Fraud activity isn’t always about money.

Posted by Trustev editor on January 17, 2014

Since the recent Target disaster which resulted the card details of 40,000,000 and the private information of over 100,000,000 people being let loose into the payments ecosystem, several ecommerce partners of Trustev have noticed a massive increase in suspicious transactions across their networks.

For instance; one partner, a high end electronics provider has noticed a surge in attempted purchases of high value items. Looking at the transactional information the cards themselves appear to be valid, however the address information provided is just nonsensical gibberish. No fraudster in their right mind could expect these attempts to be successful, there’s no valid address to ship to - so why are the fraudsters even attempting the transactions?

It’s something we see frequently at Trustev and its a common issue, with a rather sinister purpose. In cases like this what’s actually happening is that fraudsters are testing the credit limits of cards against one merchants system that they might perceive as an easier hit, so they can go off and execute high value fraud against another site. We see similar behaviour against customers in our network with very low average transaction values, where in this case fraudsters are checking to see if the cards can bypass the rudimentary checks provided by credit card companies.

You see, while some fraud is very, very complicated, very high tech and executed by experienced fraudsters, some fraud is basically nothing more than a spreadsheet of thousands of credit card numbers, being simply bounced brute force against a low security site until something goes through.

The outdated nature of how financial institutions track, manage and classify fraud mean these fraud attempts, even if they result in no financial loss for the company can still count against the company in its dealings with card providers and payment platforms.

With Trustev, we're completely focused on identifying the customer behind the transaction, not just blinding accepting the payment method. On a Trustev protected site, simply having valid payment information won’t get you anywhere in terms of being able to execute a successful incursion.

Topics: fraud, Identity