Report Reveals Financial Cybercrime Ecosystem and Outlines Payment Card Fraud Areas of Compromise


New York, NY - April 24, 2019 SecurityScorecard, the leader in security ratings, today released a new report titled Payment Card Fraud & the Financial Crime Ecosystem. SecurityScorecard’s threat intelligence team analyzed Dark Web marketplaces, forums and other vehicles for acquiring payment card data and identified a variety of methods cyber criminals employ to steal cardholder data from financial services institutions, merchants and others.

Despite the increase in compliance requirements, fraud and security incidents continue to occur with growing frequency. In fact, Dark Web marketplaces continue to keep pace with attempted mitigations that the financial industry puts in place. Just as merchants and payment processors use third-party vendors to enable business operations, the underground marketplace relies on a network of third party vendors to enable business operations. As a result, the entire financial services ecosystem is wrought with countless forms of payment card fraud risks.

“The underground ecosystem works similarly to legitimate businesses, even though it services semi-organized criminal groups,” said Alex Heid, Chief Research Officer, SecurityScorecard. “In addition to stealing cardholder data, cybercriminals are tasked with monetizing the data within this criminal ecosystem. Much like legitimate business, the success of these endeavors is based on reputation and previous experiences. Financial services organizations need to have a solid understanding of this underground ecosystem to create a comprehensive strategy for protecting cardholder data and minimizing institutional losses that originate from fraud.”

Sample of Sources of Compromised Data:

  • Hardware Skimming: Hardware skimming occurs when criminals install Bluetooth-based “skimmers” on point of sale (POS) devices or ATMs.
  • Hacked & Leaked Databases: Cybercriminals target enterprise databases that store payment data through a variety of techniques. In addition to finding unprotected database servers on the public internet, hackers also leverage SQL injection attacks against vulnerable web applications to siphon sensitive data.
  • POS Malware: For brick and mortar merchants, post-exploitation network sniffing malware is oftentimes leveraged to extract data being swiped by customers on point-of-sale workstations.
  • WebApp Malware: For e-commerce merchants that do not handle payment data, attackers have been observed injecting arbitrary code into checkout forms that will store/transmit the submitted data back to the attacker. This means even if an e-commerce shop is not storing card data, if their website is hacked, an attacker can log all data being input by the customer into checkout forms.

A copy of the report can be downloaded by clicking here. To receive a complimentary SecurityScorecard security rating and consultation for your business, visit