The Dark Web is often spoken about as some kind of mystical hacker’s paradise, only accessible to those ‘in the know’, or by individuals who understand complex coding. The Hollywood caricature represented by a character who is sat in a dark room, often wearing gloves, a hoodie and lines of brightly coloured code reflecting off their darkened sunglasses. Put simply, that is a myth.
First, it is useful to be clear around two phrases that are often used interchangeably to describe this underworld, namely the “Deep Web” and the “Dark Web”. The Deep Web is simply referring to websites and data that are not indexed on conventional browsers or search engines, like Google. The Deep Web is not illegal to access, and in fact you can set up the preferred VPNs and browsers to access the Deep Web with a few minutes of internet research. While some illicit activities do occur on the Deep Web, users are commonly more interested in maintaining their privacy in an age of increased surveillance.
The Dark Web, by comparison, is only accessible using specialist software. While not every site found on the Dark Web is illegal, a majority are. The list of activities that are possible on the Dark Web is both too long and disturbing to list here. But regular sweeps have found marketplaces dealing in narcotics, weaponry and even assassination services. In short, activities and items that have traditionally been associated and available on the ‘black market’ are now just more accessible on the Dark Web.
The black market has gone digital, just like the high street. What you may not realise is that most Dark Web sites have fully developed user interfaces, complete with price lists, links and even usernames and reviews feeding back on the quality of products received. This is a fully operating marketplace, not just code. Not only is the Dark Web becoming easier to access, and easier to use, marketplaces on the Dark Web are also diversifying and increasing the types of products and services they stock and provide – particularly in the fraud space.
How are fraudsters using the Dark Web?
While there are few available statistics specifically demonstrating an increase in Dark Web traffic, three key points have emerged that show an increase use of the Dark Web to commit fraud:
Firstly, in a recently published Dark Web Price Index, there has been a notable increase in the supply of basic credit card data on the Dark Web. Having said that, even with increase in supply, there has also been an increase in demand. Credit card fraud rose globally by 104% from the start of 2019 to the start of 2020. With 77% of all card fraud being card not present fraud. Where fraudsters use stolen card details to make online purchases or transfers remotely. Dark Web security and data quality has also improved, which has led to an increase in the prices they can charge for stolen details. With a basic credit card package (complete with full PAN, CVV and even the cardholder name) costs have increased from just $10/card up to $20/card. Rising prices seemingly having little effect on demand.
Bank Identification Number (BIN) list testing has increased in line with increased supply. During the height of the 2020 pandemic lockdowns, our fraud team identified an increase in card testing, using multiple cards that had the same BIN. BIN list testing fraud has increased for many payments services providers recently, as it is a relatively simple fraud to commit by a fraudster, who is sat at home during a lockdown – especially now it has become so simple to purchase these card details from the Dark Web.
There has also been an increase of false merchant and application fraud. Which means that there is a higher demand for false documents. With a fake passport, company director details or business registration paperwork, a fraudster can set up a false company or account to run illicit payments. This essentially creates a closed environment. Allowing the fraudster to set up a fake retailer or merchant and run transactions on their own stolen cards for either testing or money laundering processes. With the rise of remote or household-run businesses during COVID, it has become far easier to create a fake business. Fraudsters are also purchasing stolen documentation for legitimate companies. Meaning they are running a fake version of an existing company, which is therefore harder to track. One of ai’s partners has seen an increase of 125% in these ‘fake business’ type fraud cases in 2020/2021, compared to the same period in 2018/19.
How can fraud analysts use the Dark Web to protect their services and customers?
The Dark Web has become an critical tool for fraud analysts. The fact that an analyst can now retrieve an entire batch of stolen cards, after spotting a suspicious pattern on just a single transaction, means monitoring the Dark Web can save a lot of time and money. Solutions can be as simple as running a single card number through a Dark Web monitoring service to find out if it was part of a stolen set. Similarly, doing sense checks on the Dark Web, during and after merchant account on-boarding, can help to determine whether the business registration number has been sold recently, or a director’s name or email address has been used to create a fraudulent account that is up for sale.
It is important to ensure that fraud, operational and development teams manage their corporate credentials closely. Compromised corporate credentials often appear on the Dark Web and present fraudsters with the opportunity to mimic in-house operational activites. Clearly the larger the organisation, the more serious this threat becomes.
Beyond just searching for cards or card details on the Dark Web, the ability to look further into fraud trends is invaluable. Many of the Dark Web forums sell card skimming equipment, in addition to card shimming equipment, which can copy chip and pin cards, along with guides and instructions of how to use them. Tapping into that knowledge and information can be incredibly helpful in understanding the type of equipment being used, and where it might be implemented – particularly in industries where card present payments are the norm, such as in the fuel sector.
The dark web is a treasure trove of information for fraudsters and fraud analysts alike. By gaining access to the various markets and forums, analysts can view card lists and payment data to put into actionable fraud prevention strategies. The ability to review information, instructions and know where items, such as skimming equipment are being sold, can give fraud analysts the tools to prevent certain types of fraud at the point of source, before it becomes a wider issue.
