Menu
Cybercriminals create platform for automating rogue credit card charges

Cybercriminals create platform for automating rogue credit card charges

The developers claim it can emulate human interaction to trick payment gateways

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

A Web-based application called the Voxis Platform is being advertised on underground forums as a tool for cashing out money from stolen credit cards by automating fraudulent purchases, according to security researchers from cybercrime intelligence firm IntelCrawler.

There are three main parties involved in every online transaction: the buyer, the seller and a payment processing provider that operates a payment gateway. In order to receive money from transactions, the seller needs to have a merchant account registered with the payment gateway.

Cybercriminals can steal merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. Their main problem, however, is racking up a large number of fraudulent charges before they're detected and their merchant accounts get closed, the IntelCrawler researchers said in a blog post.

The Voxis Platform appears to have been designed specifically to overcome that problem. Its creators claim that it supports 32 different payment gateways and has the ability to emulate human interaction "to make it look like real humans are sending their credit card information to the payment gateways."

The platform started being advertised on underground forums in August and allows cybercriminals to charge predetermined amounts from credit cards loaded into the system at chosen time intervals, emulating real purchases. It even uses people search services like Pipl.com to automatically fill in missing card information.

The large payment card breaches at U.S. retailers like Target and Home Depot have generated demand on the underground market for ways to quickly monetize stolen credit card information. This has led cybercriminal groups to pool their resources in order to build tools like the Voxis Platform, the IntelCrawler researchers said. E-commerce companies and payment gateway operators should revise their merchant account verification practices and fraud-detection methods in light of such changes in cybercriminal toolsets, they said.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags IntelCrawlersecurityIdentity fraud / theftfraud

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments