enigma1 - 4:53 pm on Jul 25, 2010 (gmt 0)
they use the correct name and address on file, correct cvv code, and oddly enough same shipping address as billing*. Worst of all they go as far as using IP addresses geographically near the home of the person it was stolen from
They may hijacked these systems so you may not be able to distinguish anything. And so they can then test the cards as already mentioned and then find ways of actually converting credit into cash. I don't know what tools you are using but in such cases they won't identify anything. You need to retrieve information from the IP and go from there. Some of these tools correlate the geo-location with the billing/shipping address which maybe inadequate in this case.