Years ago, the method used by criminals to see whether a stolen credit card was still active was to charge a penny to the account. If it was authorized, the criminal could then purchase more substantial goods using that card. Credit card companies and banks have both gotten wiser. Today, they look for penny purchases as well as random gas station purchases, for example, as early warning flags. Well, the criminals may have outsmarted everyone this time.
According to a Symantec enterprise security blog, criminals are now attempting to pay small amounts to various charities, including the Red Cross. The criminals can determine the value of the stolen card depending on the success or failure of the transaction. Active credit card accounts sell for higher values on the Internet black market.
Symantec believes that bank behavior monitors, the services that flag inappropriate use of your credit card, are less likely to pick up on such transactions. Given the random nature of charitable donations, banks would be unable to determine whether such activity is out of the norm.
This raises some ethical issues as well. The charities need the money. And you might not be too upset to learn that you have donated, given that you can claim it on your taxes. But unless you are monitoring your credit statements online, you might not otherwise know that your card has been stolen. You certainly don't want to get stuck paying for online electronics purchases earmarked for addresses in Eastern Europe.