Over 23 million stolen credit cards were put up for sale on the dark web in the first half of 2019. This acts as a catalyst for criminals conducting payment fraud attacks. Payment frauds are a low-risk, high-profit criminal activity. According to Europol’s organized crime threat assessment (IOCTA) report, the modi operandi in payments fraud has not seen any major innovation during the last year. Below are some of the major types of payments fraud techniques.
Card Not Present (CNP) fraud
It involves the unauthorized use of credit or debit card data to complete a purchase or avail a service while the actual card being physically unavailable. To perform a CNP fraud, the data required generally originates from data gained from third-party breaches, phishing emails, scam text messages, etc. But, it just doesn’t stop there.
The IOCTA 2019 report found CNP fraud as the most critical payment card fraud within Europe. CNP frauds further link to other frauds and illegal activities, including the facilitation of illegal immigration and more specifically Trafficking in Human Beings (THB), according to the report. Criminals accomplish this through various activities such as booking multiple plane tickets, booking hotels, rentals, etc, using compromised or stolen credit card credentials. Cybercriminals do this through CNP fraud in combination with forged identification documents.
In the majority of CNP fraud cases, the victims are unaware of the unauthorized use of their payment cards, which remain in their possession.
Recently in the US, an ATM skimming gang who netted an estimated $20 million in a crime wave across the country, were arrested. Not all payment terminals and ATMs are necessarily equipped with anti-skimming measures to prevent such attacks. This enables the copying of magnetic-stripe track data at PoS terminals and ATMs.
In another method, the crooks use devices running software skimming malware that intercepts payment card and PIN details at the ATM itself, allowing them to copy the data and later create counterfeit cards.
In the European area, the subsequent usage of a cloned magnetic-stripe payment card isn’t easy as the cards are secured with EMV chip technology supported by Europay, MasterCard, and Visa, the IOCTA report says. Card data collected through skimming is also sold on both the Dark web and via traditional websites, and they have been found being reused in bank withdrawals, mainly in America and Southeast Asia.
In the last few years, we have also witnessed the rise of Magecart attacks which exploit e-commerce sites by injecting card skimming scripts to steal payment card data of customers during the online payment process.
Jackpotting, or black-box attacks, is one of the most widespread logical attacks on ATMs. In such attacks, hackers typically install malware onto an ATM by physically opening a panel on the machine to reveal a USB port. Or, they may use their blackbox device which connects to the dispenser and empties the cash in the ATM.
WinPot and Cutlet Maker are two tools that are widely used for jackpotting—both available on the dark web. In one of the incidents, as mentioned by the IOCTA, an attack was executed by melting a hole above the monitor of the ATM and plugging a USB cable into the ATMs printer cable. After such intrusions, the criminals infuse software like Cutlet Maker to hack into the system and withdraw cash.
All in all, the time required for the ATM attack could be as low as 10 minutes.
A new report on Loyalty Fraud
Loyalty fraud is also a rising trend in the area of payment fraud. The latest Fraud Attack Index report, which is in its seventh edition, revealed that there is 89 percent rise in loyalty fraud incidents year over year, while the total amount of money involved in online fraud increased by 12 percent year over year. Additionally, fraudsters are gaining more success in account takeover (ATO) attacks, says the report.