Credit card fraudsters trained with sophisticated e-Learning
You can take an online course in almost anything these days: cookery, Excel, painting, how to be a cyber criminal, pottery, horticulture …
Wait a second, go back a bit. How to be a cyber criminal? There’s a course for that?
Yes. It’s a professional industry these days and like all professional industries it has training requirements. According to research by computer security firm Digital Shadows, Cyber-Fagins are training a generation of Cyber-Artful Dodgers in digital pocket-picking via online courses, and they are getting more sophisticated at it. Apprentice crooks can buy access to a structured 6-week course with live webinars and tutorials on stealing from people’s credit cards, updated to keep up with the latest developments in card fraud security and how to slither past it. It comes out of Russia (and is in Russian, with explicit instructions not to target Russians but those living in wealthy western countries instead).
According to figures in the report from Digital Shadows, $24bn will be lost to payment card fraud by the end of 2018, and that figure is set to grow thanks to the industrialisation of professional card fraud training due to the ever-growing amount of money people are spending online.
There is a whole ecosystem of credit card fraud that includes the following players:
- Data harvesters. They intercept cardholders’ information via skimming devices, point of sale malware, phishing, breached databases and botnets.
- Distributors. They buy data from harvesters, repackage it and sell it on for a big profit and at relatively low risk to themselves.
- Payment card fraudsters. They carry out the fraudulent transactions that actually generate cash. They are generally low-brow crims and probably the biggest customers for the kind of online training this article is about. The risk they take is relatively high.
- Monetizers. They operate in a multitude of ways but basically ‘cash out’ the fraud, for example by reshipping fraudulently-purchased goods. They are often unwitting individuals being duped by fraudsters into shipping goods to fictitious companies and other activities.
This network commits fraud via the following steps:
- Learn the latest techniques. This is where the 6-week course comes in.
- Buy payment card details through sites called AVCs (Automated Vending Carts), which let criminals sell stolen data quickly and anonymously.
- Commit payment card fraud and cash out by a variety of techniques.
"The barriers for cybercrime just keep getting lower. Sophisticated criminals act at a higher tier, but it just gets easier and easier for people to get it. This low barrier of entry is bad for consumers, bank for banks, bad for card brands," says Rick Holland, VP of Strategy at Digital Shadows.
"This is just going to continue to grow, it's still going to be a big threat for retailers and financial services for some time to come."