The Crime Mechanism of International Credit Card Fraud Syndicate

Built on the research from the TrustDecision Intelligence team, this article will unveil the underground credit card fraud syndicate from multiple perspectives, including the crime lingo, crime process, division of labor, cashing methods, and provide insights to combat such fraud.

Share

February 5, 2024

12 minutes

Wang Ying, Elaine Cheong, Yuqi Chen

In today's digital age, where financial transactions are increasingly intertwined and conducted online, a shadowy threat looms large for both individuals and corporations: the underground credit card fraud syndicate. This hidden “marketplace”, thriving in the depths of cyberspace, presents a formidable challenge to transaction security.

This article comes from an in-depth research by our intelligence team exposes the alarming and sophisticated fraud rings within this illicit sphere. It was found that credit card data obtained by the black market is extremely widespread, covering credit card issued by payment networks like Visa, Mastercard, JCB, American Express and Discover.

Understanding the Credit Card Theft Lingo

Decipher the insider’s lingo is crucial to fully grasp how fraudsters navigate in the black market. The following image showcases a commonly-used lingo to pass on information:

Most fraud syndicate started from China, or if not managed by the same fraud gang. It’s crucial to break it down from the original context in Chinese and here are all the lingos involved:

The Crime Process

Division of Labor

POS and ARM Machine Skimming

The process often begins with attaching skimming devices to POS terminals and ATMs. These devices capture cardholders' sensitive data—like card numbers, CVV codes, and PINs during transactions. This stolen information is then compiled and sold on the dark web by data traffickers.

Older POS models sometimes use the GSM protocol to connect to banking networks. Since this protocol transmits data unencrypted, it's vulnerable to interception by criminals using specialized equipment. They exploit this weakness to steal comprehensive transaction data, affecting both debit and credit cards. Below, you'll find examples of the equipment used in these skimming operations.

Credential Stuffing

Fraudsters target payment platforms, e-commerce sites, and mobile service providers to gather personal information like phone numbers, billing addresses, and card details. This process allows them to create detailed profiles of credit card data for sale, as illustrated below.

Phishing and Malware Attacks

Cybercriminals may set up fake websites that mimic legitimate ones, tricking users into submitting their personal information. They also distribute malware, including trojans, through certain software to steal data, with the specific types of software varying across different regions.

The Key Question Then Is: Where Does This Stolen Information End Up?

Dark web forums and certain social media platforms are hotspots for trading stolen credit card details. These platforms witness daily transactions involving the sale of stolen information, skimming devices, and guides on money laundering. The price of stolen data varies based on factors like the card's country of issuance, the bank issuing the card, and the likelihood of a successful transaction. High-quality data commands a higher price. Sellers categorize their goods by card issuer and country code, offering discounts for bulk purchases. To stay under the radar of bank monitoring, transactions are typically conducted using cryptocurrencies like Bitcoin or through Western Union.

From Data Theft to Profit

Online Transactions

The primary method for monetizing stolen data involves online transactions. Fraudsters use stolen credit card details to buy items from gaming, e-commerce, and travel websites. They then sell these items for profit.

Credit card verification methods differ widely, with some sites employing advanced security measures like dynamic password verification to thwart unauthorized usage. Fraudsters often resort to methods like card swapping and password guessing during the payment process.

Our research also revealed that some fraudsters prefer purchasing gift cards from platforms such as Google Play, Visa, Mastercard, Amazon, Walmart, and Best Buy. Gift cards are favored for their ease of resale, high liquidity, and lower risk of detection.

To enhance “customer service” and increase the transaction success rates, fraudsters also invest time in exploiting weaknesses of e-commerce and payment websites. They created detailed tutorials on circumventing security measures on various forums. Below is an example of instructions provided by a fraudster on how to misuse gift cards from a popular international e-commerce website.

Offline Transaction

In offline transactions, fraudsters create counterfeit cards using stolen card information. They use advanced manufacturing machines to encode this data into counterfeit cards, essentially creating replicas of various credit cards. These forged cards are then used for cash withdrawals at ATMs or to buy high-value items like electronics, diamonds, and gold at physical stores.

Fraudsters also engage in NFC (Near Field Communication) based fraud, using malware to steal credit card and account information from NFC-enabled devices to make unauthorized purchases.

Money Laundering

Money laundering involves moving stolen funds through multiple transactions into personal accounts. Utilizing e-commerce platforms and digital wallets offered by third-party payment companies, fraudsters merge funds from several stolen cards into one account for withdrawal.

Our research highlights an instance where an account from an Indian e-commerce platform was used for money laundering, as shown in the accompanying image.

Another case involves exploiting a well-known third-party payment company, as illustrated in the tutorial below

To mitigate risk and maintain income, some fraudsters now offer after-sales support. Beyond selling stolen data, they also sell ATM skimmers and card-making equipments. Before completing a sale, they inform potential buyers about the success rate of the information being sold. Moreover, they also provide refunds or replacements under certain conditions and share tutorials to assist buyers increase their chances of successful fraud.

How Might We Combat All of These Orchestrated Fraud Tactics?

The limitations of preventing credit card fraud through traditional methods such as blacklist matching and strategic rules are slowly diminishing against the ever-evolving techniques. The industry is moving towards machine learning technologies, focusing on analyzing user behavior to identify anomalies and evaluate fraud risk while having the capability to make real-time decision accurately. These advanced approach can help digital businesses achieve timely loss prevention and minimize disruption to keep good user experience. It also helps to better handle the issue of credit card chargebacks, allowing the focus to be kept on growing the business itself.

Find out about how AI-driven decision engine works, talk to our domain experts.

Related Posts

Deep Learning in AIGC Fraud Analysis: A Comprehensive Guide

April 23, 2024

AIGC Fraud in Financial Service: Exploring the Risks and Solutions

April 19, 2024

Deepfakes and Generative AI: The New Frontier in Financial Fraud

April 17, 2024

Fraudulent Monetization Schemes on Indonesian Social Media Platforms

April 12, 2024

Risk vs. Reward: Balancing Convenience and Security in Mobile Wallet Adoption

April 10, 2024

5 Essential Features of a Secure E-Wallet App

April 10, 2024

AIGC Fraud Prevention Strategies You Need to Know in 2024

April 10, 2024

Exploring the Latest Trends in AI-Generated Fraud Detection

April 10, 2024

Strengthening Africa's Financial Defenses: The Rise of KYC++ in the Battle Against Fraud

April 8, 2024

Discovering True ID: A Key Strategy in Preventing Identity Theft

March 28, 2024

Latest Fake Phone Number Scam Explained(and strategies for business to defend)

March 28, 2024

Preventing Face AI Fraud: Essential Strategies for 2024

March 21, 2024

Generative AI and the Intensified Identity Fraud

March 20, 2024

The Ultimate Guide to E-commerce Enablement in 2024

March 14, 2024

Enhance Community Safety with Crime Mapping

March 14, 2024

Avoiding Poser Accounts: A Comprehensive Guide

March 12, 2024

Risks in AARRR Marketing Journey

March 8, 2024

Spotting Fake Account Creation: Key Indicators for 2024

February 9, 2024

2024's Top Banks in Pakistan Transforming the Digital Landscape

February 8, 2024

The Crime Mechanism of International Credit Card Fraud Syndicate

February 5, 2024

Chargeback Guarantee Model: Is It a Good Risk Management Strategy?

February 1, 2024

Enhancing Indonesian Financial Security: Strategic Partnership with Artajasa

January 15, 2024

About The SOC 2 Type I Compliance: Making the Digital World Safer for Everyone

December 26, 2023

Transforming Banking: A Case Study in Intelligent Decision-Making

December 26, 2023

Alternative Credit Scoring: Digital Transformation in Banking & Financial Inclusion

December 19, 2023

Bank Fraud: Strategies to Protect Your Financial Institution

December 5, 2023

Ensuring Privacy and Trust: How TrustDecision Complies with App Store Policies

November 28, 2023

A Deep Dive Into Fraud Prevention Technology for Digital Commerce

November 22, 2023

Unraveling the Complex Web of Digital Fraud: Safeguarding E-Commerce in Peak Shopping Seasons

November 20, 2023

E-commerce Fraud Prevention: A Strategy that Protects Business & Customer Experience

November 10, 2023

False Decline: Preserving Profits and Reputation in Digital Commerce

November 2, 2023

AI Fraud vs Solutions in Fintech: Navigating the Dark and Bright Sides

October 26, 2023

Fraud Prevention Framework: A Guide for Fintech Architects

October 19, 2023

Payment Fraud in Fintech: Guarding Your Business

October 12, 2023

APAC’s Fintech Regulation (Part 4): Specialization, Collaboration, and Diversification

October 3, 2023

APAC’s Fintech Regulation (Part 3): Trends and Changes in Fintech Regulation for 2023

October 3, 2023

APAC’s Fintech Regulation (Part 2): Key Compliance Needs for Fintech Companies

October 3, 2023

APAC’s Fintech Regulation (Part 1): Deciphering and Navigating the Complex Landscape

October 2, 2023

Device Fingerprinting and User Privacy: Striking the Right Balance

June 25, 2023

8 Best Device Fingerprint Solutions in 2023

June 9, 2023

Protecting Digital Identities with Device Fingerprinting: TrustDevice's Solution with Use Case 

June 1, 2023

6 Common Types of Malicious Attacks on Devices with Examples and Solutions

June 1, 2023

Generating Device Fingerprint In-house: Challenges and Solution

May 23, 2023

Device Fingerprint: how does it work and what can it do?

May 19, 2023

A Brief History of The Development of Device Fingerprint

May 19, 2023

Necessary but not Sufficient: Why EKYC Alone is Insufficient in Fighting Digital Fraud.

March 28, 2023

What is Device Fingerprint

March 20, 2023

How Device Fingerprints Work In Identity Fraud Scenarios

March 20, 2023

How Does Device Fingerprint Keep It Unique?

March 20, 2023

Application Value Of Device Fingerprinting In Payment Fraud Prevention

March 20, 2023

What Else Does Device Fingerprint Do?

March 20, 2023

The Rising Threat Of Fake Accounts And Account Takeover Fraud: Impacts And Mitigating Strategies

March 17, 2023

Let’s chat!

Let us get to know your business needs, and answer any questions you may have about us. Then, we’ll help you find a solution that suits you

TrustDecision was established in 2018 in Singapore and has operations in 5 countries serving clients in over 20 countries and their end-customers in over 150 countries. Our technology provides decision-intelligence solutions using Artificial Intelligence (AI), Machine Learning (ML), Big Data and privacy-preserving computing

Solutions
KYC++
Device Fingerprint
Identity Verification
Fraud Management
Promotion Abuse Prevention
Application Fraud Detection
Credit Data Insight
Credit Risk Decisioning
Merchandise Compliance
Resources
Blog
News
Documentation
Company
About us
Privacy policy

 Copyright© 2013-2023 TrustDecision. All Rights Reserved