Online payment fraud will reach $43 billion annually by 2023. An astounding number, considering that just 20 years ago total payment fraud was less than $2 billion each year.
To counter this dramatic rise in fraud, online retailers, banks and finance companies have been increasingly relying on using digital identities to help create a frictionless experience for customers. By matching up a user’s device id, fingerprint, cookies, and other information online, companies can quickly identify a unique digital identity for a consumer and fast track them if everything matches their profile.
But Security Researchers have discovered an alarming trend that could change everything. An investigation into the Dark Web led to the discovery of a market place called Genesis where over 60,000 digital identities were listed for sale to fraudsters around the world.
The goal of the marketplace is to sell legitimate digital identities or masks that will help fraudsters bypass security controls and machine learning software that companies use to create trusted customer profiles.
Most online companies use anti-fraud systems that match the user’s digital identity to internal and external databases. If the digital identity mask is new or unique, they will not necessarily flag the transaction, but if it looks like the Digital Identity has been associated with prior fraud or risk activity, it will block the transaction. So fraudsters need digital identities that will help them bypass these checks – and that is where Genesis fills the gap.
We see a clear trend of carding fraud increasing around the world,” said Sergey Lozhkin, security researcher at Kaspersky Lab. “While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch.
The Genesis MarketPlace
In a press release issued by Kaspersky Labs, they outline the ominous trend in digital identity theft, or as they call it “Digital Doppelgangers”, that could force companies to change the way they think about trusted digital identities.
In February 2019, Kaspersky Lab researchers uncovered the Genesis Darknet marketplace – an online shop selling stolen digital masks and user accounts at prices ranging from $5 to $200 each. Its customers simply buy previously stolen digital masks (together with stolen logins and passwords to online shops and payment services) and then launch them through a browser and proxy connection to mimic real user activity. If they have the legitimate user’s account credentials, the attacker can then access their online accounts or make new, trusted transactions in their name.
Every time someone enters financial, payment and personal information in an online transaction, advanced, analytic, machine learning anti-fraud solutions match that person against something called a digital mask. These masks are unique to each user and combine the fingerprints of devices and browsers commonly used to make payments/bank online (i.e. screen and OS information, a range of browser data like headers, time zone, installed plugins, window size, etc.) with advanced analytics and machine learning (the individual user’s cookies, online and computer behavior, etc.). That way, the financial organizations’ anti-fraud teams can determine whether it is truly that person entering their credentials, or a malicious carder trying to buy goods using a stolen card, and either approve or deny the transaction, or send it on for further analysis.
Here a screenshot Kaspersky took of how to download and use a digital identity off the marketplace
What Information Is Needed to Pull Off A Digital Identity Theft?
Digital Identities are typically comprised of digital information about the device use to access a site and its history. A great blog on it can be found here – Digital Identities.
- IP address (external and local)
- Screen information (screen resolution, window size)
- Firmware version
- Operating system version
- Browser plugins installed
- Device ID
- Battery information
- Audio system fingerprint
- GPU info
- WebRTC IPs
- TCP/IP fingerprint
- Passive SSL/TLS analysis
Digital Identities can also include behavioral analysis from the website such as
- Time spent at online store website
- Clicks on website location
- Interest-related behavior (items of interest, the typical amount of money spent, digital or real merchandise, etc.)
- Mouse/touchscreen behavior
- System configuration changes
The Genesis store sells components of this information to fraudsters who want to access sites and appear to be legitimate identities. And it’s all available for download for between $5 and $200.
The marketplace wants to make it very easy for fraudsters so they have even created Chrome Browser extensions so BOT can be used automatically in the card testing process at different sites.