Online criminals intent on identity theft are continuing to get help from two marketplaces on the dark web.
So-called ‘digital fingerprints’ are up for sale on the Genesis and Richlogs marketplaces, giving hackers the ingredients they need to put together watertight identity simulations to trick banks, retail giants, media sites and other online organisations.
Fraudsters are increasingly turning to identity scams, using sophisticated technology along with stolen data to adopt the appearance of a legitimate user.
Security specialists say the increase in digital fingerprints being put up for sale on illicit marketplaces illustrates the growing trend for “carding” – the practice of illegally using credit and debit card information.
In 2018, Jupiter Research found that online payment card fraud cost $22 billion, a total that is forecast to rise to $48 billion by 2023.
The jump is predicted in spite of organisations turning to increasingly sophisticated defence mechanisms designed to clamp down on online skimming software, banking Trojans and other data theft systems.
The last twenty years have seen cyber-criminals trading credit card data through dozens of online portals, the large part of which are hosted in Russia on platforms such as AlphaBay, Hansa, Dream, and Wall Street Market.
Rescator is another major data player that has overseen the transaction of hundreds of thousands of payment cards.
To combat such cyber-crime, organisations have begun to ‘digitally fingerprint’ users and devices, by recording information from over 100 data points. These can include a user’s IP address, their geographic location, time zone, device identity, OS system, battery data, cookies and even how a consumer uses their smart devices.
Tracking data of this nature can help anti-fraud organisations to identify suspicious irregularities which may hold the key to locking in on the source of fraudulent activity.
Security company Kaspersky said:
“Anti-fraud systems can check the user’s collected fingerprint against the local database of fraudster device fingerprint patterns and, if any of them should match the one being used for the online purchase attempt, the transaction will be immediately blocked.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/