Expert Comments On Credit Card Data Exposed Online Is Tested Within 2 Hours

It has been reported that, be it fake or real, payment card data does not survive untouched for long on the web. The bad guys are testing everything they find on the internet, just to make sure they don’t miss an opportunity to cash in. From the moment it landed on several paste sites, it took two hours for data from a Visa card to be used for a micro-transaction, just to check it’s validity.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Robert Capps
Robert Capps , VP
InfoSec Expert
December 19, 2019 10:55 am

Once cybercriminals get stolen credit card data, it is often tested right away. Cybercriminals test cards to make sure they are active, so they are able to resell them to other cybercriminals for a higher price. Once sold, it’s a race against the clock to commit fraud using the valid stolen credit card… before another cybercriminal does, or before the issuing bank deactivates the card. At NuData Security, we observe card validation attacks across our customer base, and our analysts found that over 90% of these attacks are automated – and this automation is becoming a lot more sophisticated in order to circumvent security tools being deployed by most major financial institutions to combat such attacks. These more sophisticated attacks emulate the behaviour of a real human user, by loading legitimate web pages and associated java script, and emulating human navigation and typing behaviour – complete with pauses between keystrokes and mouse clicks. Some more advanced attacks, employ actual humans to solve automation blocks, such as captchas. These sophisticated attacks have gone up by over 300% in 2019, as cybercriminals have found techniques that bypass the basic bot mitigation technologies in the market.

Merchants can provide the first line of protection against these attacks by implementing a layered defence that includes passive biometrics and behavioural analytics, which are able to identify these sophisticated automated and human attacks, through the collection and analysis of hundreds of human interactional characteristics, to identify humans from the machines, and legitimate customers from the imposters.

Last edited 2 years ago by Robert Capps
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x