If you’re in the market for a bunch of stolen credit card numbers, then ccarder is your man. Or woman. It’s not clear what ccarder’s gender is, but this much is certain: Around 1 p.m. Eastern Standard Time on a recent Friday, someone using that handle hung out a shingle in cyberspace and offered to verify, free of charge, the authenticity of stolen credit card numbers.

Ccarder traffics in said services through a storefront in an online chat room that’s accessible from any Internet connection in the world. As an enticement to potential customers, ccarder would check any numbers they already had in their possession, hoping to turn them into buyers for hundreds, maybe even thousands, more. Ccarder was looking for customers who had only a few numbers, and the free verification service is a pretty common gimmick. Ccarder is not unlike the excessively perfumed vendors who stake out department-store counters, offering to spritz passersby with the latest fragrance in the hope that they’ll buy the bottle.

Jason Thomas decided to take ccarder up on the offer. He runs a small cyber-analysis unit at West Virginia University, and he has spent most of his career studying hackers and Internet security. Thomas clicked on a link that ccarder had put up in the chat room. It took him to a bare-bones website featuring a familiar set of blank data fields waiting to be filled in with a credit card number, expiration date, and three-digit security code, precisely the same information you would provide to any online merchant to pay for items in your shopping cart.

See the full report at National Journal Magazine.