Fraudsters increased ecommerce fraud attacks in the travel industry during the pandemic. Carding fraud resources have grown, but fraud can be prevented.
.png)
Mangopay has observed that fraudsters increased ecommerce fraud attacks on travel industry businesses during the pandemic, a trend that has persisted and is expected to continue into the future. We also noticed an expansion in the availability of 'carding' resources. This points to a direct connection between the content of fraudster tutorials and the types of scams that are perpetrated. So we’ll define the jargon used in an actual carding tutorial from a darknet criminal forum, shedding light on fraud in the travel industry.
The growth of eCommerce fraud in the travel industry
Travel has been a favorite target of fraudsters for some time now, and its popularity didn’t decline during the COVID-19 pandemic. We observed that fraud in the travel industry increased during the pandemic. The relevant metric is called '% of transaction attempts with signals triggered'. Even with decreased overall transaction volume, the traffic with signals has almost doubled.
A signal is an observation regarding a user session that has inherently negative/suspicious characteristics and a clear interpretation (e.g., 'Virtual Machine', 'User-Agent spoofing', 'Tor Network'). Mangopay is currently able to identify almost 100 signals, and the list is growing.
Mangopay has also noticed an expansion in the availability of carding resources. Carding isn’t the most sophisticated fraud, but it has become so much easier to get into, even for casual newbies, thanks to widely available tutorials on the Darknet, the Clearnet, and even YouTube. Carding used to be restricted to dedicated practitioners and devotees of the dark web, but in the last year, the pool of users has grown. The bottom line is that carding has become productized, consumerized, and even commodified, allowing the emergence of a new breed of 'casual carder'.
Today we’re going to look at an example of a carding tutorial - step-by-step instructions on how to use stolen credit card information to buy goods and services. We have found that the study of fraudster tutorials pays off rather quickly. there is a pretty clear connection between what is taught in tutorials posted to carder forums and the fraud techniques that are actually used to attack businesses in the subsequent months.
What is carding fraud?
Carding is a process of using stolen credit cards to make a purchase. Fraudsters who use this technique are called carders. There are two different types of carding: real and virtual. In the first one, the carder uses a forged credit card – a plastic card with loaded data from a stolen credit card. This fraud is also called in-store carding. The second type of carding is a virtual one and doesn’t require a physical item but just its data: number, validation date, and security code. Virtual carding is easier than in-store for several reasons:
- everything is done online
- the carder can card shops from all around the world
- no special equipment is needed to load data on physical credit cards
- less risk -- when something goes wrong with the transaction, it is only canceled, and the card is burned
Fraudsters increasingly prefer virtual carding to the in-store variety. It is the virtual form of carding that concerns us here today.
A sample flight carding fraud tutorial for beginners
Let’s take a look at an airline/flight carding tutorial. We spotted it in a dark web forum for criminals and blanked out a few things because although we want to discuss carding tutorials, we don’t necessarily want to provide a complete tutorial.
Let’s define the jargon that is used in the tutorial.
Vbv stands for 'verified by Visa.' A related term is “mscs,” which means “MasterCard Secure.” Fraudsters never use the phrase '3D security' for that type of payment protection. They always use the acronym “mscs” for Mastercards or “vbv” for Visa cards. One of the basic characteristics of stolen credit cards sold on the dark web is the piece of information about whether the given card is vbv/mscs or is no-vbv/mscs. The presence or absence of such protection changes the carder’s tactics in card usage. Carding with mscs or vbv requires much more knowledge and effort, while no-vbv and no-mscs are much easier in carding.
So 'buy a good cc non vbv' means purchasing stolen credit card information from a “vendor” that sells individual credit cards and batches on the darknet or Clearnet. Forums have lists of such vendors, or a newbie can just turn to Twitter, Telegram, or Discord, to find others.
The tutorial also recommends “Use ccleaner.” CCleaner is a helpful (and legal) tool for carders to clear their browsing history, cookies, temp files, etc. It isn’t some exclusive tool for online criminals (although there are a number of those available)... It’s actually widely available to consumers. According to the CCleaner website, 'Advertisers and websites track your behavior online with cookies that stay on your computer. CCleaner erases your browser search history and cookies so any internet browsing you do stays confidential and your identity remains anonymous.'
Another tool mentioned in the tutorial is 'MAC address changer.' MAC stands for Media Access Control. It is the unique address of every Network Interface Card or Controller (NIC). A MAC address changer allows you to change the MAC address of an NIC instantly. You can see why this would be useful to carders who are trying to cover their tracks. The NIC allows computers to communicate over a computer network, either by using cables or wirelessly. The NIC is both a physical layer and data link layer device, as it provides physical access to a networking medium and, for IEEE 802 and similar networks, provides a low-level addressing system through the use of MAC addresses that are uniquely assigned to network interfaces.
Carding fraud tutorial takeaways
- The tutorial tells the user to 'First like.' We are constantly surprised by how out in the open a lot of fraudsters operate, even on Clearnet social media platforms. They don’t hide in the shadows; these “vendors” sell stolen credit card numbers and accounts (for ATO) openly and compete for “likes.”
- Carding is pretty straightforward. The “tools” for carding are easy to acquire.
- There are good reasons why carding grows in popularity: COVID led to sharp growth in ecommerce activity. A lot of first-time internet users started to make big purchases online during 2020. There are a lot of newbie carders out there due to economic hardships brought on by the pandemic. Buying goods and services for a fraction of the price becomes much more attractive during difficult times.
- Fraudsters are open with their tutorials and methods. It's a big sharing community, but of course the quality of the tutorials differs.
- Fraudsters know your company’s security holes better than you do in some cases, and they share the information with others.
