ALERT: Online Payments: The Growing Trend of AI Assisted Fraud

A lot of merchants think they aren’t at risk for security threats because they are “safe” online. Still, cyber criminals are using artificial intelligence to collect sensitive data in common payment fields on websites that allow transactions.

How it works:

Criminals do not need all of a consumer’s card information in order to attempt fraud, rather they can take partial bits of any card number, card verification value (CVV2), expiration date, and zip code in order to advance their malicious initiative. Artificial Intelligence (AI), also known as bots, are used to repeatedly and automatically test payment fields to find valid bits of account information. With enough matching pieces of data, a fraudster can basically “crack the code” to an account.

The criminals then perform transactions on behalf of the account holder or sell the data on underground sites.

Fraudsters can attack in many ways. Here are a few examples:

• Websites that allow transactions on their website and have weak controls.
• Gaining access to payment systems by opening merchant accounts with fake identities and then attack from that account.
• Obtaining a merchant’s credentials then taking over their account.
• Cloning point-of-sale (POS) devices (which is much like using a skimmer on an ATM and copying information).
• Gaining access to gateways using merchant credentials and access to processor hosts to submit transactions (known as social engineering)
• Testing the batch feature on sites by uploading a spreadsheet with potential data to see what comes back

Chesapeake Payment Systems is here to help:

While there is no single solution that will protect you from all fraud types, there are a variety of solutions Chesapeake Payment Systems (CPS) can recommend for your protection.

Additionally, we maintain a high success rate for our PCI compliance. We also offer tailored fraud controls for a merchant’s business and breach coverage, and we’re always available to answer questions and provide training resources.

“Fraud prevention is something that must be taken seriously.  We all want to believe that it will never happen to us, but cyber criminals show no mercy.  If there is a system vulnerability, they will find it,” says Starr Eamigh, VP, Operations Manager Chesapeake Payment Systems. “Reacting to a fraud event can be frustrating and costly. Business owners should take proactive steps to ensure strong fraud controls are in place now rather than after an event has occurred. ”

Here’s what we recommend:

• Always keep credentials safe. Never write them down.
• Collaborate with your merchant services provider in order to identify systems that can potentially protect your business.
• Shred all sensitive data.
• Shut down accounts and access to systems for employees that leave.
• Stay up-to-date on scammer’s methodologies, like phishing, ransomware, and other security risks. Here are credible sources to start with:
  • Cybersecurity & Infrastructure Security Agency, an official government site
  • Krebs on Security, a reputable blogger
  • You may also be interested in the 2020 Internet Crime Report from the Federal Bureau of Investigations Internet Crime Complaint Center IC3
• Add additional security layers to accounts to verify merchant information, like tokens, captcha, security phrases.
• Download Visa’s white paper “Best Practices for Anti-Enumeration and Account Testing.” (Pages 6-7 cover in-depth specific actions that you can take ranging from website security, transaction thresholds, user changes, and network tools.)
• Contact our Business Development Team to talk about the advanced fraud controls that our CPS team offers | Email or call (877) 695-8239