Negative Feedback Loop: Surge in ATO Fuels Demand for CNP User Data Leads to More ATO

Negative Feedback Loop: Surge in ATO Fuels Demand for CNP User Data Leads to More ATO

May 9, 2019

New research from digital asset exchange Gemini suggests that cybercriminals are increasingly turning to card-not-present merchants as a source to steal data rather than traditional merchants, according to KrebsonSecurity.

“The demand for card-not-present data remains strong while the supply is not as great as the bad guys need it to be, which means prices have been steadily going up,” Stas Alforov, director of research and development at Gemini told Krebs. “A lot of the bad guys who used to do card-present fraud are now shifting to card-not-present fraud.”

Magecart card skimming malware continues to pose increasing threats to e-commerce websites. Shoppers are unwittingly sharing their payment details with cybercriminals who are harvesting their personal information in the online equivalent of ATM card skimming. As a result, over the past year, thousands of hacked e-commerce sites have been fueling ATO attacks.

The skimming being perpetrated by the infamous hacker group is providing the raw material for ATO attacks. As criminals continue to see gains from this type of attack, the demand for card-not-present data increases even more.

“We have seen the evolution of attacks on the e-retail sector over the past couple of years. Because most of the Western world is moving to chip based credit cards, the value of CNP transactions has gone up tremendously,” said Ameya Talwalkar, co-founder and CP of Cequence Security.

Increased value has also driven an increased degree of sophistication in attacks used to target e-retailers. Cybercriminals have realized that compromising their infrastructure, which is harder, is not the only way to get CVV Dumps.

“We're of course seeing increasing account take over (ATO) attempts using billions of user credentials that are leaked every year. Starting with script-kiddies, and then moving to using headless browsers to using human farms—attackers and their strategies have evolved over the past few years. Some e-retailers rely on their CDNs for security, only to realize that the attackers can discover their origin servers and attack them directly.”

While the attacks threaten all sectors, Gemini also reported that India has seen a significant increase in card-not-present crimes, noting that in 2018 there was, “a 219-percent spike in Indian payment cards added that year due to a significant rise in stolen Card Not Present (CNP) and Card Present (CP) data. The increasing demand was supported by a 150-percent surge in the sale price.”

Previous-Article-CNP Next-Article-CNP

Identifying Credential Stuffing for Account Takeovers

  • Share this Article:
Kacy Zurkus