Menu
Cybercriminals create platform for automating rogue credit card charges

Cybercriminals create platform for automating rogue credit card charges

The developers claim it can emulate human interaction to trick payment gateways

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

A Web-based application called the Voxis Platform is being advertised on underground forums as a tool for cashing out money from stolen credit cards by automating fraudulent purchases, according to security researchers from cybercrime intelligence firm IntelCrawler.

There are three main parties involved in every online transaction: the buyer, the seller and a payment processing provider that operates a payment gateway. In order to receive money from transactions, the seller needs to have a merchant account registered with the payment gateway.

Cybercriminals can steal merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. Their main problem, however, is racking up a large number of fraudulent charges before they're detected and their merchant accounts get closed, the IntelCrawler researchers said in a blog post.

The Voxis Platform appears to have been designed specifically to overcome that problem. Its creators claim that it supports 32 different payment gateways and has the ability to emulate human interaction "to make it look like real humans are sending their credit card information to the payment gateways."

The platform started being advertised on underground forums in August and allows cybercriminals to charge predetermined amounts from credit cards loaded into the system at chosen time intervals, emulating real purchases. It even uses people search services like Pipl.com to automatically fill in missing card information.

The large payment card breaches at U.S. retailers like Target and Home Depot have generated demand on the underground market for ways to quickly monetize stolen credit card information. This has led cybercriminal groups to pool their resources in order to build tools like the Voxis Platform, the IntelCrawler researchers said. E-commerce companies and payment gateway operators should revise their merchant account verification practices and fraud-detection methods in light of such changes in cybercriminal toolsets, they said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudIdentity fraud / theftIntelCrawler

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments