Breach, Data Security, Incident Response, TDR

Software automates fake purchases on compromised credit cards


Following numerous high impact data breaches involving the theft of millions of payment cards, researchers with cyber intelligence company IntelCrawler have identified software being offered on underground forums that automates credit card data being sent to payment gateways.

A payment gateway is similar to a point-of-sale device in a retail store, except it is used to authorize payments for approved merchants operating online. According to a Wednesday IntelCrawler post, a group known as Voxis Team is offering software known as Voxis Platform that can use 32 payment gateways, including PayPal, all without human interaction.

Ultimately, Voxis Platform – which is licensed individually and starts at $150 – effectively and efficiently enables criminals to bring in money by automatically making fake purchases on compromised cards, Andrew Komarov, CEO at IntelCrawler, told in a Wednesday email correspondence. The fake purchases can be made to appear as if made by real people.

“The bad actors open 'money mule' banking accounts and set up merchant accounts on them,” Komarov said. “After, they prepare stolen compromised credit cards, import [the cards] to the system, and configure the templates, rules, [and] time frames to make purchases from stolen cards through prepared merchants. In fact, [the] merchant can be a fake shop, and they will emulate legitimate transactions through it.”

Criminals can steal merchant accounts, or can get an approved merchant account by setting up a fake website and turning in stolen documents, according to the post.

Users can tweak the variety of options offered by Voxis Platform to carry out transactions without arousing suspicion, such as scheduling specified payments to be made between certain hours depending on the locations of the cardholders, Komarov said. Further, Voxis Platform fills in the missing information of the credit card holder by using the API, the post indicates.

“According to our information, [Voxis Team is located in] Eastern Europe [and] they have [a] reputation as underground software developers,” Komarov said. “They develop special software for cybercriminals, mostly for automation tasks, such as Voxis Platform.”

When it comes to merchant verification, IntelCrawler recommends strengthening know your customer procedures, including checking the history of the business, its contact information, and the types of services and products being offered, Komarov said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.