X hits on this document

PDF document

Symantec enterpriSe Security - page 74 / 97





74 / 97


Symantec Global internet Security threat report

Another contributing factor for the drop in the percentage of advertisements for credit card information may have been the increase in advertisements for credit card dumps; these increased in rank from 13th in 2008 to seventh in 2009. While credit card information includes things such as the credit card number, expiry date, and account holder name, a credit card dump is an exact copy of the encoded data contained in the magnetic stripe on a credit card.193 the dump data can be written to the magnetic stripes of counterfeit credit cards and then the duplicates can be used as though they were the original card.

the drop in percentage may also be related to credit card companies, credit card issuers, and banks taking more secure precautions to verify and authenticate users. Multi-level security systems for card-present transactions (such as EMV chip-based cards) can make it more difficult for criminals to obtain and use financial information.194 these technologies are being increasingly implemented as more companies opt for compliance with new security standards. As the usage of this technology grows, criminals may resort to other means of making fraudulent transactions.

Stolen credit card information can be quickly and easily used to purchase goods online because, often, only minimal credit card information is required for online purchases. in addition to physical goods purchased online for subsequent delivery, criminals can purchase digital goods such as domain registrations, music, software, and gift certificates for online stores, which they receive immediately. Someone with sufficient knowledge could make many transactions with a stolen card before the suspicious activity is detected and the card is suspended. However, there is a chance that the activity will be detected and if this happens before physical goods are shipped, the fraudulent transaction will have failed. Additionally, a shipping address must be provided for physical goods, which may help law enforcement agents in locating the criminal. However, criminals often obfuscate their connections to fraudulent online transactions by having the purchased goods delivered to the address of an intermediary (referred to as a mule or a drop) who then ships the goods to the criminal.195

Aside from the shipping address, these mules may have no obvious ties to the initial transaction and are often unaware that they are facilitating illegal transactions and money laundering. the service of mules is even advertised on underground economy servers by scammers who have deceived unsuspecting people into carrying out a seemingly legitimate job.

Scammers acquire mules by attracting unsuspecting victims with work-from-home job opportunities advertised in the guise of legitimate employment. the job requires the mule to receive packages at a personal address or a post box that they set up on the scammer’s behalf. the mule then resends the packages to addresses specified by the scammer. the mule is typically required to pay for any set-up costs and shipping fees out of their own pocket, with promises of reimbursement and an enticing paycheck later. Many victims of mule scams are never paid or reimbursed and end up losing thousands of dollars before realizing that they have been victimized.




information contained within the magnetic stripe on a credit card, which is made up of two tracks. Both tracks contain the primary account number and expiration date; the first track will contain the cardholder name and CVV. Each credit card issuer will have their own standards for encoding the information in the tracks. EMV is a standard for authenticating credit and debit card payments (http://www.emvco.com/about.asp); see also http://www.wired.com/threatlevel/2009/10/card-fraud/ http://information-security-resources.com/2009/11/20/online-money-mules-aide-theft-and-fraud/

Document info
Document views381
Page views381
Page last viewedSat Jan 21 20:01:01 UTC 2017