Menu
Cybercriminals create platform for automating rogue credit card charges

Cybercriminals create platform for automating rogue credit card charges

The developers claim it can emulate human interaction to trick payment gateways

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

A Web-based application called the Voxis Platform is being advertised on underground forums as a tool for cashing out money from stolen credit cards by automating fraudulent purchases, according to security researchers from cybercrime intelligence firm IntelCrawler.

There are three main parties involved in every online transaction: the buyer, the seller and a payment processing provider that operates a payment gateway. In order to receive money from transactions, the seller needs to have a merchant account registered with the payment gateway.

Cybercriminals can steal merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. Their main problem, however, is racking up a large number of fraudulent charges before they're detected and their merchant accounts get closed, the IntelCrawler researchers said in a blog post.

The Voxis Platform appears to have been designed specifically to overcome that problem. Its creators claim that it supports 32 different payment gateways and has the ability to emulate human interaction "to make it look like real humans are sending their credit card information to the payment gateways."

The platform started being advertised on underground forums in August and allows cybercriminals to charge predetermined amounts from credit cards loaded into the system at chosen time intervals, emulating real purchases. It even uses people search services like Pipl.com to automatically fill in missing card information.

The large payment card breaches at U.S. retailers like Target and Home Depot have generated demand on the underground market for ways to quickly monetize stolen credit card information. This has led cybercriminal groups to pool their resources in order to build tools like the Voxis Platform, the IntelCrawler researchers said. E-commerce companies and payment gateway operators should revise their merchant account verification practices and fraud-detection methods in light of such changes in cybercriminal toolsets, they said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityfraudIdentity fraud / theftIntelCrawler

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments