Instead, combating the in-box clogging, and frequently malware-laden, messages spammers deliver should be done by cutting off the spammer's payment processors so they can't get their money, the researchers conclude. The research, titled , was presented this week at the in Oakland, California. The researchers looked at the ecosystem of a spam operation by setting up a network to receive spam and examine the supply chain involved.
"It is the banking component of the spam value chain that is both the least studied and, we believe, the most critical," researchers state in the paper. "Without an effective mechanism to transfer consumer payments, it would be difficult to finance the rest of the spam ecosystem."
The research notes that only a small number of are willing to knowingly process what the industry calls "high-risk" transactions. In fact, just three banks, which are located in Azerbaijan, Denmark and the Caribbean island of Nevis, provided the payment servicing for over 95 percent of the spam-advertised goods in the study. The researchers even went as far as to purchase spam-advertised goods in order to find out who the payment processors are. Finding a way to stifle the operations of a payment processor would be a much more disruptive action than , the researchers note.
"The replacement cost for new banks is high, both in setup fees and more importantly in time and overhead," the paper states. "Acquiring a legitimate merchant account directly with a bank requires coordination with the bank, with the card association, with a payment processor and typically involves a great deal of due diligence and delay."