Very interesting - both technically as well as looking into the moral justifications the botnet operator provides. But equally interesting is the discussion on Hacker News: http://news.ycombinator.com/item?id=3960034. Especially the discussion on the Verified by Visa (3D Secure) system and how the goal is basically to move liability onto the consumer and off of the merchant or credit card company.
(via Taxi-window sticker: our security stinks and your credit card will be sniffed)
Don’t you have to meet some minimum security requirements to process credit card transactions?