Security Experts:

Connect with us

Hi, what are you looking for?



Card Fraud Platform Mimics Human Behavior to Avoid Detection

Cybercriminals have developed a piece of software that’s designed to help payment card fraudsters automate unauthorized charges to ensure that they make a profit before their activities are picked up by fraud detection systems.

Cybercriminals have developed a piece of software that’s designed to help payment card fraudsters automate unauthorized charges to ensure that they make a profit before their activities are picked up by fraud detection systems.

Payment card fraudsters are always looking for ways to improve their operations and the new platform provided by an organized crime group called “Voxis Team,” which surfaced on the black market in August, might be exactly what they need.

According to researchers from threat intelligence firm IntelCrawler, who have been monitoring Voxis Team, the new automated tool can be used to send batches of fraudulent payment card charges to multiple gateway processors.

A payment gateway is a service that’s used to authorize credit card payments for online stores and facilitates the transfer of information between the website and the bank.

CybercrimeWhen they get their hands on stolen payment card data, cybercriminals open merchant accounts with a payment gateway, for which they use money mules and stolen identities. They also set up fake websites to get the payment gateways to approve their accounts. Once they obtain a merchant account, they must quickly make transactions with the stolen cards before they’re detected by anti-fraud systems.

The Voxis Platform helps increase the chances of having the fraudulent charges authorized by emulating human behavior and buying patterns.

“Taking advantage of fraudulently obtained merchant accounts, bad actors can use speed to automate and load cards to be charged for pre determined amounts at predetermined times, all with the goal of sliding under fraud detection systems,” IntelCrawler said in a blog post.

The authors of the Voxis Platform claim their solution can use a total of 32 payment gateways, including Coinbase, MultiSafepay, PayPal, WorldPay, and Stripe.

“The list of fully supported payment gateways includes some famous payment processing companies, which if exploited, may incur compliance issues, AML regulations issues, and chargeback concerns for the merchants and their respective acquiring banks,” IntelCrawler noted.

One interesting feature of the platform is called “Autofill Missing Info.” The feature uses the API from the people search engine to automatically fill in cardholder information that might be missing.

Tens of millions of credit and debit cards have been stolen recently and experts say this has created a demand on the underground market for methods that can be used to monetize the data quickly. Researchers have noticed that cybercrime groups pool their programming resources to create tools.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack