A report from Europol states that payment card fraud is a low-risk and highly profitable criminal activity that brings EU-based organized crime groups a yearly income of around 1.5 billion euros. These criminal assets can be invested in further developing criminal techniques, used to finance other criminal activities, or even facilitate the start-up of legal businesses.
Payment card data is the ideal illicit Internet commodity, as it is internationally transferable. Europol, in its report on Internet-facilitated organized crime (iOCTA), concluded that organized crime groups (OCGs) clearly benefit from globalization, using foreign payment card data to purchase goods and services online. Credit card information and bank account credentials are the most advertised goods on the underground economy’s servers; according to Europol’s intelligence, around 60 percent of payment card fraud losses, totaling 900 million euros, were caused by card-not-present (CNP) fraud in 2011.
Within the major card-not-present fraud investigations supported by Europol, the main sources of illegal data were data breaches, often facilitated by insiders and malicious software. In most of these cases, the quantity of compromised card details was substantial, reaching hundreds of thousands or millions, and enabling criminals to sell the data in bulk on tonline.
In the US, the FFIEC updated the security requirements recommended for banks. One of the recommendations encourages financial institutions to employ complex device identification. Oregon-based security firm iovation goes a step further by offering device reputation technology, which builds on device identification by offering real-time risk assessments. The technology exposes any history of fraud associated with a particular device or group of devices, and investigates relationships between devices and accounts that have been associated with fraud to expose fraudsters working in cahoots to steal from online businesses.
Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.