Speaking of Security – The RSA Blog and Podcast

The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached.

Most consumers know what a virus or a Trojan is, but if you threw the word “scareware” at them, you might get a look as though you were an alien from another planet.  Scareware is no different than any other malicious software that finds its way on to your computer.  But the best way to [...]

The constant hustle and bustle of underground fraudster markets is a bountiful source for any and all types of fraud commodities and partnerships formed between seemingly anonymous criminals in the virtual world. And yet, one very prominent vertical, if we may, stands far out from the rest—credit card shops and just about everything that has [...]

  Host Michelle Adams-Dixon talks with Angel Grant, Senior Manager, Identity Protection & Verification for RSA about protecting yourself while shopping online this holiday season.

So Cyber Monday has arrived, and tens of millions of consumers will be hitting the cyber waves to shop for the best holiday deals around. Most of them will be doing it on company time (myself included, I admit), but hey, my son really wants that video game and I can save 50% today only. But while Cyber Monday is packed with unbelievable deals for holiday shoppers, it is also a time when consumers need to take notice to ensure they don’t fall victim to fraud, and retailers and banks need to be on guard.

In the short time I’ve been blogging, I’ve written relatively often about automated CC stores. These websites offer fraudsters an automatic way of buying stolen credit cards – simply fund an account with e-currency, choose which type of card you would like, pay and receive the full credential. Their popularity has reached such a fever pitch. Recently, we’ve encountered a new development in the underground in regards to these sites – forums opening “official” stores.

Whenever we present about the underground and mention that fraudsters often post compromised credit cards for free we often get the question “Why would they do that?” Considering that unlike the hacker communities of years past, the underground economy is all about the money (and not bragging rights), this is a very legitimate question. After all, if the fraudsters’ goal is to maximize profit, why would they give away stuff they can otherwise sell? The answer is pretty straightforward.

Recently we saw a major indictment of 111 individuals from an “identity theft operation” based in Queens, NY. I suppose we will learn more details as the prosecutors make their case, but from the original reads it looks more like a counterfeit credit card operation versus a full identity theft operation. One key difference between the two is someone using your identity to open new lines of credit as opposed to just capturing your card data and making a duplicate to go on a shopping spree.

Credit card checkers play a crucial role in the fraud supply chain when compromised credit cards are involved. Banks are constantly on the prowl for common points of compromises (or CPPs) – common denominators between cards where fraud was observed, which indicate the source from which the cards were compromised. They enable banks to identify additional cards that could be at risk and block them before fraud occurs (and it will most likely occur, at some point).

Mitigating fraud isn’t just about identifying patterns of fraudulent transactions and the on-going work of identifying compromised merchants. Mitigating fraud is also about identifying the weakest links which fraudsters can exploit and making the necessary changes to plug those holes.