For three months, a team of computer scientists from two California universities deliberately set out to expose themselves to as much spam as possible, then systematically made purchases from the Web sites advertising drugs and herbal remedies in the messages, The New York Times reported Friday.
The team examined almost a billion messages and spent several thousand dollars on about 120 purchases.
They found 95 percent of the credit card transactions for the spam-advertised items they purchased were handled by just three financial companies -- one based in Azerbaijan, one in Denmark and one in the West Indies.
Because spammers rely on just a few banks and an even smaller number of credit card processors, the business is highly vulnerable to disruption by regulators and law enforcement agencies and the study findings could be a "a very powerful deterrent" to spammers, one expert said.
"If the credit card companies wanted to shut down the spammers, we can easily aid them in rapidly and unambiguously identifying the merchant accounts used by spammers," said Steve Kirsch of Abaca Technology, an anti-spam company based in San Jose, Calif.
If processors refused to authorize online credit card payments to the merchants, "you'd cut off the money that supports the entire spam enterprise," said Stefan Savage of the University of California, San Diego, who worked on the study with colleagues at San Diego and UC Berkeley.