Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Payment card fraud costs banks and merchants nearly $23 billion a year and rising. As consumers spend more money online, the opportunities for fraud increase and so does the level of sophistication threat actors employ to conduct card fraud. These cybercriminals don’t operate in a vacuum. They rely on a broad ecosystem and support network that provides a range of credit card details, fraud tools and online tutorials to hone their skills and increase their chances for success.
A SOC manager of a retail bank discovered that customer credit card numbers were being traded online and took a proactive approach to preventing fraud. Here’s how it unfolded.
Among the participants in the payment card fraud ecosystem, fraudsters are the individuals who use card details to buy goods and services for their own use or to resell at a discounted price. They run the greatest risk of getting caught by law enforcement and seek ways to stay below the radar. One tactic is to make sure cards have a worthwhile balance before using them. To do this, they take advantage of services offered on the Internet Relay Chat (IRC) channel that check the validity of credit card numbers in exchange for a nominal fee ($0.15).
Figure 1: An IRC channel used to check balances of payment cards.
With annual online card spending expected to reach $6 trillion by 2021, detecting and stopping fraudulent transactions is a priority for banks and merchants worldwide. But the volume of activity to monitor can seem overwhelming. By understanding how this ecosystem operates, there are steps defenders can do to mitigate risk. In this case, the retail bank:
It’s not only IRC channels where payment cards are tested and shared online. In order to gain good visibility into where your customers’ payment cards are being shared online, you also should monitor criminal forums and marketplaces.
Want to learn more about how this underground economy operates and how to use that knowledge to your advantage? See how Digital Shadows SearchLight™ helps clients investigate digital risks such as payment card fraud and enables organizations to proactively mitigate risk: Test Drive SearchLight™ Free Here.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.