Fraudsters obtain their stolen credit card data from somewhere — but where? The answer is closer than e-commerce business owners might think.
Many online customers and merchants may not realize there’s a whole other web just below their favorite e-commerce, social media and news sites. It’s a web where guns, identity documents, credit card data and even uranium are readily available for purchase. This so-called “dark net” is connected to the internet, yet it isn’t quite a part of it. If you weren’t purposefully looking for the dark net, you’d probably never find it.
So, what (and where) is the dark net, and what do fraudsters find when they get there?
Scratching the Surface: Three Layers of the Web
Most consumers stay on (and are most familiar with) the surface web — the part of the internet that’s found via search engines. Just a little further down is the deep, or hidden, web. Entities like libraries and governments often host websites on the deep web to keep them out of search engine results and the eye of the public.
But the dark web (or dark net) is a different story. Dark net sites are intentionally hidden and unindexed by traditional search engines. They use a layered network structure (aptly called an “onion” network) to encrypt web traffic within multiple layers and bounce traffic to random computers worldwide. Each bounce removes a layer of encryption, which prevents anyone from matching the traffic’s origin with its destination. This level of anonymity facilitates the transfer of goods and services — some legally, and some not.
Not every presence on the dark web has questionable intentions. WikiLeaks began as a high-profile dark website, and even Facebook has a dark net site for users wanting to evade surveillance.
But if fraudsters go on the dark net looking for personal data to purchase, they don’t have to look far.
The dark net is hidden, but it isn’t secret. A simple Google search can unearth a lengthy list of financial services dark web links, and getting to those links isn’t hard. By downloading a special browser — like Tor (The Onion Router), The Freenet Project or I2P — and using a virtual private network (VPN), users can quickly find and visit illegal online marketplaces on the dark net.
What Can Fraudsters Find on the Dark Net?
Once connected, cybercriminals can select from any number of vendors selling stolen credit card data — some even offering guarantees as to the cards’ validity.
The marketplace is filled with sellers offering the products and services that make it easier for cybercriminals to commit credit card fraud. Whether these criminals are looking to buy CVVs, the data from magnetic strips, or a complete set of financial information, it’s all on the dark net.
But this data doesn’t come cheap: The price for some cards can be as high as $100 (payable in anonymous cryptocurrencies, of course). The cost for stolen data is based on the information that accompanies the card, its type and its limits.
Fraudsters then take these stolen credit cards and:
- Charge prepaid cards using the stolen data
- Purchase store-specific gift cards
- Purchase high-value products with the stolen card and sell them on eBay or in a dark net marketplace
Anonymity Doesn’t Equal Immunity
Just because these dark net transactions are anonymous doesn’t mean they aren’t traceable.
The infamous Silk Road marketplace, for example, was well-known for selling illegal products like drugs, fake identity documents and hacked PayPal accounts. (Ironically, Silk Road also adhered to a code of ethics that restricted the sale of products like pornography and weapons.) But in 2013, Silk Road was taken down by a major police operation in which three and a half to four million dollars in bitcoins were seized. Silk Road 2 popped up soon after — generating monthly bitcoin sales of more than eight million dollars — only to be seized in 2014.
Another dark net marketplace, AlphaBay, was considered the largest dark net market, with more than 400,000 users and sections devoted to distinct types of credit card and identity fraud. It, too, was the victim of multiple law enforcement raids. The site disappeared seemingly overnight in 2017, along with nearly four million dollars of bitcoins from users’ accounts.
Whether on the surface web or deep on the dark net, credit card fraud continues to hit merchants hard. Today’s fraudsters are clever; you must be, too. You know that having the right fraud protection plan in place to defend your business against fraudulent transactions is important. But how do you choose the one that meets your e-commerce needs?
Contact a ClearSale credit card fraud analyst today to learn how our outsourcing your fraud protection program can help you defeat savvy fraudsters and protect both your reputation and your bottom line.