Russian federal investigators have arrested at least 25 people accused of operating a credit card fraud ring, according to a statement released by the Russian Federal Security Service (FSB), as reported by Brian Krebs of Krebs on Security.
Those charged allegedly included a card fraud kingpin and two dozen associates linked to over 90 websites that sold stolen credit card data and operated internationally. They were also reportedly involved in data breach operations on major retailers.
According to Krebs, the FSB has not officially revealed the list of names of those arrested, but the timing of the statement’s release coincides with the leak of the details of a raid revealed by cybersecurity blogger Andrey Sporov. Sporov claimed that the arrested card fraud kingpin was notorious cybercriminal Alexey Stroganov, who uses the hacker names “Flint” and “Flint24”. Stroganov has been a mainstay of underground forums for almost two decades, as revealed by Intel 471.
The Russian underground has been around since 2004 and still remains active to this day. Besides credit card fraud, the Russian underground is a breeding ground for money-laundering schemes, and offers traffic-related products and services such as traffic direction systems (TDSs) and traffic direction and pay-per-install (PPI) services. It also specializes in automating processes to accelerate trade and lower prices.
The security of credit card details is a shared responsibility of businesses and card users. Businesses processing credit card transactions either online or offline should ensure that they handle the payment data in accordance to the regulations set by the Payment Card Industry Security Standards Council (PCI SSC).
Businesses with physical point-of-sale (PoS) systems should check their machines for signs of tampering, and for unusual glitches and lags that may indicate the presence of PoS malware. Enterprises accepting credit card details online should ensure that the data is encrypted and secured.
Users likewise should do their part in maintaining vigilance against phishing campaigns and counterfeit banking apps that can masquerade as legitimate transactions to prevent the compromise of credit card details.
To avoid falling for phishing scams, users should verify before sharing sensitive information. Security solutions that detect phishing attempts also help safeguard data. Uses should also only download banking apps from legitimate sources and enable built-in security features of apps. Security solutions for mobile (Android and iOS) can also protect mobile payment transactions.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).