Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Security researcher claims banks are key to killing rogue online pharmacies

The news comes hard on the heels of a UK couple claiming their autistic son took his own life after ordering prescription drugs from an Egyptian website, which authorities have since closed, Infosecurity notes.

According to Brian Krebs of Krebs on Security, unlicensed pharmacies create public health risks and confuse consumers who are looking for safe and reliable prescription medicines.

"Rogue pharma web sites are primarily advertised with the help of spam, malicious software, and hacked web sites. Curbing this drug dealing activity would promote both public health and internet users' safety" he says in his latest security wire.

"Recent findings highlight additional levers that policymakers could use to curb sales at rogue online pharmacies, by convincing the card-issuing banks to stop accepting these charges or by enacting legislation similar to that used to squelch online gambling operations", he adds.

Krebs goes on to cite figures from sales data apparently stolen from Glavmed, a Russian affiliate program that pays webmasters to host and promote online pharmacy sites that sell a variety of prescription drugs without requiring a prescription.

Data derived from the bank ID number - essentially the first six digits of a payment card number - shows that 15% of all Glavmed purchases were made by Bank of America cardholders.

However, the security researcher asserts, the task of blocking card transactions by the major banks may not be as easy as it sounds, as he cites Stefan Savage - one of the authors of key University of California study on the issue - as saying there is no shortage of smaller financial institutions willing to take on riskier transactions such as online pharmaceuticals.

"The issue is that it is not a cheap or quick transaction to set up a new banking relationship", Savage told Krebs.

"You need to meet these guys, Visa or MasterCard needs signed credentials for both you and the bank, and this process can take a week at light speed to set up", he said.

"So, even if you as a pharmaceutical organisation can change processors, you can't do it overnight. And on the flip side, it would take me seconds to figure out if a pharma organisation switched [processing] banks", he added.

"So, technically, if [card-issuing] banks were willing to adopt a blacklisting approach, there is absolutely no way these pharma outfits could keep up", he asserted.

What’s Hot on Infosecurity Magazine?