The US Department of Justice has just shut down the Infraud Organization, a large and highly organized online credit card fraud ring believed responsible for more than $530 million in losses since 2010. Infraud has been a leading source for buying and selling stolen payment card data. Thirty-six are now arrested, according to The US Justice Department in this press release. IT security experts commented below.
Frederik Mennes, Senior Manager, Market & Security Strategy at VASCO Data Security:
“The security of e-commerce and online payments is a joint responsibility of merchants, payment service providers, banks, consumers, and payment technology vendors, and relies on a combination of preventive, detective and responsive security measures. It is great to see the success of reactive security measures, such as the capturing of criminal gangs, but our payment infrastructure should rely more on security technologies that prevent fraud in the first place. Therefore the payment industry should move away from traditional credit cards, which are subject to card-not-present (CNP) fraud, and adopt technologies such as tokenization for credit cards and multi-factor authentication of consumers.”
Ryan Wilk, Vice President, Delivery – NuData Customer Success at NuData Security:
“Cybercrime is as well organized, well-resourced, and technologically advanced as many other industries. Infraud Organization proves how easy it is for fraudsters to access personal information– and how much of it is available out there.
“Infraud and similar organizations affect every company, not just those in the retail sector, because they show how easily data from any source can be broadly distributed for profit. This data is used for account takeover and other successful tactics such as whale phishing. Although the organization has been dismantled, it still raises an important point for companies: how can they make sure they are providing services to the legitimate customers when bad actors make it so easy to buy personal information.
“The success of an organization whose motto is “In Fraud We Trust” is a clear sign that companies need to rethink authentication and incorporate continuous validation techniques based on data that can’t be mimicked, such as passive behavioral biometrics.”
Andrew Speakmaster, CTO and Founder at SiO4:
“This is a classic example of how the underground economy works and continues to sell stolen data in these Dark Web marketplaces. While some threat actors are prosecuted, most continue to reap huge profits where exfiltrated data is sold and traded. It is imperative for organizations to implement a true threat intelligence strategy that will enable them to gain insight into the deep Dark Web and leverage preemptive intelligence to eliminate or mitigate risk. Much of the intelligence today is reactive rather than proactive and is merely information, not intelligence.”