How Do Fraudsters Obtain Information to be Used on Fintech Platforms?

October 19, 2022

During our first session of Fraud Office Hours, an attendee asked, "How do fraudsters obtain synthetic ID or lost card information to be used on Fintech platforms?" Watch this video clip to see how Unit21's Head of Fraud Risk, Alex Faivusovich, responded.

How Fraudsters Obtain Synthetic ID or Lost Card Information

"Something very interesting that we are seeing is that we currently have so many entry-level fraudsters coming in with a great desire to conduct fraud.

But we also see the people who hold the databases, (the people who steal those identities and put them up for sale, the operators of the marketplaces, etc), realizing that all those new fraudsters don't understand how to access the dark web.

So, what we are experiencing is that marketplace owners are slowly shifting from the dark web into the deep web. So basically, you have a regular website where you can log in from your browser. You can use Chrome or any other browser that you like to use, which gives you access to all those stolen identities. It can be cards, it can be social securities. It can be medical records. Some marketplaces go as far as even selling bots.

So basically, you can buy a bot that infects the machine and takes all the information. So bad actors not only get the identity of the person, but they also get all the cookies and all the passwords stored in said Chrome browser as well. Once the bot has been purchased, the fraudster doesn't have to stop it from working. It keeps working. So this person, whose computer has been compromised, is actually a victim now that technically belongs to the person committing fraud.

This is a very interesting shift in supply demand. You can call it. The market always sticks to balance. And I think this is exactly what we're seeing.

We're seeing a lot of fraudsters who don't have the technical abilities to go to the dark web and try all those different forums and buy from those forums. Then they'll go to the deep web, which is essentially an eCommerce experience.

You sign up for the website. Sometimes they will ask you to do a small deposit in Bitcoin just to make sure you're serious about your intentions. And then you get access to pretty much an unlimited amount of identities and cards, and you name it."

Looking for more insights? Check out our first session of Fraud Office Hours on-demand for a deeper dive into current fraud trends and which preventative measures to consider.

New call-to-action

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations