Payment card fraud costs banks and merchants nearly $23 billion a year and rising. As consumers spend more money online, the opportunities for fraud increase and so does the level of sophistication threat actors employ to conduct card fraud. These cybercriminals don’t operate in a vacuum. They rely on a broad ecosystem and support network that provides a range of credit card details, fraud tools and online tutorials to hone their skills and increase their chances for success.

A SOC manager of a retail bank discovered that customer credit card numbers were being traded online and took a proactive approach to preventing fraud. Here’s how it unfolded.

IRC Channels – A Tool for Criminals…

Among the participants in the payment card fraud ecosystem, fraudsters are the individuals who use card details to buy goods and services for their own use or to resell at a discounted price. They run the greatest risk of getting caught by law enforcement and seek ways to stay below the radar. One tactic is to make sure cards have a worthwhile balance before using them. To do this, they take advantage of services offered on the Internet Relay Chat (IRC) channel that check the validity of credit card numbers in exchange for a nominal fee ($0.15).

IRC Channel

Figure 1: An IRC channel used to check balances of payment cards.

…and a Tool for Defenders

With annual online card spending expected to reach $6 trillion by 2021, detecting and stopping fraudulent transactions is a priority for banks and merchants worldwide. But the volume of activity to monitor can seem overwhelming. By understanding how this ecosystem operates, there are steps defenders can do to mitigate risk. In this case, the retail bank:

  • Monitored IRC channels to check for Bank Identification Numbers (BINs) and Issuer Identification Numbers (IINs).
  • Detected their customers’ credit card details being tested.
  • Disabled the impacted cards to prevent further fraud from occurring.
  • Alerted their customers, taking a proactive approach to preventing fraud.

It’s not only IRC channels where payment cards are tested and shared online. In order to gain good visibility into where your customers’ payment cards are being shared online, you also should monitor criminal forums and marketplaces.

Want to learn more about how this underground economy operates and how to use that knowledge to your advantage? See how Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP)™ helps clients investigate digital risks such as payment card fraud and enables organizations to proactively mitigate risk: Test Drive SearchLight™ Free Here.


To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.