GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

A roadmap to GS Online

News

Industry Update

The PA DSS deadline looms

Global anti-fraud tool on the horizon

First Data charts the rise of fraud as a service

Feedback from CAPP exercise proves informative

Features

Guiding merchants toward honest processing partners

Research Rundown

Selling Prepaid

Prepaid in brief

Prepaid's relevancy for mass transit reaffirmed

Perspective on the 'gift' economy

Thom Aldredge
World Gift Card

Views

Could the future of micropayments be Square?

Patti Murphy
The Takoma Group

Margin compression: What's goin' on?

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
What does a merchant get for a PCI fee? - Part 2

Ken Musante
Eureka Payments LLC

Beyond professional courtesy

Dale S. Laszig
Castles Technology Co. Ltd.

Succeeding at PCI compliance - Part 2: Executing an effective pilot program

Dawn M. Martinez
First Data Corp.

Training to go global

Caroline Hometh
Payvision

Eight keys to a great first impression

Nicholas Cucci
Network Merchants Inc.

Company Profile

Retail Cloud

New Products

Check guarantee on the go

EZVerify
EZCheck

Easy to use, hosted gateway

Fusebox
Elavon Inc.

Inspiration

Dig for gold, revisit your portfolio

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

June 28, 2010  •  Issue 10:06:02

previous next

First Data charts the rise of fraud as a service

A new First Data Corp. white paper reports that cybercriminals have adopted their own form of software as a service (SaaS). It's called fraud as a service (FaaS), which uses the same online infrastructure as SaaS to more efficiently perpetrate fraud schemes.

In Fraud Trends in 2010: Top Threats From a Growing Underground Economy, Rick Van Luvender, Director of the First Data InfoSec Incident Response Center, wrote that fraudsters have exploited business tools - the Internet chief among them - to "gain access to a wide range of applications while offloading the need to have knowledge of, expertise in or control over the technology infrastructure that supports them."

Central to FaaS are online fraud forums through which individuals and organizations exchange information and buy and sell stolen wares, such as card numbers. To increase online traffic, forums often "offer tutorials, how-to guides or even specialized venues for goods from specific countries or regions," Van Luvender wrote.

The forums provide access to fraudsters who specialize in designing software applications for Trojan and phishing scams, for example. Furthermore, the forums facilitate the "cash-out" process after data has been stolen.

On a commission basis, contractors known as cashiers and money mules utilize electronic money transfers to drain the accounts and convert the funds into legitimate currency, the white paper said. These contractors also help validate customer verification value numbers against corresponding credit card numbers, for a fee.

Into the cyber underground

Fraud continues to grow, according to the white paper. Citing the 2009 Verizon Business Data Breach Investigations Report, First Data's InfoSec said 285 million consumer records were compromised in 2008, more than the previous four years combined.

Credit card numbers remain the most popular stolen item, according to the white paper. Stolen card numbers sell for between 10 cents and $25 per card, with discounts offered for bulk purchases. The average stolen credit card has a credit limit of $4,000, the report stated.

The report listed the top 10 fraud trends. They are:

  1. Malware attacks
  2. Phishing and other types of social engineering scams
  3. ATM skimming
  4. Structured Query Language (SQL) injections
  5. Counterfeiting outside the Europay/Mastercard/Visa security standard zone
  6. Insider fraud
  7. Money mules
  8. Avatar/virtual criminal markets (online role playing games, social networking)
  9. Supply-and-demand black markets
  10. Creative money laundering schemes

Navigating the threat landscape

InfoSec advised payments industry constituents, as well as merchants and consumers, to more fully understand how fraudsters operate, specifically in new media environments like social networking site Facebook, in order to mitigate risks and recognize attacks before they inflict severe damage on businesses and individuals.

"Understanding the nature of both data theft and the conversion of stolen data into cash can help organizations of all types better anticipate where criminals may exploit the system, so they can put appropriate preventive measures in place," the whiter paper said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems