• Latest

Influencer Insights: An Interview With Terbium Labs

June 16, 2022
Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud (Pt. 2)

February 22, 2023
Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

February 15, 2023
Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

February 7, 2023
Curbing emerging fraud types with network intelligence and data enrichment

Curbing emerging fraud types with network intelligence and data enrichment

January 31, 2023
Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud

January 10, 2023
How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

January 6, 2023
  • Contribute
  • Contact Us
  • About
  • Join Us
  • Advertise
Wednesday, March 29, 2023
Merchant Fraud Journal
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
Merchant Fraud Journal
No Result
View All Result

Influencer Insights: An Interview With Terbium Labs

by Bradley
June 16, 2022
in Articles, Influencer Insights

Terbium Labs is an information security company, made of an elite grouping of security professionals, that specializes in helping businesses protect their critical data via monitoring and breach detection. That focus includes monitoring the “Dark Web” – the part of the internet not indexed by search engines like Google – where cyber thieves lurk, trade tactics, and sell the fruits of their ill-gotten gains.

Terbium recently downloaded tens of thousands of illicit guides currently available on the dark web about how to commit eCommerce fraud. The result is a report that not only exposes the tactics fraudsters use, but gives merchants insight into what they can do to protect themselves.

Merchant Fraud Journal sat down with Emily Wilson, VP of Research at Terbium Labs, to talk about the report. Our conversation covered how fraudsters choose merchants to target, what data merchants should be aware of, and more.

1. First, thank you for creating an invaluable resource for the community. Every merchant should absolutely download it. After reading through tens of thousands of these guides, what would you say is the most important thing merchants should be doing to protect themselves from eCommerce fraud?

Merchants (and others in the chain) need to step back and take in the true scale of the problem. It’s easy to get caught up in the day to day transaction battle, and not appreciate the size of the force you’re fighting. There’s an entire criminal fraud economy thriving online in these dark web communities. Fraudulent transactions are not isolated incidents; they are the result of an established, intelligent, professionalized fraud community working off of billions of compromised credentials and payment accounts.

2. Keeping on that theme, the report mentions that vendors sometimes “mark” an organization as a target for fraud. What criteria do fraudsters use to make that designation? Short of going onto the dark web themselves, is there any way for merchants to find out if they are a target before it’s too late?

Fraudsters are in business to make money. The best way to make money is to go undetected in your fraud schemes and successfully cash out, which could either mean going after an organization with a less sophisticated security infrastructure, or going after an organization with high enough transaction volume that criminals could hope to blend in with legitimate users. Major retailers and big banks are particularly popular targets for large scale fraud schemes.

Data monitoring and detection should be the hallmark of any merchant’s full-spectrum security service – especially for those who are facing down increased regulations. How can a merchant know its information has been exposed if it is not proactively looking for that data externally? Merchants need to have a consistent, quantitative way to identify their existing data exposure, and to track that exposure over time. Historical context is key for determining increased risk.

At Terbium Labs, we help companies get ahead of the problem. Our data monitoring service is designed to detect sensitive corporate information, and identify listings for these types of guides so that merchants can take action.

3. Switching gears a bit to the data sources fraudsters use, the report makes a clear distinction between “personal” and “financial” data. Can you talk a little bit about what that distinction means, and how merchants should be using it to inform their fraud prevention strategies?

This is a great question – the line between person and financial data can be a bit blurry, especially since criminals have access to resources to turn personal data into financial data (e.g., using a stolen identity to open a new account or cash out on a line of credit), or to turn financial data into personal data (e.g., using the initial cardholder information as a jumping off point to commit broader identity theft).

For the purposes of the report, we identified financial data as any kind of payment information or account – a payment card, a payment processing account like Paypal or Venmo – and identified personal information as anything uniquely linked to an individual – an email address, a Social Security Number, or a password.

Recognizing the broad utility of compromised information can help merchants better understand the scale of the problem. Payment card information isn’t strictly financial information – the cardholder data can be as useful as the payment data.

4. The percentage of fraudsters targeting personal credit card data is shocking. Can you talk a little bit about why that is the case, and what merchants can look out for when reviewing orders for fraud?

Payment card information – credit cards in particular – is the most immediately valuable data to fraudsters. The end game of any fraud scheme is to profit. Payment cards provide an immediate cash out benefit, and credit cards carry fewer restrictions than debit cards. I’ll continue to drive home the importance of merchants getting a true sense of scale here – the dark web is home to scores of carding markets, selling tens of millions of stolen payment cards from around the world. Fraudsters will try to blend in with legitimate orders, and they have a lot of resources at their disposal to try, try, and try again.

5. Data theft is often thought of as a means to steal merchandise or services, but Account Takeover Fraud (ATO) — which targets a merchants cash flow directory — is on the rise. The need to protect corporate data is well known, but what did your research show are some of the most common ways fraudsters use to get at it? Is there any way for merchants to counter these tactics?

Basic security hygiene. I can hear the groans now, but hear me out – most attacks aren’t heroic efforts using flashy malware and sexy 0-days. Motivated and well-resourced groups exist, and we hear about their extensive campaigns. Those are the big players. In the meantime, the rest of the fraud community is working with what they have available – which is the information that comes from the large scale data compromise we hear about every day.

Email addresses are powerful, especially when a fraudster only has to plug them into a large scale phishing campaign and hope for the best. Constant password re-use means that once someone gains access to a single account, they actually have runway to access dozens of accounts – a compromised Twitter password can lead to an exposed bank account or retail account. Employees who use the same (or similar) passwords between corporate accounts and personal accounts only increase this risk.

For the everyday criminal, there’s no reason to go to heroics when you can make so much headway just going after the low-hanging fruit. All the more reason merchants need to have a clear sense of their employee and executive data exposure, and proactively track the appearance of clusters of customer data in the criminal underground. Even if it’s not your breach, it might still be your problem – merchants face the fallout from third party security issues more than most, because they bear the burden of the end-run transaction if their customer accounts get exposed.

6. The report mentions peak seasonal shopping periods as a time fraudsters like to try and “blend in with legitimate buyers”. Did you find a preference for any specific kind of attack to accomplish this that merchants can be on the lookout for?

It’s exactly that – criminals try to blend in with legitimate transactions by making what appear to be legitimate transactions. It’s a matter of hiding in plain sight. They turn to these peak shopping days, especially between Black Friday and the end of the year, because that window contains atypical transactions that make it difficult to identify fraudulent activity. The average consumer wouldn’t normally place five orders from the same store and ship them to three different addresses in the same afternoon during the rest of the year, but in the peak of the December shopping season that behavior becomes easier to explain. Fraudsters know that, and they use that to their advantage.

In the same way that fraudsters use industry information – like peak shopping days – to expand their fraud schemes, organizations can use fraud guides to bolster their security efforts. This report contains critical information to help merchants understand the tactics and techniques cyber criminals use to bypass controls and create scalable fraud operations, and provides context about how fraud guides fit into the broader underground fraud economy.

Terbium Labs helps organizations proactively identify sensitive information on the dark web, like the guides covered in this report. In the current state of security, defense is necessary, but it is no longer sufficient – proactive efforts to detect compromised information and corporate data are crucial in building a comprehensive security strategy.

To learn more about how Terbium Labs tracks data exposure on the dark web, visit https://terbiumlabs.com.


Emily Wilson, VP of Research

Emily Wilson is the VP of Research at Terbium Labs, a dark web intelligence company. Emily directs Terbium’s strategic research programs, where she focuses on the dark web, the criminal economy for personal information and payment data, and the increasing overlap between fraud and cyber-crime. Prior to her current role, Emily served as Director of Analysis at Terbium Labs, where she managed Terbium’s operational analysis team in identifying and investigating sensitive client data on the dark web. Emily is a Certified Fraud Examiner, a regular guest on industry shows like The Cyberwire Podcast, and frequently speaks at conferences, industry events, and trainings.

Tags: Account Takeover Fraudecommerce fraud solutionsInfluencer Insights
ShareTweetShareSend
Previous Post

McDonald’s App Hacked In $2,000 ATO Fraud Attack

Next Post

IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services

Next Post
How to Create an Omnichannel Fraud Prevention Strategy

IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services

Our Latest Reports

2022 Chargeback Consumer Survey Report

Fraud Prevention Tactics that Enable Exceptional Customer Experience

Addressing Payment Fraud and The Customer Experience in 2022

2022 Fraud Trends Report

ATO Fraud In Retail Report

2022 Customer Experience Report

3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue

Digital Trust And Safety Report: Combating the Evolving Complexities of Payment Fraud

On-Demand Webinars

Balancing Customer Experience and Fraud Prevention: What’s the Secret?

Stopping Fraud Across the Customer Lifecycle

Addressing Payment Fraud and the Customer Experience in 2022

 

Get the 2023 Fraud Trends Report

Search Our Site

No Result
View All Result

Our Sponsors

Featured Directory Listings

  • logo
    NoFraud
  • SEON. Fraud Fighters
  • sift logo
    Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Our Sponsors

Fraud Industry News

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023

Connect With Us

Quick Navigation

  • Home
  • News
  • Join Us
  • About Us
  • Contact Us
  • Advertise
  • Contribute
  • Privacy Policy

The Payments Media Network

Merchant Fraud Journal
Payments Review

Privacy Policy

Our Privacy Policy
Our Terms of Use

Resources

  • Articles
  • eCommerce Fraud Reports
  • eCommerce Fraud Webinars
  • Training and Certifications
  • Jobs Board
  • Associations and Non-Profits
  • Podcasts
  • Vendor Directory

Popular Posts

  • How to File a Claim With FedEx + What To Do If Claim is Denied

    How to File a Claim With FedEx + What To Do If Claim is Denied

    0 shares
    Share 0 Tweet 0
  • How Does Two-Factor Authentication (2FA) Work?

    0 shares
    Share 0 Tweet 0
  • Top eCommerce Fraud Prevention Companies

    0 shares
    Share 0 Tweet 0
  • The Best Reverse Email Lookup Tools in 2022 (with pricing)

    0 shares
    Share 0 Tweet 0

Featured Vendors

  • NoFraud
  • SEON. Fraud Fighters
  • Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Download the 2023 Fraud Trends Report

No Result
View All Result
  • About Merchant Fraud Journal
    • Interested in Contributing or Guest Posting to Merchant Fraud Journal?
  • Advertise on Merchant Fraud Journal
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Contact Us
  • Download Addressing Payment Fraud and Customer Experience Report
  • Download Chargebacks Consumer Survey Report 2022
  • Download Evolving Complexities of Payment Fraud Report
  • Download Fraud Prevention Tactics that Enable Exceptional Customer Experiences Report
  • Download Merchant Fraud Journal 2023 Fraud Trends Report
  • Download the 2020 Chargeback and Representment Report
  • Download the 2020 Merchant Fraud Journal Vendor Guide
  • Download the 2021 Fraud Trends Report
  • Download the 2022 Fraud Trends Report
  • Download the 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue Report
  • Download the MFJ 2022 Customer Experience Report
  • Download the MFJ ATO in Retail Report
  • Home
  • Job Dashboard
  • Join The Merchant Fraud Journal Community
  • Merchant Fraud Journal Advertising Agreement
  • MFJ Fraud Trends Report Giveaway
  • News
  • Post a Job
  • Privacy Policy
  • Resources
    • 2020 Chargeback Representment Guide for Merchants
    • 2020 Vendor Guide
    • 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue
    • Addressing Payment Fraud and the Customer Experience in 2022
    • Associations and Non-Profits
    • ATO Fraud In Retail Report
    • Balancing Customer Experience and Fraud Prevention: What’s the Secret?
    • Chargebacks Consumer Survey Report 2022
    • Digital Trust & Safety: Combating the Evolving Complexities of Payment Fraud
    • eCommerce Fraud Reports
    • eCommerce Fraud Webinars
    • Fraud Prevention Tactics that Enable Exceptional Customer Experiences
    • Fraud Prevention Training and Certifications
    • How to Build a Recession Proof Chargeback Prevention Strategy
    • How to Stop Fraud During the 2022 Holiday Season
    • Jobs Board
    • Merchant Fraud Journal 2023 Fraud Trends Report
    • Merchant Fraud Journal’s Fraud Trends 2020 Report
    • Merchant Fraud Journal’s Fraud Trends 2021 Report
    • Merchant Fraud Journal’s Fraud Trends 2022 Report
    • MFJ’s 2022 Customer Experience Report
    • Podcasts
    • Prevent High-Velocity Fraud Attacks During the 2021 Holiday Season
    • Stopping Fraud Across the Customer Lifecycle
    • Vendor Directory
    • Webinar – Addressing Payment Fraud and the Customer Experience in 2022
    • Webinar – Mitigating Fraud and Risk on the ACH Network
    • Win January Chargeback Disputes
  • Subscribed
  • Terms and Conditions

© 2021 Payments Media Solutions Canada Inc.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?