Bank: Are you having dinner in London tonight?
You: No! I am in New York City having dinner!
Bank: Your credit card has been stolen.
The United States experiences 47% of credit card fraud in the world. The largest and fastest growing type of credit card fraud occurs on-line, and is also known as a “card-not-present” (CNP) transaction. Card-not-present transactions represent more than 85 percent of all transactions, and this percentage is growing as more and more commerce moves online. From our own experience, and that of the industry experts we’ve spoken with, there have been many changes in the payment card industry in the last two years, but a common theme across our conversations is a “shift of risk” to the merchants, card issuers, and banks.
When it comes to credit card fraud, more and more of the liability is being shouldered by the merchants and merchant banks. When a card is presented for a transaction, the merchant bank and card issuers are responsible for the fraudulent charges. However, when a card is not presented (such as in an online purchase), the merchant bears full responsibility, including the merchant’s loss of revenue, fines, and penalties from the banks for the cost of processing fraudulent transactions.
The Digital Black Market: Turning Sensitive Data into Money
To make money or obtain a new identity, more and more criminals turn to markets on the dark web. The Dark Web is a data and documentation resource for criminals, where they can acquire or sell credit cards, passports, drivers’ licenses, and social security cards (to name a few) in both digital and physical forms.
Regardless of the way that sensitive data was obtained (by malware, social engineering, backdoors, etc.), the goal of the information thief is the “cash out” from selling stolen data. Converting information to cash is not a simple process, but requires multiple steps, such as advertising the data, identifying a buyer, creating a secure escrow and dead drop to support the transfer, receiving bitcoin, and converting the bitcoin to the local currency or into physical goods.
There are many criminal teams involved in this process, and the process may involve many parts, or networks, on the Dark Web. The whole “cash out” process may take a while, so the sooner exfiltrated data can be identified, the easier it is to stop the thief from “cashing out” and for the merchant, bank or credit card issuer from experiencing losses.
Security experts consider credit card data to be the most commonly traded commodity in the Dark Web economy. LemonFish can find stolen credit card data, a type of Personal Credit Information, on the Dark Web using advanced data behavior analytics.
In a recent data breach case, LemonFish identified a specific source of credit card data leakage, and within a week of discovering the breach, helped to close the backdoor that was installed by a web developer. Specific details about the breach show how responsive LemonFish’s Dark Web Analytics are:
How did the Dark Web Analytics shut down a breach in less than Seven days?
Using a fully automated form of Common Point of Compromise (CPC) analysis, multi-lingual chatter on Dark Web forums was analyzed to identify credit card numbers, posting dates, authors, forums, and the relational structure of this text. The relational structure of these posts was represented as a graph and temporal heat map. Using advanced graph analysis combined with temporal analysis, LemonFish identified a pattern where non-Dark Web entities were discussed in conjunction with statistically abnormal levels of credit card data. This automated analysis can also be applied to social security numbers, phone numbers, passport numbers, and any other type of Personally Identifiable Information (PII). In this specific case, the credit cards were found within two areas of the Web: (1)invitation-only Dark Web sites, and (2) open web data. LemonFish then created a Credit Card Threat Intelligence report that stopped the breach before more customer data was leaked.
LemonFish Dark Web analytics is forging new territory with its data partners and its clients in discovering fraud, PCI, and data breaches using data behavior analytics. To learn more about LemonFish’s Dark Web Analytics read our solution paper at: www.Lemon.Fish