Security Experts:

Card Fraud Platform Mimics Human Behavior to Avoid Detection

Cybercriminals have developed a piece of software that's designed to help payment card fraudsters automate unauthorized charges to ensure that they make a profit before their activities are picked up by fraud detection systems.

Payment card fraudsters are always looking for ways to improve their operations and the new platform provided by an organized crime group called "Voxis Team," which surfaced on the black market in August, might be exactly what they need.

According to researchers from threat intelligence firm IntelCrawler, who have been monitoring Voxis Team, the new automated tool can be used to send batches of fraudulent payment card charges to multiple gateway processors.

A payment gateway is a service that's used to authorize credit card payments for online stores and facilitates the transfer of information between the website and the bank.

CybercrimeWhen they get their hands on stolen payment card data, cybercriminals open merchant accounts with a payment gateway, for which they use money mules and stolen identities. They also set up fake websites to get the payment gateways to approve their accounts. Once they obtain a merchant account, they must quickly make transactions with the stolen cards before they're detected by anti-fraud systems.

The Voxis Platform helps increase the chances of having the fraudulent charges authorized by emulating human behavior and buying patterns.

"Taking advantage of fraudulently obtained merchant accounts, bad actors can use speed to automate and load cards to be charged for pre determined amounts at predetermined times, all with the goal of sliding under fraud detection systems," IntelCrawler said in a blog post.

The authors of the Voxis Platform claim their solution can use a total of 32 payment gateways, including Coinbase, MultiSafepay, PayPal, WorldPay, and Stripe.

"The list of fully supported payment gateways includes some famous payment processing companies, which if exploited, may incur compliance issues, AML regulations issues, and chargeback concerns for the merchants and their respective acquiring banks," IntelCrawler noted.

One interesting feature of the platform is called "Autofill Missing Info." The feature uses the API from the people search engine Pipl.com to automatically fill in cardholder information that might be missing.

Tens of millions of credit and debit cards have been stolen recently and experts say this has created a demand on the underground market for methods that can be used to monetize the data quickly. Researchers have noticed that cybercrime groups pool their programming resources to create tools.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.