviously outdated. The only thing I am still confident of is that there are more spammers today and margins are lower than when I was messin with it.
Based on your personal experience, you may well know more about this industry than I do. But I certainly had the impression that, while spamming is LESS profitable today, that it still had a net-positive income flow. This impression came from sources like this: http://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamal... (admittedly, 3 years old).
A brief dip into unprofitability will not destroy the industry because (as you say) another dozen n00bs will join. But I believe that an extended period (say, a year or two) might kill it off -- the "n00bs" could not operate without the extensive infrastructure of tools and those WOULD be damaged or destroyed by unprofitibility.
Seems like a spam-banker blacklist could make a real dent if there are truly only three major players. The existence of only three major players suggests that there aren't a lot of banks lining up for this business ...
Everyone talks about how awesome Bitcoin is, but as Bitcoin becomes more popular, we're going to start getting a lot more spam, and it's going to be impossible to "follow the money".
Very interesting, but I'd really like a report that gave more than "implication[s]" on the question of whether other banks are reluctant to work with spammers.
Whether or not that is true now, if banks that were friendly from spammers found themselves suffering major penalties, this implication could be made true.
Unlike the other links in the spam problem, banks have the problem that they can only stay in business if they are seen as legit by legitimate banks, credit card companies, and the like. The same is not true for botnets (illegal), spammers (already breaking the law) or the manufacturers (as long as they have money, they can get supplies, and they are hard to regulate as long as their countries turn a blind eye). But if you're a would be Viagra purchaser, and your credit card won't let you purchase your Viagra, the spammer is out of luck.
Only if it actually stopped people buying things advertised in spam emails. That would probably need there to be a credible risk of getting caught when buying something advertised in a spam email. That seems awfully difficult: how are the police -- or whoever -- going to know you're buying something from a spammer? how could they prove it? why would they bother, given all the other crimes they could be going after?
Now, maaaybe making it illegal to by Hrebal Vigara would dissuade potential customers despite the negligible chance that they'd get into any trouble for it. But do you really think it would dissuade them enough to make much difference to the profitability of the spam? Doesn't seem at all likely to me.
Spammer are major annoyance. I have an obsessive compulsion to keep my email clean including my spam folder. Because I have to keep cleaning my spam folder, whenever I check my email, I loathe them with a passion, like of people here. HOWEVER, even with all these annoyances, this does not make spamming _illegal_ for bank to not extend them their services.
As for the banks: Azerigazbank in Azerbaijan, St Kitts & Nevis Anguilla National Bank in St Kitts &Nevis, and Danish-owned DnB Nord in Latvia, there is some more interesting factoids in the actual paper:
"most herbal and replica purchases cleared through the same bank in St. Kitts (a by-product of ZedCash’s dominance of this market, as per the previous discussion), while most pharmaceutical affiliate programs used two banks (in Azerbaijan and Latvia), and software was handled entirely by two banks (in Latvia and Russia)"
As well as the fact that most of the merchant codes were correct:
"For example, all of our software purchases (across all programs) were coded as 5734 (Computer Software Stores) and 85% of all pharmacy purchases (again across programs) were coded as 5912 (Drug Stores and Pharmacies). ZedCash transactions (replica and herbal) are an exception, being somewhat deceptive, and each was coded as 5969 (Direct Marketing—Other)."
It does make one wonder if spam is a solvable problem.