Russian Fraudsters Test Stolen Credit Cards Using Ecommerce Sites

Anti-fraud company Sift has discovered a Russian fraud ring using ecommerce marketplaces to verify stolen credit cards.

Criminals trade thousands of stolen credit card numbers every day, but verifying them is a challenge. They must ensure that the cards are still valid without raising issuers’ suspicions. In its Q2 2020 Digital Trust & Safety Index, Sift uncovered a Russian group nicknamed Bargain Bear that takes a novel approach to the problem.

After buying stolen credit card data on the dark web, Bargain Bear’s members created multiple fake product listings with a $99 price point. They then colluded, haggling down each other’s listings. Eventually the ‘negotiation’ would price the fake product at $1, which is the standard amount used to test the validity of a credit card.

At this point one fake user would ‘buy’ the reduced-price item from the fake seller using a stolen credit card, verifying that it was usable. They could then use the cards for higher-value purchases.

Colluding like this enabled the fraudsters to test the card while looking legitimate, dodging automated systems that look for suspicious payment patterns. However, Sift said that after noticing the group’s scam it reconfigured its service to spot similar practices. One giveaway might have been the fact that the criminals registered the fake buyers and sellers from the same IP addresses.

Bargain Bear demonstrates how fake content can facilitate payment fraud. This has been a particular problem during the COVID-19 crisis, it said. Sift gathered data from over 34,000 sites and apps using the service, along with a survey of over 1000 consumers conducted last month by research company Dynata.

It found a 109% year-on-year increase in content fraud in the first half of 2020, which it says was connected to the uncertainty and disruption caused by the pandemic. The company blocked the highest number of fraudulent content attempts across all verticals between January and May this year, with an especially big spike between April 4 and April 11.

The online ticketing and event business was hit the hardest even as it saw record drops in event volume. According to Sift’s research, 11.2% of user-generated content related to events and ticketing posted across its customers’ websites was fake, designed to extort money from victims.

The company’s fraud experts believe that scammers were trying to exploit home-bound consumers in need of entertainment with fake streaming concerts and other virtual events.

What’s Hot on Infosecurity Magazine?