Tuesday morning. 14 November. Girish Mallya, a publisher at T3 India magazine, wakes up to an alarming dollar figure charged to his credit card. A transaction of over $1,100, and some more. “I got alerts for two transactions, I saw dollar and I almost fell off my chair.” At first, Mallya thinks his bank account has been compromised, but then he checks his statement and quickly realises it’s the credit card. He immediately calls his card issuer, Citibank. The bank informs him that two of the transactions have been claimed “by the merchant”, and there are three more. Unclaimed.
“I asked the bank to dispute these two and asked them to take a standing instruction for a proactive dispute for the pending three,” Mallya tells us about a fortnight later, holding out his bank statement.
Within 48 hours, he got notified by the bank—“Your provisional credit has been done”. “The standard procedure [banks] follow is 60 days provisional credit, so you don’t have to pay the bill because they are disputing the transaction, and they take up to 60 days to verify with the merchant and to give a final redressal to the issue,” he says. After this, there was another transaction a day later. This has been disputed as well.
In all likelihood, Mallya will get his money back. He has already got a new card on which he has capped the credit limit at Rs 20,000, and as an extra precautionary measure, he even plans to memorise the CVV number and then erase it.
But this isn’t another ‘credit card fraud’ story; we’re more interested in what the transactions were used for. Namely, Facebook ads. And why is that interesting? Well, because today, Facebook has enough user data to tie-up with the Indian Election Commission (EC). And that makes it accountable, at the very least.
All the six payments using Mallya’s card were made to run advertisement campaigns on Facebook. But why spend on Facebook ads using stolen card details? To conceal the identity of those behind these ad campaigns.
Loopholes in Facebook’s payment setup are allowing astroturfers and hackers to run anonymous propaganda and phishing campaigns on the platform using stolen card details. Astroturfing is the practice of false advertising with the aim to manipulate popular opinion and gain momentum. The extent of astroturfing on Facebook, though, is no secret. Recently, the company had to put out a reassuring post after some US users were targeted by fake Russian accounts.
Spreading misinformation to shape public opinion has been an integral part of politics. With the help of social media, the speed of dissemination and penetration of such propaganda has increased manifold. Take the example of the recent US Presidential elections, where Russian Propaganda ads were found on Facebook, Google, Twitter and other social media platforms.
