The Dark Web and the Evolving Credit Card Fraud Threat

Posted by Anna Lothson on Aug 31, 2017 11:43:52 AM

As if issuers didn’t have enough to worry about as they combat rising card fraud rates, the dark web market continues to be a haven for hackers to scoop up droves of credit card data — which is then used to commit even more fraud.

From advanced techniques, bots that make online fraudulent purchases to hacking payment systems, the packaging and auctioning of compromised cards across the dark web to commit and monetize card fraud occurs faster than a bank can detect a compromise, identify compromise cards, reissue the cards and call the cardholders. This has created endless troubles for banks and credit unions looking to stop fraud in its tracks.

As we pointed out in our State of Card Fraud 2017 report, issuers are using new tools to fight fraud — machine learning, automation, cloud technology, etc. — but so are the fraudsters. Only better and faster. The monetization of compromised cards has become a sophisticated industry, and it’s gaining ground, thanks to advancements in how hackers are utilizing the dark web.  

“Legitimate businesses are not the only ones undergoing a digital transformation,” John Buzzard, industry fraud specialist for California-based CO-OP Financial Services, told Credit Union Times. “Not only is the data ripe for picking, it is sitting there sometimes unprotected.”

Therein lies one of the largest problems. Banks and credit unions are rushing to increase their fraud protection spend, but that doesn’t mean the businesses processing payments through their own systems are doing the same. This has left issuers increasingly vulnerable to new and emerging fraud threats.

How exactly should banks and credit unions be protecting themselves? Well, the answer is simple in theory — but complex in execution: By better protecting customer data.

On the dark web, credit card data is the new currency. Fraudsters are capitalizing on the delays it often takes for cards to get canceled, reissued or deemed compromised. Stronger, faster, more secure fraud detection measures are the only methods to preventing the spread of compromised card details, and from even bigger data breaches from occurring.

Not only are fraudsters getting smarter, there are more digital touchpoints for them to access, which has paved the way for new methods to access data. In the next three years, Gartner forecasts that there will be 20.4 billion connected devices, which means even more access points for hackers to breach.

An even bigger problem, Buzzard warns is that “criminals are out there adopting how they can use those pieces of information,” which included methods like stolen data aggregation. It’s not just about stolen payment card numbers anymore — it’s about the rich data that’s associated with it that allows hackers to commit more widespread fraud.

With the number of stolen card data circulating the dark web, there’s plenty of cheap access to personal credentials that fraudsters are capitalizing on. The reselling of payment card credentials is running rampant across the dark web, creating an entirely new business model for fraudsters. Experienced fraudsters are even using the dark web to create educational resources for novice hackers to learn how to do the same.

If it isn’t clear by now, this problem is only going to get worse before it gets better.

What Banks and Credit Unions Can Do To Combat Rising Fraud Rates

In the past year, fraudulent purchases using bots have seen a 234% increase, and the exchanging of payment card data across the dark web is contributing to that rise. One of the biggest problems is that by the time networks alert banks which cards are comprised, 80 percent of fraud has already occurred.

With the industry moving toward faster payments (same-day ACH, two-day settlement, etc.), fraud also occurs at the speed of data. What issuers need today is tools that provide them with a quick alert on which cards are compromised on a daily basis, the ability to detect skimmers on ATMs in two hours, and the option to reset PINs immediately. Delays can’t exist within the fraud detection ecosystem, otherwise fraudsters will continue to continue to monetize that data.

Fraud tools today shouldn’t take 90 days to implement, require complicated platforms, have integration delays with core systems or complex modeling iterations. Solutions need to be fast, efficient, and actionable before the money gets out of the network. These same solutions need to be able to streamline the data feed process, automate the analytics process, offer continuous model refresh, and deliver actionable results within hours — and continue to do so on a daily basis.

Are you ready to speed up your fraud detection by automating the process? Now is the time to get ahead of them problem before it gets worse.

Topics: Data Breach Statistics, Fraud