Built on the research from the TrustDecision Intelligence team, this article will unveil the underground credit card fraud syndicate from multiple perspectives, including the crime lingo, crime process, division of labor, cashing methods, and provide insights to combat such fraud.
February 5, 2024
Wang Ying, Elaine Cheong, Yuqi Chen
In today's digital age, where financial transactions are increasingly intertwined and conducted online, a shadowy threat looms large for both individuals and corporations: the underground credit card fraud syndicate. This hidden “marketplace”, thriving in the depths of cyberspace, presents a formidable challenge to transaction security.
This article comes from an in-depth research by our intelligence team exposes the alarming and sophisticated fraud rings within this illicit sphere. It was found that credit card data obtained by the black market is extremely widespread, covering credit card issued by payment networks like Visa, Mastercard, JCB, American Express and Discover.
Decipher the insider’s lingo is crucial to fully grasp how fraudsters navigate in the black market. The following image showcases a commonly-used lingo to pass on information:
Most fraud syndicate started from China, or if not managed by the same fraud gang. It’s crucial to break it down from the original context in Chinese and here are all the lingos involved:
The process often begins with attaching skimming devices to POS terminals and ATMs. These devices capture cardholders' sensitive data—like card numbers, CVV codes, and PINs during transactions. This stolen information is then compiled and sold on the dark web by data traffickers.
Older POS models sometimes use the GSM protocol to connect to banking networks. Since this protocol transmits data unencrypted, it's vulnerable to interception by criminals using specialized equipment. They exploit this weakness to steal comprehensive transaction data, affecting both debit and credit cards. Below, you'll find examples of the equipment used in these skimming operations.
Fraudsters target payment platforms, e-commerce sites, and mobile service providers to gather personal information like phone numbers, billing addresses, and card details. This process allows them to create detailed profiles of credit card data for sale, as illustrated below.
Cybercriminals may set up fake websites that mimic legitimate ones, tricking users into submitting their personal information. They also distribute malware, including trojans, through certain software to steal data, with the specific types of software varying across different regions.
Dark web forums and certain social media platforms are hotspots for trading stolen credit card details. These platforms witness daily transactions involving the sale of stolen information, skimming devices, and guides on money laundering. The price of stolen data varies based on factors like the card's country of issuance, the bank issuing the card, and the likelihood of a successful transaction. High-quality data commands a higher price. Sellers categorize their goods by card issuer and country code, offering discounts for bulk purchases. To stay under the radar of bank monitoring, transactions are typically conducted using cryptocurrencies like Bitcoin or through Western Union.
The primary method for monetizing stolen data involves online transactions. Fraudsters use stolen credit card details to buy items from gaming, e-commerce, and travel websites. They then sell these items for profit.
Credit card verification methods differ widely, with some sites employing advanced security measures like dynamic password verification to thwart unauthorized usage. Fraudsters often resort to methods like card swapping and password guessing during the payment process.
Our research also revealed that some fraudsters prefer purchasing gift cards from platforms such as Google Play, Visa, Mastercard, Amazon, Walmart, and Best Buy. Gift cards are favored for their ease of resale, high liquidity, and lower risk of detection.
To enhance “customer service” and increase the transaction success rates, fraudsters also invest time in exploiting weaknesses of e-commerce and payment websites. They created detailed tutorials on circumventing security measures on various forums. Below is an example of instructions provided by a fraudster on how to misuse gift cards from a popular international e-commerce website.
In offline transactions, fraudsters create counterfeit cards using stolen card information. They use advanced manufacturing machines to encode this data into counterfeit cards, essentially creating replicas of various credit cards. These forged cards are then used for cash withdrawals at ATMs or to buy high-value items like electronics, diamonds, and gold at physical stores.
Fraudsters also engage in NFC (Near Field Communication) based fraud, using malware to steal credit card and account information from NFC-enabled devices to make unauthorized purchases.
Money laundering involves moving stolen funds through multiple transactions into personal accounts. Utilizing e-commerce platforms and digital wallets offered by third-party payment companies, fraudsters merge funds from several stolen cards into one account for withdrawal.
Our research highlights an instance where an account from an Indian e-commerce platform was used for money laundering, as shown in the accompanying image.
Another case involves exploiting a well-known third-party payment company, as illustrated in the tutorial below
To mitigate risk and maintain income, some fraudsters now offer after-sales support. Beyond selling stolen data, they also sell ATM skimmers and card-making equipments. Before completing a sale, they inform potential buyers about the success rate of the information being sold. Moreover, they also provide refunds or replacements under certain conditions and share tutorials to assist buyers increase their chances of successful fraud.
The limitations of preventing credit card fraud through traditional methods such as blacklist matching and strategic rules are slowly diminishing against the ever-evolving techniques. The industry is moving towards machine learning technologies, focusing on analyzing user behavior to identify anomalies and evaluate fraud risk while having the capability to make real-time decision accurately. These advanced approach can help digital businesses achieve timely loss prevention and minimize disruption to keep good user experience. It also helps to better handle the issue of credit card chargebacks, allowing the focus to be kept on growing the business itself.
Find out about how AI-driven decision engine works, talk to our domain experts.