When Botnets are used to fraud credit card payments then botmasters (cyber criminals) orchestrate their operation in a way that compromised computers show no symptoms of an infection. A typical credit card fraud can be a simple purchase of an item using a stolen credit card number. For instance, the botmasters or criminals have a number of a stolen credit card. Through the botnet C&C (command and control) server they can instruct the infected computer to perform a purchase of an item from an online merchant. The merchant receives payment for the item from a stolen credit card number. The shipping address specified may be of a third-party in a foreign country while the fraud may go unnoticed if the purchased amount is small.
The merchant may use a fraud detection mechanism to check whether the IP address of the customer's computer is in the same location as the credit card owner. However, criminals use infected computers that reside in the same location/region of the stolen credit card owners and hence, the location appears to be valid. Still, if at some point the actual credit card owner notices the purchase on his/her bank statement and reports it back, it may be too late to get the required evidence.