An Inside Look at Dark Web Credit Card Fraud

IntSights and our friends over at Riskified teamed up to trace a fraud victim's actual credit card from when it was first stolen in 2014 to when the first rejected orders using that compromised card appeared in the Riskified system. All names and other sensitive information have been anonymized to ensure the cardholders' privacy. Although the fraud attempts were unsuccessful, in 2019 alone, the credentials were found in 44 new mentions across the dark web.

At 1:49 a.m. on the day before Thanksgiving in 2016, a cardholder named Joseph Tanner ordered a $100 digital gift card at a digital gift card marketplace we’ll call eCards. It was to be delivered to Kasper Gleason at his email address with a short message: “Hi.” Tanner paid for the item with a Bank of America Mastercard, the number ending in 2527 with a Webster, New York billing address.

Joseph placed the order through the Google Chrome web browser on his T-Mobile Android 6 phone, using a Seattle IP address. The same email address was used for both the sender and the recipient of the digital gift card, a common practice among those who prefer to print and hand-deliver the card details themselves. Perhaps Joseph, a New Yorker, was in Seattle for Thanksgiving doing last minute shopping as a surprise for his friend or relative, Kasper.

Neither was the case. Kasper Gleason was a fraudster using Tanner’s name, credit card number, and billing address to illegally buy the gift card. It’s been more than two years since Joseph Tanner’s name and card appeared in that first fraudulent order attempt in Riskified’s system, but these specific order details continue to have staying power. To this day we see fraudsters unsuccessfully use Tanner’s information across dozens of our merchants, sometimes multiple times per month. Just in 2019 alone, Tanner’s credentials were found in 44 new mentions across the dark web.

So how did Gleason – if that is his real name – first get his hands on Tanner’s personal information? How does someone steal your identity? How did Gleason’s personal information get circulated on the dark web? How did Gleason try to fool eCards into approving his order? What can retailers and merchants do to protect themselves from eCommerce fraud?

The story continues over on the Riskified blog.

Cyberattacks Against Retail and eCommerce Businesses Rise Astronomically

In a joint Retail & eCommerce Threat Landscape Report (October 2018) studying hundreds of thousands of online purchases, IntSights and Riskified found a 297% spike in the number of fake retail websites designed to phish for customer credentials from July to September in 2018 over the year prior. Cybercriminals are increasingly targeting retailers and their customers through digital social channels as retailers leverage those channels for increased revenue opportunities. Download the full report to go behind the scenes on eCommerce fraud, the underground stolen credentials economy, and the illicit credit card credentials trade.

Download Now

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.