Credit card fraud has advanced to undetectable levels in major financial institutions over the past 20 years. Well-coordinated bad actors infiltrate financial institutions’ systems using credit cards, aiming to fraudulently acquire funds generated from digital transactions.
How does credit fraud occur? What vulnerabilities are exploited? What role does personal data play in credit fraud?
Here’s a breakdown of the steps a credit card fraudster takes when executing credit card fraud:
- Personal Information Acquisition
- Execution of fraud
- Covering their tracks
Personal Information Acquisition
A credit card fraudster or if you were to call them by their street brand name, a carder, starts with the end-goal in mind. “This is my target and I want this from them”. Then the carder starts assessing the risks. Well you don’t want to end up in jail, so you have to ensure that the fraud won’t be tracked back to you, or make it hard and/or expensive to do so. This is operational security(op-sec).
First a fraudster will buy credit card information from vendors in the dark-market. The sale of personal information is illegal so don’t expect this to be done overtly on the internet, clear-net I should say. The internet that everyone knows about. The credit card information may also include email addresses, physical addresses, phone numbers, as well as answers to security questions. This more detailed information costs more than just credit card numbers. This information is gotten by social engineering you into giving it out, exfiltrating this info from companies that have it e.g banks, shopping stores, rogue employees selling this info to make a quick buck among others.
Execution of Fraud
Next the carder will try to use your information to make purchases which they’ll sell to make some money or use your information to apply for credit card loans. Let us focus on the latter.
Now, applying for credit card loans with your information from a random location on earth will raise flags with your bank. Here’s where it gets interesting. Carders will use Virtual Private Network (VPN) services to disguise their location as your(victim of stolen information) own.
Banks also have ways of recognising browsers and laptops that are making suspicious activities, so carders will employ software that makes it hard to detect this activity such as special