Menu
Cybercriminals create platform for automating rogue credit card charges

Cybercriminals create platform for automating rogue credit card charges

The developers claim it can emulate human interaction to trick payment gateways

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

A Web-based application called the Voxis Platform is being advertised on underground forums as a tool for cashing out money from stolen credit cards by automating fraudulent purchases, according to security researchers from cybercrime intelligence firm IntelCrawler.

There are three main parties involved in every online transaction: the buyer, the seller and a payment processing provider that operates a payment gateway. In order to receive money from transactions, the seller needs to have a merchant account registered with the payment gateway.

Cybercriminals can steal merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. Their main problem, however, is racking up a large number of fraudulent charges before they're detected and their merchant accounts get closed, the IntelCrawler researchers said in a blog post.

The Voxis Platform appears to have been designed specifically to overcome that problem. Its creators claim that it supports 32 different payment gateways and has the ability to emulate human interaction "to make it look like real humans are sending their credit card information to the payment gateways."

The platform started being advertised on underground forums in August and allows cybercriminals to charge predetermined amounts from credit cards loaded into the system at chosen time intervals, emulating real purchases. It even uses people search services like Pipl.com to automatically fill in missing card information.

The large payment card breaches at U.S. retailers like Target and Home Depot have generated demand on the underground market for ways to quickly monetize stolen credit card information. This has led cybercriminal groups to pool their resources in order to build tools like the Voxis Platform, the IntelCrawler researchers said. E-commerce companies and payment gateway operators should revise their merchant account verification practices and fraud-detection methods in light of such changes in cybercriminal toolsets, they said.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityfraudIdentity fraud / theftIntelCrawler

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments