Security & Fraud

Fraudsters: They’re Just Like Us!

Chances are that the things on consumers’ holiday wish lists this year are exactly what fraudsters’ wish for too. Michael Reitblat, Co-founder and CEO of Forter, gave MPD CEO Karen Webster a look into the mind of the cybercriminal, what they’ll be buying online with stolen credentials, and how retailers can stop them.



Here’s a holiday news flash: Consumers (and Santa) aren’t the only ones “making a list and checking it twice.”

Fraudsters are too. And chances are the lists that they are making and checking include many of the same things that most consumers wish for and hope to find inside a beautifully wrapped box this holiday season.

According to Forter CEO Michael Reitblat, cybercriminals, too, think that the holidays are the “most wonderful time of the year.” And they are ready to capitalize on the vulnerabilities of both merchants and consumers as the holiday rush goes into full swing.

Using stolen credit cards to do their buying.

From designer handbags to the latest Apple gadget, expensive jewelry and popular electronics, Reitblat confirmed that fraudsters often look for items that are both in high demand and that are easily and quickly sellable in other places.

This infographic says it all.


Fraudsters do their homework to identify what the hottest and most sought after goods will be for the holidays — well before most consumers have a chance to do their shopping — so that they can undercut legitimate eCommerce vendors and make a quick buck off of the stolen items.

“A lot of times [fraudsters] stock goods in advance; in fact, we see fraud attempts go up during October and November because they want to get inventory. Then, they will upload items on Cyber Monday because it’s easier for them to sell then than during other times,” Reitblat said.

In most cases, these fraudsters are part of organized syndicates with the resources and power to access (AKA buy with bitcoin) as much stolen credit card data as they need, allowing them to easily and discreetly generate identities and spoof local IP addresses from anywhere in the world. This infrastructure enables the cybercriminals to effectively and efficiently purchase goods using unauthorized transactions and later resell them for a profit, Reitblat added.


“They ride on the same wave of eCommerce as anyone else,” he says.

Here’s the kicker.

These fraudsters are able to actually compete with legitimate eCommerce players by using stolen credit card accounts to buy and set up their own websites from hosting services. And, in order to reach consumers so that they can unload the stolen goods, fraudsters utilize the same types of marketing channels as a regular business would.

As in SEO and other legitimate business boosting and marketing services, as Reitblat explained. They can be Facebook-driven or linked to other types of marketing services where fraudsters get access to accounts (or just create new ones) to purchase high-priced advertising for their sites and phish for information that will help them promote the lifted merchandise.

“It’s a new challenge,” Reitblat admitted when asked about how difficult it is to track down the fraudsters using these new methods to conduct cybercriminal activities.

“It makes it harder for government or law enforcement to find them because they buy hosting accounts with stolen credit cards and tunnel all the communication through sites that are connected to other sites that are connected to other sites,” he stated.


However, Forter takes a different approach to get inside the mind of these fraudsters and anticipate and track their every cybercrime-oriented moves.

The company first analyzes millions of transactions to detect fraudulent patterns and behaviors, then it goes straight to the source to get an inside look at where fraudsters communicate freely and plan out their malicious activities — the Dark Web — where criminals are surprisingly happy to share the tips and tricks of the trade.

“Our second source of information, which is probably unique compared to the rest of the industry, is that we monitor the deepest, darkest corners of the Web when fraudsters first talk to each other and then transact,” Reitblat said.

The Dark Web is where cybercriminals typically go to buy stolen credit card information with bitcoin and find out which products are selling for the most money. It has also become a place where fraudsters collaborate and exchange helpful information and tips, since there they perceive no real competitive threat. Why? Reitblat says that as far as the cybercriminal is concerned, there’s almost an “infinite” market of opportunity.

Monitoring transactions gives Forter a sense of what criminals are trying to steal, what they are successful in stealing and how those behaviors and preferences fluctuate over time. However, keeping an eye on how fraudsters communicate with each other provides an even deeper level of insight.

Fraudsters are even turning the tables on retailers’ goodwill by taking advantage of the services and offerings some retailers are providing to customers as yet another way to make money. Reitblat pointed out a major retailer who offered customers the ability to return gift cards for face value in cash, which cybercriminals quickly rushed to capitalize on.

“We see that fraudsters are becoming bolder. They found a way to take a very good service that this retailer designed for its customers and turn it into cash through an almost no-trace method because they used stolen credit cards to buy the gift card then use the gift card to get the cash,” he remarked.


As fraudsters continue to up their game, Reitblat explained that the best thing for merchants to do is to stay vigilant and not let the fear of fraud deter them from offering exceptional service to customers.

“It’s very important for merchants to remain agile and always question whether their current layer of protection or payment fraud protection is still relevant, because things change constantly,” Reitblat stated, emphasizing the need for retailers to also stay up to date on professional research and information and have open communication among themselves about fraud threats.

While Forter’s data points to an increase in the amount of fraud threats and attempts merchants will see this holiday season compared to last year, especially as more fraud moves online after the EMV liability shift, Reitblat still encourages retailers to continue offering value-added services because they drive sales up.

“The fear of fraud is more damaging to retailers and to buyers than fraud itself,” Reitblat said, noting the importance of finding the best way to serve good customers and not treat legitimate customers with suspicion just because there are some bad ones out there. One bad apple does not a whole bushel make — this holiday season or ever.


Michael Reitblat, CEO of Forter, will lead a discussion on the threats that face payments innovators today, taking place at Innovation Project at Harvard University on March 16–17.


New PYMNTS Report: The CFO’s Guide To Digitizing B2B Payments – August 2020 

The CFO’s Guide To Digitizing B2B Payments, a PYMNTS and Comdata collaboration, examines how companies are updating their AP approaches to protect their cash flows, support their vendors and enable their financial departments to operate remotely.