The Fraud Ecosystem: From hack to chargeback

In 2014, top retailers Target, Home Depot, and CVS were all hacked, exposing over 100 million credit card records. In 2015, it was Walmart, Anthem, and AshleyMadison. In 2016, FriendFinder announced nearly half a billion accounts were hacked. And Yahoo is probably still getting hacked right now. These hacks have far reaching consequences that affect all of us, especially merchants. Chances are, if you’re a merchant who has been hit by fraud recently, those transactions can be traced back to data hacks like these.

Most of your criminal fraud and subsequent chargebacks spawn from what is known as the Fraud Ecosystem. It is a complex yet disturbingly accessible and reliable marketplace that transforms hacked data into liquid currency for fraudsters. And it’s the primary driver behind nearly all your fraudulent transactions. Join us as we follow the money from hack to chargeback and explore the Fraud Ecosystem.

The web as most of us know it is actually just the tip of the iceberg, a mere 10% of the total information online. The other 90% exists in the “Deep Web”. It’s in this murky underworld that the Fraud Ecosystem blossoms. To get there, we’ll need a special browser that can access the Deep Web. The Onion Router (TOR) is the most well known of these browsers, which use a network of servers as proxies to anonymize the user. Everything on the Dark Web is encrypted and anonymized in this way. So it is no surprise that illegal activities of all kinds go on here. Using TOR on the Deep Web, you can browse sites to hire assassins, launder money, score drugs, or buy and sell stolen credit cards.

When credit card data is hacked from Target or Home Depot, the hackers—or stealers–parse the data together to create complete cardholder profiles. They turn around and sell it to validators on sites like AlphaBay and Rescator. These sites batch the profiles together by hack and rate each batch based on their validity. 100% valid batches carry newly stolen cards that will all work, 50% batches are older cards that work about half the time, and so on.

The people shopping these batches are the denizens of the Fraud Ecosystem that we are most familiar with as merchants. We know them as fraudsters, but in the Ecosystem they are known as liquidators. They can search the batches by account zip code, banks address, or any other field they’ll have to provide in at a point of sale.

Cards with higher batch rates go for around $100, and get cheaper as the valid rate drops. Like most transactions across the Deep Web, Bitcoin is the preferred currency to make a purchase. It’s too bad validators do not take Visa, or they might think twice about the hassles they’re creating on the merchant end. Once the purchase is made, they’re off to spend as much as they can with their new stolen cards and one day become the chargeback on your bank statements.

The sheer brazenness of these operations begs the question: why isn’t anyone shutting them down? Well, the answer is perhaps the king of all ironies about the Deep Web… The very people we would expect to do something about it–law enforcement, governments—are also avid users of the Deep Web. Shutting down the Deep Web would mean shutting down encrypted government communications online as well. Occasionally, a site like the Silk Road will get shut down, but the Deep Web is like the mythical Hydra where two heads replace every head you cut off. So needless to say, massive data hacks and the chargebacks they turn in to will be here for the foreseeable future.