Written by FinCrime

Barclays looks for collaborators on a ‘kill chain’ to fight fraud

Reported by Carter Pape

Experts from Barclays and Threat Fabric, as well as the National Retail Federation (NRF) and Target, introduced their respective efforts to develop so-called fraud “kill chains” to map and understand the structure of economic crimes.

The fraud kill chain

Download White Paper from here:

Fraud-Kill-Chain-White-Paper-V2.pdfDownload

The model from Barclays and Threat Fabric outlines 10 phases and is used to map attacks like digital wallet and NFC relay fraud: Reconnaissance, resource development, psychological manipulation, faux communications, credential compromise, account access, authorization compromise, fraud event, monetization and money laundering.

In a separate presentation, NRF and Target presented a retail fraud taxonomy that includes four categories: Pre-compromise, initial access, control and monetization.

Evan Gaustad, senior director of threat detection, fraud and abuse at Target, emphasized the value of a common vocabulary, noting that detailed schemes like gift card tampering involve multiple distinct roles and steps.

Gaustad recalled meetings with other retailers and the Department of Homeland Security, in which the parties tried to talk about whether the person in security footage was a gift card tamperer. That question is complicated, because gift card tampering involves multiple steps: Taking gift cards from stores, sending them to a central location, getting the access codes off the cards, repackaging them, and placing them back on store shelves.

“So, it’s not one tamperer,” Gaustad said. “There’s actually like five different jobs in this scheme.”

Both presentations also highlighted that many fraud attacks now involve exploiting human vulnerabilities, a factor not always covered in traditional cyber frameworks focused on technical exploits.

For example, a common digital wallet attack uses smishing or fake web shops to lure victims to compromise their card details and one-time passwords, which are then used by fraudsters to provision cards onto their own devices in real-time. NFC relay, or “ghost tap,” attacks, enable fraudsters to make physical payments with a provisioned card from a distance by relaying the NFC signal.

Read full report: https://archive.ph/uA1zw

Leave a comment