[necubi]

> - how does fraud get monetised? Once i have downloaded my millions of credit card numbers from Tor (or stolen my friends mothers wallet) I need to persuade a merchant to deliver me something - but it's always bugged me that they actually have to deliver it. to a physical address. that can presumably be traced. It all seems very low level

(Disclaimer: I work for a competitor to Stripe Radar)

This is actually really interesting. An important thing to remember about fraudsters is that they're mostly professionals. Every day they wake up thinking "how do I get around anti-fraud systems." Many are located in jurisdictions that have poor enforcement for cyber crimes, so they're not necessarily worried about official action. However you're right that they do actually need to get the goods shipped without too many questions.

Two common strategies for this:

* You know all those "work from home for $100/hour" ads you see? Some are run by fraudsters who use those people as re-shippers. I.e., the website ships to some guy in the US, and that guy reships the good to the fraudster in Eastern Europe for a cut of the profit. If the fraudsters build up a nationwide network of reshippers, they'd be able to find one who lives close to the billing address of the card they're using.

* There's an even cleverer scam that goes like this: the fraudster creates a merchant account on Ebay or similar. They then select high-value goods available on other websites, say BestBuy, and list them for sale at a substantial discount. Then, when an unwitting customer buys the good from their Ebay store the fraudster places an order from BestBuy using a stolen credit card and has it shipped to the buyer. They get the money from the buyer, the buyer gets the goods, and nobody's the wiser until the chargeback comes in to BestBuy a month later.