You’ve probably heard of the “dark web.” If you’ve ever wondered where a stolen credit card turns up after a cyberattack against a company or financial institution, that’ll be the place. But what exactly is the dark web and what does it look like? And do you know what risk it poses to your business?

Welcome to the Digital Underground

The internet is composed of billions of web pages spread across millions of web servers worldwide. Only a small percentage of those pages are accessible through a conventional search engine like Google. Known as the “open web,” this collective of data makes up about 5% of the total internet.

The other 95% is called the “deep web” and consists of web pages that are designed to evade a search engine’s algorithm. Think of your email inbox or your online banking account—a Google search won’t pull them up. Everything from internal business networks to confidential academic journals are out of reach. Web pages on the deep web aren’t necessarily nefarious or illegal. They’re mostly where private user activity goes on daily.

Then there’s the “dark web.” It’s a very small, concealed part of the deep web that’s made up of sites accessible only with specialized web browsers and other software. Although the dark web has legal uses, it also attracts cybercriminals that wish to conduct activity beneath police radar. Hackers often sell stolen personal identity and company information, as shown in this screenshot of a page featuring a menu of consumers’ payment data for purchase. Notice how they may also provide a card holder’s ZIP code, SSN (social security number), DOB (date of birth) and other intimate details that’ll fool an inexperienced fraud analyst into thinking nothing is amiss when the card is used.

A screenshot from the Russian Market, a forum that specializes in carding and related services. Picture: VMware Carbon Black Source: Supplied

Is the Dark Web a Danger to Your Business?

Although it isn’t a direct threat, the dark web is where fraudsters acquire stolen credit cards so they can attack your online store. NoFraud helps businesses thwart this threat by using a combination of human intelligence and AI-powered, multi-layered fraud screening technology to instantly detect and block fraudulent orders in real-time, eliminating chargebacks and boosting order approval rates.

Want to learn more about how we’re fighting fraud? Visit www.nofraud.com.

NoFraud’s Director of Business Development, Shoshanah Posner, recently joined the eCommerce Fastlane podcast to discuss the latest fraud trends impacting eCommerce.

In this podcast, you will learn:
– Current fraudster landscape as it relates to data breaches, stolen card data, and synthetic identities.
– What is the Dark Web and what are people doing there?
– Reshipper fraud, triangulation fraud, mule fraud, and how you can protect yourself.

The podcast can be found here. Happy listening!

This article was written by our director of business development for Entrepreneur.com.

As an eCommerce seller, there are multiple responsibilities juggled between you and your team — sourcing product, quality control, customer service, SEO, HR. One of the tasks that is often overlooked, until it is too late and very costly, is fraud prevention.

With the frequency of data breaches recently — 1,253 reported breaches in 2017 alone — stolen credit card data is readily available to cybercriminals. According to a recent Javelin study, $16 billion was lost to fraud last year. While the credit card companies identify and stop some of the credit card fraud that occurs, any fraudulent charge that slips through their fingers and makes its way to your website is your responsibility to stop. If you miss one, you will know about it, in the form of a fraud chargeback from your bank.

1. Classic fraud.
This type of fraud is generally committed by unsophisticated fraudsters. Stolen credit card credentials are purchased on the dark web, and goods are sent to reshippers in an attempt to retrieve the stolen merchandise. Often, internet proxies are used to mask the international IP where a majority of this type of fraud originates.

2. Triangulation fraud.
This type of fraud involves three parties — the fraudster, the unsuspecting legitimate shopper and the ecommerce store.

An online storefront is created by the fraudster, often on eBay or Amazon, that offers high-demand goods at extremely low prices. The store collects payment for the goods it sells. The fraudster then uses other stolen credit card data and the names collected in orders on his online storefront to purchase goods from a legitimate website and ships them to the customers that purchased on his new online storefront.

This type of fraud can usually be identified by the products that are targeted as well as some investigative work by locating the unsuspecting shopper who can identify the storefront where the stolen goods were purchased.

3. Interception fraud.
Fraudsters will create orders where the billing and shipping match the address linked to the card. Their goal is to intercept the package in any of the following ways:

Asking a customer service rep to change the address on the order before shipment.
Contacting the shipper to reroute the package to an address where they can retrieve the stolen goods.
In cases where the fraudster lives in close proximity to the cardholder’s billing address, physically wait near the address for the delivery to arrive and offer to sign for the package as the homeowner is not available.

4. Card testing fraud.
This is the practice of testing the validity of a credit card number, with plans to use valid credentials at another website to commit fraud. Fraudsters target websites that reveal a different response for each type of decline. For example, when a card is declined due to an incorrect expiration date, a different response is given, so they know they just need to find the expiration date. This is generally done by bots, and transaction attempts happen quickly, in rapid succession. The data on the orders will often be identical, either all the data or just a subset of data — like the shipping address.

5. Account takeover fraud.
This occurs when fraudsters get hold of a legitimate customer’s login credentials and take advantage of stored credit cards to purchase goods. An update on the shipping address will usually occur shortly before purchase so the fraudster can retrieve the stolen goods.

6. Fraud via identity theft.
In this case, the fraudsters assumes another person’s identity, creates credit cards in the victim’s name and goes on a shopping spree. This type of fraud is increasing rapidly as the number and scope of data breaches increase. It is also the most difficult to identify as the fraudsters behind identity theft are quite sophisticated.

7. Friendly fraud, also called chargeback fraud.
An online shopper will make a purchase, then issue a chargeback, claiming their card was stolen. The chargeback usually occurs after the goods are delivered. This type of fraud is traditionally not carried out by hardcore criminals but rather by consumers who are clearly aware of what they are doing. This type of fraud is difficult to detect but can often be won via chargeback representing.

As we make more cashless payments for retail purchases, restaurants, and transportation – not to mention the increase in online shopping – wallets loaded with legal tender may become a thing of the past. According to 2018 research by BigCommerce, software vendor and Square payment processing solution provider, 51 percent of Americans think that online shopping is the best option. Last year, 1.66 billion people worldwide bought goods online. And the number of digital buyers is expected to exceed 2.14 billion.

Unfortunately, growing sales may mean not only greater revenue but also bigger losses due to fraud. For instance, 63 percent of businesses that participated in the 2018 Global Fraud and Identity Report by Experian claim to have the same or higher levels of such losses over the last year.

Fraud Investigation

Originally posted on Altexsoft.com. Read the article here.

Payments companies and retailers have a sobering forecast to ponder for online fraud. By 2023, global online fraud losses from e-commerce, airline ticketing, money transfer, and banking services will grow from $22 billion projected in 2018 to $48 billion, says Juniper Research in a new report.

Thanks to the proliferation of synthetic identities—when fragments of real identity information is used to create a new identity—and account takeovers, criminals are increasingly skirting anti-fraud measures retailers and payments companies use, Juniper says.

Fraud Prevention Image

Originally posted on Digital Transactions by Kevin Woodward. Read the rest of the article here.

Originally posted by CardNotPresent.com.

New research from the Minneapolis Fed indicates that retailers are more concerned with fraud in their online channels than any other kind of fraud. Across nearly every size business, Fighting Fraud in the E-Commerce Channel: A Merchant Study found that not only was CNP fraud considered their greatest threat, but half worry about their systems’ abilities to handle fraud as the nature of data breaches changes and attacks at the online account level increase. More than three-quarters of those polled expect increased attacks on their e-commerce channels in the next 6 to 12 months.

Read the full article here.

One of NoFraud’s partners, iTristan Media Group, asked our Director of Business Development to talk about the fraud landscape and how that impacts merchants. The recording can be found here.

Contribution from freelance writer Jenny Holt

According to the Association of Certified Fraud Examiners, a typical organization loses 5% of revenue every year to fraud. For businesses, online fraud typically manifests itself in the form of credit card fraud, identity theft, mobile phone transaction fraud, international purchasing fraud, phishing scams, and downloaded malware that collects credit card information from customers. To protect your business and customers from this very prevalent and increasing threat, take the following steps into consideration. (more…)

The ‘2016 American Express Digital Payments Security Survey’ reveals that 70% of merchants in the U.S. have seen sales conducted via digital channels rise in recent times.

However, the report reveals that sales could be much higher if it wasn’t for payment fraud. Overall, nearly half (48%) of online shoppers who have made a purchase online in the past twelve months – or about 80 million consumers – have experienced payment fraud. (more…)

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.