Suck it dump truck! Hate those things.

I'm not very familiar with the criminal enterprise behind credit card theft, but as far as I know:
1. Giving out your ICQ account number is just as risky as giving out any other instant messenger account name, meaning not at all if you use basic precautions. You can't be tracked by the account number alone because you signed up for it using a throwaway email address (hotmail/yahoo/gmail). And as long as you use a cheap/free anonymizing service like Tor when using your ICQ account, you can't be tracked by IP either.
2. I'm guessing that the guy collected a lot of credit card numbers via a phishing scheme or something along those lines, but doesn't really have the resources to capitalize on them. I mean, how would you get rich off of a thousand stolen credit cards? I'd maybe try to write a program to go around buying **** with them, but that's risky - a simple bug could land you in prison. The ideal setup would be similar to a gold-farming setup, where a bunch of sub-minimum-wage drones test out the credit cards that you've stolen. So the phishing guy sells his stolen credit cards to the credit-card-farming guy.

So why would anybody trust the phishing guy? Because they've worked with him in the past and he gave them a decent number of working stolen cards. This guy is either trying to establish a working relationship like that or, more likely, he's full of **** (either selling non-existent credit cards, or selling credit cards that have already changed hands a dozen times and are now worthless).

Sounds good. But what's wrong with just maxing out a couple of credit cards personally? If you've access to good data, it seems more reliable to just buy high-value, semi-liquid goods like jewelry than to try to sell the numbers. Assuming it's possible to do so without a high risk of being tracked, which I imagine it is or nobody would buy the damned things in the first place.

I read that most stolen credit cards are flagged almost immediately, because the thieves always buy the same things: two tanks of gas (one for you and one for your friend), and two pairs of shoes (one for you and one for your friend).

I think that a lot of things worth buying with a stolen credit card (e.g. jewelry) are likely to catch you on a security camera. Ideally you'd try using the cards away from home, but that's a lot of effort if you've got several cards to try out - you don't want to try more than a few cards in the same city because otherwise you'd potentially be on several security cameras in the same police district, but that means that you're going to be driving hundreds of miles to try out a dozen cards in different cities. And if you're a successful phisher then you might have over a thousand cards to try.

Online purchases are another way to go, but most online merchants require that the shipping and billing addresses match. I assume that the places that by a thousand stolen credit cards are mostly going the online route (it's not like they can use a thousand stolen credit cards in Nigeria or wherever), but that means that they'll probably be altering the billing addresses on the cards, which is difficult to automate (so you're back to the stolen credit card sweatshop).

In my intro computer security class (a horrible class which was required for my program but new students are no longer allowed to even take it for credit) the professor, who is awesome, showed us a bunch of stuff about how these credit card scams work. None of it was part of the curriculum of course but nobody cared.

There are a few different components to the operation:
1. Collecting the numbers
This is usually done by paying waiters to steal your number, but there are other ways. The numbers are then distributed via an IRC channel.

2. Conversion of card credit limits into objects of value
Websites known to have poor credit card security are then used to purchase expensive items online until the limit runs out. Scammers will scour the internet for websites which sell stuff and don't ask questions.

3. Shipping to a middle man
Scammers will send out pictures of hot ladies (typically some random foreign-looking model), pretending to be said hot ladies, promising to move to the United States or Canada (These two countries are almost always the location of the middle man iirc) if only they invest in the scammer's business and forward items received to a particular address, often in some third world country where the scammers are based. Items are purchased, shipped to the unwitting middle man, who forwards the packages often at his own expense to the *******s running the scheme. This patsy believes all the while that he is going to get a hot sexy new girlfriend if he keeps it up long enough.

4. Conversion of items to actual money
Upon arrival of the item in-country, the scammers pick it up and sell it at a massively discounted price because the stuff just ain't worth all that much in Nigeria. They have nothing to fear from the authorities, who, when they aren't corrupt to hell and back, don't have the resources or experience to attack this kind of crime.

ICQ still exists?

Who would have thought?

qft. i stopped using that when i was 13 and a fat, old man named randel said bad things to me.

dp

tp

My ICQ number is also my credit card number