State of Black Market for Stolen Credit Cards (2015) by N. Vlajic

Similar documents
Why Data Security is Critical to Your Brand

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Internet threats: steps to security for your small business

Five Trends to Track in E-Commerce Fraud

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation

Deception scams drive increase in financial fraud

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Protecting Yourself from Identity Theft

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Guide to credit card security

Cyber security: Safeguarding Online Sales

White Paper: Are there Payment Threats Lurking in Your Hospital?

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Practical guide for secure Christmas shopping. Navid

Identity Theft Prevention Presented by: Matt Malone Assero Security

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University

National Cyber Security Month 2015: Daily Security Awareness Tips

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Learn to protect yourself from Identity Theft. First National Bank can help.

PCI COMPLIANCE AND WHAT IT MEANS TO YOU IN ENGLISH

Network Security & Privacy Landscape

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

EVERY TWO SECONDS. The Financial Institution s Guide to Protecting Customers from Identity Crimes

Small businesses: What you need to know about cyber security

Identity Theft Protection

How To Stop A Cybercriminal From Stealing A Credit Card Data From A Business Network

Protection from Fraud and Identity Theft

Personal Information Protection Act Information Sheet 11

Privacy and Information Protection Bulletin

Protecting Your Business from Online Banking Fraud

MALWARE TOOLS FOR SALE ON THE OPEN WEB

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

The anatomy of an online banking fraud

Medical Information Breaches: Are Your Records Safe?

Driving License. National Insurance Number

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

Protecting Yourself From Identity Theft And Fake Check Scams. Faculty. Question. The Law. The Law. The Law

Fraud Prevention Checklist for Small Businesses

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

Corporate Account Takeover & Information Security Awareness

Market Intelligence Cell. Fighting Financial Crime

The Comprehensive, Yet Concise Guide to Credit Card Processing

Prevent Security Breaches by Protecting Information Proactively

Banking Solutions for Nonprofits 101. Four Money Saving Strategies for Nonprofits with Bank Products

EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK

THE CYBER-CRIME BLACK MARKET: UNCOVERED

IDENTITY SMART. Resources to Help Against Identity Theft and Fraud

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Protect yourself online

Top tips for improved network security

Visa CREDIT Card General Guidelines

How To Avoid The Identity Theft Predators

Protecting your business against External Fraud

KEY STEPS FOLLOWING A DATA BREACH

When Fraud Comes Knocking

Fighting Online Fraud

Are Credit Monitoring Systems a Reliable Score Measurement When Preparing to Buy a Home Using Your VA Home Loan Benefit?

Information Security. Annual Education Information Security Mission Health System, Inc.

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

Policy for Protecting Customer Data

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices

Dolla Dolla Bill Y'all: Cybercrime Cashouts. Benjamin Brown Akamai Technologies

What the Biggest Data Breaches in Retail Have Taught Us about Cyber Security

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Why do you need my Social Security Number and other personal information when I enroll for an I.C.E. card?

The 4 forces that generate authentication revenue for the channel

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Device Fingerprinting and Fraud Protection Whitepaper

Executive Cyber Security Training. One Day Training Course

A multi-layered approach to payment card security.

Small Business IT Basic Security Guide:

Data Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association

STRENGTHENING CREDIBILITY IN THE EU ETS FOLLOWING SECURITY AND FRAUD RELATED INCIDENTS MACKEN, KEN

Cyber Security Response to Physical Security Breaches

Are you Smarter than a Scam Artist? 2015 AASC National Conference Nashville, Tennessee

Corona Police Department

TOP TRUMPS Comparisons of how to pay for goods and services online

Online Security Tips

How TraitWare TM Can Secure and Simplify the Healthcare Industry

Helping you to protect yourself against fraud and financial crime

Small Merchant Data Security Survey Results

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited

What happens when you swipe your card?

How to Secure TYPO3 Installations

PCI Data Security. Information Services & Cash Management. Contents

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g

Guide to BBPS and BBMS Blackbaud Payment Services and Blackbaud Merchant Services explained.

A practical guide to IT security

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

Advanced protection from the growing threat of check and ACH fraud

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Protect Your Business and Customers from Online Fraud

Identity Protection Guide. The more you know, the better you can protect yourself.

IDENTITY ALERT: The Fight to Defend Your Identity and Personal Information

Preventing Identity Theft National City Bank. How to protect your identity

Transcription:

State of Black Market for Stolen Credit Cards (2015) by N. Vlajic

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Worst Security Hacks of the Last Decade http://www.bloomberg.com/graphics/2014-data-breaches/

Why Do Hackers Go After Credit Cards? immediate payoff * stolen C.C. numbers can be used right away, anywhere in the Internet low hanging fruit for criminals * C.C. numbers can an be easily stolen from under-protected e-commerce Web-sites low likelihood of capture * it is easy to obscure evidence

How Do Credit Card Numbers Get Stolen? Scenario 1: Harry the Hacker methods of operation * malware installed on a corporate server * malware installed on a public computer data skimmed whenever user logs in their bank number, credit card number, email address, password * malware installed on a public server malware downloaded to a client machine at every visit of infected Web-site

How Do Credit Card Numbers Get Stolen? Scenario 2: Phishing Phil method of operation * malware sent via email as attachment / link - user must be fooled at opening attachment / link and initiating malware installation phishing = most common attack vector in most (corporate) hacks

How Do Credit Card Numbers Get Stolen? Scenario 3: Waiter/Waitress with Payment Terminal [ dangerous retail insider ] method of operation The waitress whisks away your credit card and swipes it through the restaurant's register. Then, she pulls out a small device, about the size of an ice cube, from her apron and swipes it through that

How Do Credit Card Numbers Get Stolen? Scenario 4: Payment Terminal By Outside Trio [ dangerous retail outsider 1 ] method of operation Sally, Simon and Bud walk into a toy store. Bud waits in line to check out. When Bud is at the register, Simon comes running up to the clerk, screaming that his wife has fainted. As Sally and Simon distract the sales clerk, Bud switches the credit card reader at the register with a modified one of his own

How Do Credit Card Numbers Get Stolen? Scenario 5: Credit Card Skimmer (Gas Lass) [ dangerous retail outsider 2 ] method of operation It's late. There's no one around except a sleepy attendant at the register inside. The Gas Lass attaches a skimmer over the credit card reader at the pump. It's a special skimmer: It emits a Bluetooth signal to a laptop close by. The Gas Lass heads off to the motel next door and sets up her laptop to receive the data

Where Do Stolen Credit Card Numbers Go? Credit Card Broker Credit Card Carder

Where Do Stolen Credit Card Numbers Go? 1) Credit Card Brokers black market agents who buy and re-sell stolen credit card numbers

Central Shop = Web portal for sale of credit card data http://centralshop.cn

What is the selling price for stolen credit card numbers? http://www.mcafee.com/ca/about/news/2015/q4/20151015-01.aspx http://www.theregister.co.uk/2013/07/02/mcafee_cybercrime_exposed/

What else can you find on the black market? http://www.symantec.com/connect/blogs/underground-black-market-thriving-trade-stolen-data-malware-and-attack-services

Where Do Stolen Credit Card Numbers Go? 2) Credit Card Carders criminals that ultimately use/exploit stolen credit card numbers ways carders use stolen c. c. numbers print plastic card with the new number [ not effective in case of EMV/chip cards ] make online purchases [ not easy on some sites as other user info may also be required]

It is race against the clock to charge as much money to the card as possible before the bank closes the account. carders must quickly extract & convert stolen money into other forms of capital [ process aka as money laundering ] extraction & conversion should be hard to detect or trace back multiple conversion steps often used

Credit to Gift Card Shell Game http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/

Money Mules aka smurfer - serves as an intermediary for criminals & criminal organisations transport fraudulently gained money or goods to fraudsters may or may not be aware of true nature of business http://bambooinnovator.com/2013/11/26/more-singaporeans-succumbing-to-money-mule-temptation/

Money Mules money mule job Ad examples

Money Mules money mule prosecution https://www.us-cert.gov/sites/default/files/publications/money_mules.pdf

Money Mules http://www.antimoneylaunderinglaw.com/2013/06/hk-woman-sentenced-for-being-a-mule-for-laundered-canadian-funds-in-hong-kong.html

Money Mules http://blogs.msdn.com/b/tzink/archive/2010/12/23/graphic-how-a-money-mule-operation-works.aspx

https://philanthropy.com/article/fraud-alert-criminals-test/233197 How Do Carders Test Stolen C.C. Numbers? stolen credit card numbers not worth much unless verified thieves use online payment websites to test whether c.c. numbers work in some cases verification is done using bots Charity Web-sites are ideal for testing of stolen c.c. due to simple (bot-friendly) design and little built-in security.

http://krebsonsecurity.com/2015/12/when-undercover-credit-card-buys-go-bad/#more-33186 How Do Law Enforcement Officers Discover C.C. Hacks? LAO & anti-fraud specialists purchase batches of c.c. numbers from crime forums / carding sites look for patterns that might help identify who got breached carding site Rescator is now able to detect suspicious transactions done by law enforcement officials purchases get declined

[1] bloomberg.com [2] bankrate.com References http://www.bloomberg.com/graphics/2014-data-breaches/ http://www.bankrate.com/finance/credit-cards/5-ways-thieves-steal-credit-card-data-1.aspx [3] engadget.com http://www.engadget.com/2014/07/28/credit-card-skimming-explainer/ [4] motherboard.vice.com http://motherboard.vice.com/read/weve-never-seen-a-stolen-credit-card-market-as-slick-as-this [5] symantec.com [6] dailymail.co.uk http://www.symantec.com/connect/blogs/underground-black-market-thriving-trade-stolendata-malware-and-attack-services/ http://www.dailymail.co.uk/sciencetech/article-3276190/how-personal-data-worth-netflixdetails-start-1-hackers-pay-1-200-banking-password.html [7] mcafee.com http://www.mcafee.com/ca/about/news/2015/q4/20151015-01.aspx [8] nerdwallet.com http://www.nerdwallet.com/blog/credit-cards/stolen-credit-card-numbers/

[9] tripwire.com [10] bambooinnovator.com [11] Reuters.com [12] safeinternetbanking.com https://www.safeinternetbanking.be/en/fraud-techniques/money-mules [13] us-cert.gov https://www.us-cert.gov/sites/default/files/publications/money_mules.pdf [14] antimoneylaunderinglaw.com [15] blogs.msdn.com [15] blogs.msdn.com http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-creditcards-are-used-on-the-black-market/ http://bambooinnovator.com/2013/11/26/more-singaporeans-succumbing-to-money-muletemptation/ http://blogs.reuters.com/alison-frankel/2014/12/15/sonys-big-bluff-cant-beat-firstamendment/ http://www.antimoneylaunderinglaw.com/2013/06/hk-woman-sentenced-for-being-a-mulefor-laundered-canadian-funds-in-hong-kong.html http://blogs.msdn.com/b/tzink/archive/2010/12/23/graphic-how-a-money-mule-operationworks.aspx http://blogs.msdn.com/b/tzink/archive/2010/12/23/graphic-how-a-money-mule-operation-

[16] philanthropy.com https://philanthropy.com/article/fraud-alert-criminals-test/233197 [17] kerbsonsecurity.com http://krebsonsecurity.com/2015/12/when-undercover-credit-card-buys-go-bad/#more-33186 [18] informationisbeautiful.net http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks

Questions 1) What is the most common approach that hackers resort to in order to steal credit card numbers? 2) Define the term broker in the context of credit card fraud chain? 3) Which types of web-sites are commonly used by hackers for testing of stolen credit card numbers?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information