CCG Insights

E-Commerce in More Danger with Mounting Numbers of Stolen Card Data

  • Insight

E-Commerce in More Danger with Mounting Numbers of Stolen Card Data

E-Commerce in More Danger with Mounting Numbers of Stolen Card Data

E-Commerce in More Danger with Mounting Numbers of Stolen Card Data

An almost tripling of the number of false retailer websites intended to phish for customer credentials and black-market listed stolen goods for resale are some findings in a new report.

Riskified and IntSights Cyber Intelligence released “The Retail and eCommerce Threat Landscape Report,” which studied how the growth in online shopping, combined with the explosion of compromised financial and card data available, make the retail and e-commerce industries among the most targeted sectors in the darknet.

The joint report, which analyzed data from third quarter 2017 to third quarter 2018, addressed the scope and severity of the current threat and fraud landscape for retailers from selling credit card data and personal information from data breaches to sharing commonly used tools and schemes.

“The ease with which you can commit fraud these days and get goods delivered to your doorstep with little to no risk, is just too appealing to overlook,” the report suggested. Most online retail fraud follows a simple two-step process:  Get a stolen credit card, order goods from a retailer. Plus, inefficient fraud prevention costs merchants billions in chargebacks, overhead and missed sales.

The report discovered some significant trends such as a 297% rise in the number of false retailer websites designed to phish for customer credentials. In the third quarter alone, there was an average of 23 phishing sites per company, a significant increase from 2017. They also found a 278% rise in stolen goods listed on black markets for resale; an average of 22.1 internal login pages or development servers exposed per retail company in 2018; and fake apps and social media profiles on the rise with a 469% spike in suspicious applications and a 345% increase in fake social media profiles (respectively) in the fourth quarter of 2017.

The report noted retailers are increasingly focused on driving sales through a variety of online channels – including Facebook, SMS messaging, Instagram, Twitter and more — all of which provide a perfect opening for fraudsters to lure in new victims.

The report noted, “Although credit card information is not issued by retailers, they often store this information, and tend to have weaker security systems in place than financial companies.” This makes retailers one of the most targeted groups for obtaining credit card data. Once stolen, credit card data can provide fuel in the trade of stolen card information on the dark web, and to defraud the same organizations from where they originated.

Among the methods used to obtain credit cards:

  • Phishing websites: A most common way to get credit card data.
  • Point of sale malware: Infecting POS machines can generate hundreds to thousands of credit card numbers per day.
  • ATM skimmers: can copy the data of every card entered and send it to a hacker’s server.
  • Malicious apps: by either mimicking a bank app or keylogging within a legitimate app, malicious apps can acquire card and bank data.
  • Trojan malware: This involves infecting a computer with keylogging and/or screenshot-taking programs that monitor activity on financial institution or credit company websites.
  • Social engineering: This can be a fake bank support call, a SMS message leading to a phishing site, a tax-return request, or a fake job proposal. Social engineering is hard to anticipate and defend against because it relies on a person’s voluntary action.
  • Black markets: For some, it’s as easy as going to black markets and buying a bunch of stolen credit cards that cost anywhere from $1 to $20 each, depending on the quality and freshness of the card.

Get full access to this and other CCG Insights – Register Now

Already have an account? Log in

  • CCG Catalyst CCG Catalyst
  • November 12, 2018

You Might Like These, Too

Millennials Step Up Their Home Purchasing
Insight

Instant Issuance Brings Accountholders, Even Millennials, to the Branch

American Banker
Article

The risks and rewards of partnering with Amazon

Innovation Centers Become Part of Finserv Culture
Insight

U.S. Companies Need to Gear Up Now For New EU Data Privacy Regulations

Real-Time Payments Catching on Globally, Not So Fast in the U.S.
Insight

Many Industries, Including Financial Services, Ignoring Mobile Risks

Leaders in Bank Consulting

About CCG Catalyst
Latest Insights
CCG

PHOENIX • NEW YORK • LONDON • SINGAPORE

Phone: +1-480-744-2240  • Contact Us

© 2021 CCG CATALYST CONSULTING GROUP. Privacy Policy & Terms of Service.
Request a Call Back
Linkedin
Twitter
Subscribe
for Insights
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT
BANK
FINTECH
FUSION
  • About
  • Services
  • Insights
  • Fintech
  • Research
  • Contact
  • Press
  • Careers
  • Events
  • Terms
  • Privacy
Linkedin
Twitter