And payment processors can also identify these. And most of them you have to purchase with a minimum amount on ($10 or $20 afaik).

Virtual debit cards however are interesting. My bank lets me set up as many of those as I like and I don't even have to use my real name or billing address with them.

And yeah, there's also the stolen credit card / debit card market. I really can't see this adding that much pain for these bot handlers. It might make it a bit easier to identify the patterns at least.

I think this will just end up moving the problem further down the line and end up with twitter accounts being bought / sold.

It's trivial to prevent this category of card from being accepted. Many similar services already block pre-paid cards.

Google Adwords already does this, for example.

THere was a period where spammers would run up high charges on prepaid cards and (of course) not actually pay for the ads.

Can you automate that though? Having to buy an individual card per bot could be a pretty annoying secondary cost for a thing whose lifetime value is likely measured in the single digits of dollars.

You don't buy card numbers individually. You buy lists of them, of varying quantity, quality and price and you just cycle the numbers until you find ones that work.

Costs per card about $5 bucks, and will get cycled into a multi-merchant hit to extract the most value from each card. A $1 Twitter charge, $50 bucks in digital gift cards, a "maybe it will work" hit for hundreds in electronics, or clothes, etc.

If nothing else, Twitter just made itself a GREAT place to test stolen numbers, since a $1 charge isn't likely to raise any flags and get the card shut down.

That's not very scalable.