A recent post made by security industry blog KrebsonSecurity posted an incident regarding the “‘BLS Weblearn’ Credit Card Scam”.
Earlier this month KrebsonSecurity received complaints from a large number of cardholders regarding fraudulent charges associated to soft descriptors ‘BLS* Weblearn’ and ‘PLI*Weblearn’. The charges placed were for small amounts, under $15.
The PSP which provided the payment service to Weblearn was BlueSnap (Formerly known as Plimus), to which the BLS* and PLI* descriptors are associated with. Witnessing numerous contradictions to KrebsonSecurity’s report in regards to BlueSnap, which include an affiliation with payment processor Credorax, Payment Magnates reached out to BlueSnap CEO Ralph Dangelmaier to get a better understanding on what exactly happened.
Below is the official statement made by BlueSnap CEO Ralph Dangelmaier:
We boarded a merchant for a trial period. The merchant sold online training tools and it appeared during that trial period that the merchant was compromised by an “affiliate” who sent through suspected fraudulent transactions.
As soon as we saw this, we quickly reacted by terminating the merchant, and immediately refunded what we thought were the fraudulent transactions.
The processing period with the merchant only lasted about 3 weeks before they were terminated.
During this period we completed a purchase of the product and used the product to review the contents and shopper experience.
We can’t get into more details because this is also a legal matter that has been taken up with the authoritie
What further steps are we taking:
We’re glad we caught this quickly, and we’re currently reviewing our entire risk process to assure we catch this kind of malicious behavior as early as possible.
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
We take our merchants security very seriously, and as always are working with all of our merchants to assure that nothing like this happens again.
Setting the Record Straight:
Other information, which was misleading in the Krebs on security report
We have and have never had any association with Credorax.
Plimus was acquired by investors in the end of 2011. They brought in an entirely new management team. We cannot comment on anything that occurred at Plimus prior to then
We rebranded from Plimus to BlueSnap early last year, to eliminate customer confusion regarding two brands and to coalesce under a single, cohesive, clear brand.
In regard to the class action lawsuit – We have no involvement with merchant marketing. We strictly focus on payment processing.
In regard to the comment from Damon McCoy:
Damon McCoy, an associate professor of computer science at George Mason University, allowed that the bogus charges coming from BlueSnap’s payment network could be little more than abuse generated by a handful of bad guys who just happen to be using the company’s network. Then again, McCoy said, Plimus has long been associated with these schemes.
“Plimus has been doing processing for criminals for a while,” McCoy said. ”Most of it seems to have been on the criminal-to-criminal side of payments.
We have no records of ever speaking to him and believe it is irresponsible to comment on our business which is this inaccurate
BlueSnap did not immediately respond to requests for comment. I will update this story in the event that they do.
Unfortunately the reporter did not contact us until after he released this blog.