MULTINATIONAL RETAIL CORPORATION - EMC
MULTINATIONAL RETAIL CORPORATION - EMC
MULTINATIONAL RETAIL CORPORATION - EMC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>MULTINATIONAL</strong> <strong>RETAIL</strong> <strong>CORPORATION</strong><br />
Underground carding market fraudsters are<br />
foiled with RSA FraudAction Intelligence<br />
AT-A-GLANCE<br />
Challenge<br />
––<br />
Retailers face attacks from<br />
fraudsters operating in online<br />
forums and chat rooms<br />
––<br />
Infiltrating these communities to<br />
identify threats requires expertise<br />
and dedication<br />
––<br />
Effective intelligence gathering<br />
requires knowledge of the<br />
underground ecosystem<br />
and an established persona<br />
Solution<br />
––<br />
RSA ® FraudAction Intelligence<br />
(FAI) service provides detailed<br />
insight into specific threats and<br />
into long-term trends in<br />
cybercriminal activities<br />
––<br />
The retailer was able to conduct<br />
a sting operation to intercept and<br />
prevent a fraudulent transaction<br />
staged in an underground forum<br />
Results<br />
––<br />
The retailer has the option to use<br />
the intelligence to immediately<br />
respond to individual threats where<br />
appropriate, or identify patterns in<br />
fraud and prosecute repeat<br />
offenders<br />
––<br />
The RSA FAI team has international<br />
law enforcement connections and<br />
can support the retailer in its work<br />
with law enforcement to prevent<br />
fraud<br />
––<br />
The retailer is in a strong position<br />
to execute its strategy to eliminate<br />
carder fraud from its branches and<br />
online<br />
“ We want to send a clear message to the cybercrime underground<br />
that it’s not worth attempting carder fraud against our company.<br />
We can put our confidence in the RSA FAI service to provide us<br />
intelligence we need to mitigate fraud effectively, and to<br />
perpetuate this message back to the fraudster community.”<br />
OPERATIONAL LEAD, <strong>RETAIL</strong>ER’S ANTI-FRAUD TEAM<br />
This multinational retail corporation has branches across the United<br />
States as well as running a significant online shopping platform.<br />
CHALLENGE<br />
Retailers have long been engaged in a battle against fraudsters. It’s an ongoing challenge<br />
as criminals take increasingly creative approaches to avoid the security measures that<br />
retailers put in place to combat fraudulent practices. Many fraud attacks are now devised<br />
and carried out from the murky world of online underground fraud chat rooms, which are<br />
hard for retailers to penetrate, enabling the fraudsters to remain faceless.<br />
An example of such activity is known as carder fraud, where someone uses compromised<br />
card details to make an online purchase for pickup at a particular store. This individual<br />
then uses an online forum to recruit a ‘mule’: a person to make the pickup and ship the<br />
fraudulently purchased item to the purchaser.<br />
In order to deal with these threats, businesses must not only infiltrate communities of<br />
wary fraudsters, but also then identify specific threats and take appropriate action. One<br />
retailer recognized the need for an expert team, and chose to work with the RSA FAI<br />
service to help it track suspicious activities in the cybercrime underground, which may<br />
impact the organization. “We wanted to use the insight from the FAI service to identify<br />
patterns in fraudsters’ activities so that we can best prepare for and respond to them<br />
before they resulted in losses for us,” explains the operational lead of the retailer’s<br />
anti-fraud team.<br />
SOLUTION<br />
While the retailer was eager to use the information from the FAI service to deepen its<br />
understanding of fraud patterns over time, the RSA team was also able to help it respond<br />
to individual threats.<br />
The FAI fraud intelligence agents each use a variety of methods to monitor and engage with<br />
cybercriminal communities on a regular basis. As part of his daily monitoring of these sites,<br />
an FAI agent uncovered that one of the forum members was claiming to have identified an<br />
employee of the retailer at a particular store who would be able to act as a mule.<br />
CUSTOMER PROFILE
“ We wanted to use the insight<br />
from the FAI service to identify<br />
patterns in fraudsters’<br />
activities so that we could<br />
proactively prepare for and<br />
respond to threats before they<br />
resulted in losses for us.”<br />
OPERATIONAL LEAD, <strong>RETAIL</strong>ER’S<br />
ANTI-FRAUD TEAM<br />
CONTACT US<br />
To learn more about how RSA<br />
products, services, and solutions help<br />
solve your business and IT challenges<br />
contact your local representative or<br />
authorized reseller – or visit us at<br />
www.emc.com/rsa.<br />
The agent contacted the community member, posing as someone requesting to make a<br />
fraudulent purchase and use the pickup service. Using small talk to build an element of trust<br />
with the cybercriminal, the RSA agent got the name and store details of the fraudster’s<br />
employee contact. “We use many techniques to get information from our contacts in the<br />
forums. In this case I was able to get a few personal details about the fraudster as well,”<br />
explains the RSA agent. “For example, the way he used the English language made me think<br />
he wasn’t American, so one day when he commented that he’d been unable to reach me for a<br />
few hours, I told him it was because I’d had to spend the day at the DMV (Department of<br />
Motor Vehicles). Any American would have known what that meant, but he asked what it was.<br />
I explained and asked what he called it in his country and he said the DVLA. I quickly Googled<br />
the acronym and learned that he was in the UK, which he then unsuspectingly confirmed.”<br />
The agent provided the employee details to the retailer to confirm accuracy. The retailer<br />
confirmed the employee did indeed work at the store indicated by the fraudster, and<br />
decided to set up a sting operation to intercept the employee and prevent the fraud from<br />
taking place. The retailer started the sting operation by providing the RSA agent with a<br />
screen shot of a fake purchase confirmation, which the fraudster needed to pass on<br />
(through another middle-man) to the employee so that the pickup could take place.<br />
When the employee tried to pick up the items, the store’s security team was waiting for<br />
her and confronted her about the fraudulent purchase. “She had no idea she was<br />
participating in a fraudulent activity, and had believed that she was picking up a<br />
legitimate purchase for a friend that she had met on the Internet – the cybercriminal’s<br />
additional middle-man,” explains the retailer’s anti-fraud team operational lead. “We were<br />
able to check her history to see if she regularly made such pickups. When it became clear<br />
that she was being honest and had been deceived into making the pickup, we felt<br />
comfortable that she would not do it again, and so were happy to enable her to keep her<br />
job. Of course, if further investigation showed that an employee was regularly supporting<br />
fraud, or if they did so again after receiving a warning like this, we would terminate their<br />
employment and carry out any necessary steps to prosecute or involve law enforcement.”<br />
“This fraud attempt was typical in that it involved a complex chain of connections that<br />
enabled the real criminals to hide online,” says the RSA FAI agent. “However, in this case<br />
we were able to collaborate with the retailer to proactively stop the fraud and protect an<br />
innocent employee who was unknowingly recruited as a mule.”<br />
RESULTS<br />
The retailer appreciates the fact that it was able to make use of the insight provided by<br />
RSA’s FAI agents in two ways. First, “In cases like the sting operation, where we have<br />
verified details of the pickup ‘mule’ and we have in-store security to deal with it, we can<br />
take action to prevent individual fraud attacks,” says the anti-fraud team operational lead.<br />
Second, “However, it would be inefficient to follow up every individual threat, so we also<br />
use the data to track historic patterns and predict future trends. We have been working<br />
with the RSA FAI team for about a year now, and have a comprehensive database of<br />
intelligence to refer to, not only for our own anti-fraud operations but to respond to<br />
requests for support from law enforcement as well.”<br />
The intelligence that the retailer now has about carder fraud practices against it will play<br />
an important role in its mission to attack this type of fraud across its thousands of stores.<br />
“We want to displace this sort of fraud from our stores,” concludes the anti-fraud team<br />
operational lead. “We want to send a clear message to the cybercriminal underground<br />
that it’s not worth attempting this sort of fraud against our company. We can put our<br />
confidence in the RSA FAI service to give us the intelligence we need to fight the fraud<br />
effectively, and to perpetuate this message back to the fraudster community.”<br />
www.emc.com/rsa<br />
©2013 <strong>EMC</strong> Corporation. All rights reserved. <strong>EMC</strong>, RSA, RSA Security, the RSA logo and FraudAction are the property<br />
of <strong>EMC</strong> Corporation in the United States and/or other countries. All other trademarks referenced are the property of<br />
their respective owners. H12440 RETFAI CP 1013