NuData, a solution that uses device intelligence, behavioral analytics, passive biometric verification, and a behavioral trust consortium to identify eCommerce fraud risk, released a report: The New Criminal Toolbox.
The report provides merchants with an overview of ‘off-the-shelf’ tools online fraudster use, which it terms ‘crimeware’. It highlights three main areas of attack — infection, data theft, and monetization — and emphasizes how criminal eCommerce fraud markets (like the dark web) make it easy to acquire these technologies.
“With relatively mature criminal markets, fraudsters do not need to complete this entire process on their own,” the report says. “Many rings will jump straight to the final stage, buying stolen credentials in bulk from other groups that were able to exfiltrate the information from compromised devices. Even malware operators will contract with groups that achieved the initial infection and now sell the ability to install malware through their dropper services.”
Overall, the 20 page report focuses on these tools to answer three primary questions:
- What types of tools cybercriminals have available off the shelf to steal victims’ data while concealing their own identity.
- How tools like trojans, emulation, and formjacking have evolved to keep pace with eCommerce fraud solutions.
- How financial institutions should adapt their fraud controls to address current and emerging threats.
The report also breaks down eCommerce fraud and shows merchants the full progression of events a fraudster goes through to successfully complete a crime. It’s a kind of journey from hell for merchants — an account of not only the technology in isolation, but a reveal of how easy it is for anyone to be at successful eCommerce fraud operations.
Taking each of the three sections in turn, it shows how technologies assist fraudsters in identifying victims through things like phishing kits, exploiting their data through trojans and other malware, before finally providing monetization possibilities via ‘concealment tech’.
Finally, the report gives some advice for merchants on how they can best counteract these technologies and prevent fraud and theft from their own organizations.