Text Size:


How Malicious E-Commerce Code Translates Into a Payments-Fraud Bounty
July 12, 2017

By Kevin Woodward

Researchers at cybersecurity firm RiskIQ Inc. have detailed one way criminals transform stolen payment card data from e-commerce sites into money.

In a report released Wednesday, San Francisco-based RiskIQ examined how data stolen with Magecart, a bit of malicious code that logs keystrokes consumers make when using certain shopping-cart software, is sold online and then turned into cash for the criminals.

Criminals increasingly have turned to online card transactions as their abilities to use counterfeit cards at the point of sale lessens because of the U.S. migration to EMV chip cards.

While tracking a new version of Magecart, RiskIQ uncovered the physical-world operations of these fraudsters. They cashed in on the data by reshipping items purchased with stolen cards via a physical reshipping company operating with mules in the United States. Mules are often unsuspecting individuals hired to transport something for a criminal.

By examining a variety of data, RiskIQ researchers spotted the trafficanalyzer.biz Web site, which revealed Internet protocol addresses for other sites the company calls “nothing but bad news."

This find ultimately unveiled a domain labeled USLogisticExpress.com, a reshipping site that included recruitment pages for U.S.-based residents to help out as mules. It contained advertisements for use on job sites.

“The jobs are, in fact, fraudulent employment offers designed to lure jobseekers into working as reshipment mules to aid with cashing out stolen payment cards,” the report says. “U.S.-based citizens are recruited under false pretense as ‘transport agents’ and receive shipments of electronics or other goods of all kinds which they are asked to ship to a different address in Eastern Europe.”

The goods, of course, are purchased with credit card credentials stolen with Magecart during the checkout process at compromised e-retailers.

Two-factor authentication procedures for payments can reduce the fraud potential for merchants, says Yonathan Klijnsma, a RiskIQ threat researcher. “While it may seem very frustrating for consumers to have additional payment steps, it will save them from fraud for threats like Magecart,” Klijnsma says in an email. “Having an external device like a phone generate or receive [transaction authentication number] codes needed to approve a transaction makes it impossible for the Magecart skimmers to use their stolen card data.”

Merchants can help themselves, he notes. “A lot of the Magecart-compromised e-commerce websites are simply outdated and compromised using automated tooling.”

Setting Web-site security standards, along with penalties for noncompliance, would force merchants to maintain updated e-commerce technology, Klijnsma says.

Share |


Read Digital Transactions Online
read more