[wolco]

That's a useless hack at the time. You could generate your own credit card numbers back then using a formula. The name/expiry date or address were not used for verification.

So ordering from a fake credit card was easy. Finding the drop shipping location was the hard part.

[jedimastert]

In context, the exfiltrated info (last for of real card, billing address, email) was used as verification to get the victim's me.com account under the hacker's control, which was the back up for the victim's primary gmail used for everything else.

[dannyw]

Your fake credit card isn't going to have a balance.

[wolco]

It didn't matter because in order to check someone had to call and wait an hour so no one did in mail order purchases/shopping networks because you had an address to send the police to.

[TedDoesntTalk]

It was and still is trivial to get stolen credit card info that do have balances or credit available.