A group of cybercriminals is proposing in the underground an application for automating rogue credit card charges dubbed Voxis platform.

The cyber criminal ecosystem has a new tool in its arsenal called Voxis, the Voxis Platform is a payment gateway application which can send batches of stolen card charges to multiple gateway processors automating their returns before acquiring banks can catch any illegal activity. The discovery was made by experts at IntelCrawler, cyber threat intelligence firm from Los Angeles, which has uncovered a criminal group called “Voxis Team” which specializes in money laundering and had developed the application for this specific purpose.

“IntelCrawler, cyber threat intelligence firm from Los Angeles, has identified an active organized crime group called «Voxis Team», which  specializes in money laundering by using their own specially designed payment gateway software which can send batches of stolen card charges to muliple gateway processors, automating their returns before acquiring banks can catch the merchant fraud. ” states te blog post from IntelCrawler.

v1

The Voxis Team is advertising its Web-based application on underground forums, the gang is proposing it as a tool for cashing out money from stolen credit cards by automating fraudulent purchases.

This kind of applications are in demand by the market especially in this moment because the large payment card data breaches at U.S. retailers like Target and Home Depot have flooded the underground market with stolen credit card data that criminals desire to quickly monetize.

v2

The Voxis Platform is an excellent instrument to emulate the human behavior and avoid the detection of anti-fraud systems that are triggered when specific fraud patterns are recognized.  In every online transaction, we distinguish the following roles the buyer, the seller and the payment gateway. The seller will receive money from transactions if it has a merchant account registered with the payment gateway.

“… ,bad actors can use speed to automate and load cards to be charged for pre determined amounts at predetermined times, all with the goal of sliding under fraud detection systems. The emulation of human behavior and buying patterns increases their probabilities of having charges authorised.” states the post published by IntelCrawler.

“The black market has money mules and stolen identities which allows bad actors the necessary resources to open merchant accounts. They can easily build fake web sites and turn in stolen documents to get approved merchant accounts. The issue for them has always been hammering the merchant accounts with stolen cards before the account gets cut off.”

The tactic adopted by crocks is consolidated, cybercriminals can gain access to merchant accounts or open rogue ones by setting up dummy e-commerce sites and using fake identity documents or money mules. As explained by InterCrawler, the principal problem for the criminals is time, they have to complete the highest possible number of fraudulent charges before they’re detected and their merchant accounts get closed.

Voxis Platform allows to speed up this process, criminals using it can make the highest possible number of fraudulent charges, on specialized forum the Voxis team claims that the software supports 32 different payment gateways and it has been designed to emulate human interaction “to make it look like real humans are sending their credit card information to the payment gateways.”

v3

«Voxis Team» appeared on the blackmarket in August 2014, having its own group of developers, one of interesting features implemented by the Voxis team is an automated filling of missing information in regard of credit card holder, the functionality is implemented using people search service Pipl.com.

E-commerce websites and payment gateway operators must revise their merchant account verification process and improve fraud-detection methods to respond the increasing sophistication of tactics adopted by criminals.

Pierluigi Paganini