The cyber criminal ecosystem has a new tool in its arsenal called Voxis, the Voxis Platform is a payment gateway application which can send batches of stolen card charges to multiple gateway processors automating their returns before acquiring banks can catch any illegal activity. The discovery was made by experts at IntelCrawler, cyber threat intelligence firm from Los Angeles, which has uncovered a criminal group called “Voxis Team” which specializes in money laundering and had developed the application for this specific purpose.
“IntelCrawler, cyber threat intelligence firm from Los Angeles, has identified an active organized crime group called «Voxis Team», which specializes in money laundering by using their own specially designed payment gateway software which can send batches of stolen card charges to muliple gateway processors, automating their returns before acquiring banks can catch the merchant fraud. ” states te blog post from IntelCrawler.
This kind of applications are in demand by the market especially in this moment because the large payment card data breaches at U.S. retailers like Target and Home Depot have flooded the underground market with stolen credit card data that criminals desire to quickly monetize.
Tha Voxis Platform is an excellent instrument to emulate the human behavior and avoid the detection of anti-fraud systems the are triggered when specific fraud patterns are recognized. In every online transaction we distinguish the following roles the buyer, the seller and the payment gateway. The seller will receive money from transactions if it has a merchant account registered with the payment gateway.
“… ,bad actors can use speed to automate and load cards to be charged for pre determined amounts at predetermined times, all with the goal of sliding under fraud detection systems. The emulation of human behaivior and buying patterns increases their probabilities of having charges authorised.” states the post published by IntelCrawler.
“The black market has money mules and stolen identities which allows bad actors the necessary resources to open merchant accounts. They can easily build fake web sites and turn in stolen documents to get approved merchant accounts. The issue for them has always been hammering the merchant accounts with stolen cards before the account gets cut off.”
The tactic adopted by crocks is consolidated, cybercriminals can gain access to merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. As explained by InterCrawler, the principal problem for the criminals is time, they have to complete the highest possible number of fraudulent charges before they’re detected and their merchant accounts get closed.
Voxis Platform allows to speed up this process, criminals using it can make the highest possible number of fraudulent charges, on specialized forum the Voxis team claims that the software supports 32 different payment gateways and it has been designed to emulate human interaction “to make it look like real humans are sending their credit card information to the payment gateways.”
«Voxis Team» appeared on the blackmarket in August 2014, having its own group of developers, one of interesting features implemented by the Voxis team is an automated filling of missing information in regard of credit card holder, the functionality is implemented using people search service Pipl.com.
E-commerce websites and payment gateway operators must revise their merchant account verification process and improve fraud-detection methods to respond the increasing sophistication of tactics adopted by criminals.
Security Affairs – (Voxis platform, cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.