Key Challenges:
- The customer faced persistent and frequent carding attacks (also known as credit card stuffing/card verification attacks) on their application.
- A carding attack is an attack where attackers use stolen/fake credit card information and try to make online purchases.
- Similarly, in this situation, the attacker(s) utilized multiple fake/stolen credit card details along with randomly generated fake email addresses and tried to make a purchase.
- A worrisome concern for the customer was that the attacker could even place around 15 fake orders from their site by following this process.
- Being in the jeweller business, the customer urgently needed a solution to mitigate these carding attacks quickly, as it posed substantial financial losses due to these unauthorized transactions, thereby impacting their reputation with third-party payment providers.
Strategy & Recommended Solution:
- The customer contacted the Indusface team and was able to deploy the AppTrana solution within 60 minutes of the request
- After deployment, the managed services of the Indusface reached out to the customer to identify the attack parameters in detail, and to deploy the necessary solutions.
- A noticeable challenge identified with this carding attack was that it was a human-based attack (unique session ID) instead of a bot attack. The attacker carried out all the processes and functions like a regular user, making it hard to identify a normal user vs a hacker.
- The attacker also used different IP addresses belonging to different countries during each attempt.
- Hence, to tackle this problem, the managed services team created a pattern of the attacker behaviour based on all the historical data and tracked for any randomization performed on parameters like BIN (Bank Identification Number), Credit Card details, etc.
- The managed services team deployed custom rules to track and block any user attempting to edit any standard parameters linked to the carding attack.
- It was ensured that any parameter deviations made by the user for up to a specific number of attempts within a specific time frame were logged, and all the attempts exceeding those attempts were blocked.
- It was also made sure that the IP addresses used to perform the carding attacks were blocked to avoid any more access to those sets of IP addresses for a definite amount of time.
- Furthermore, if the user/attacker belonged to the geolocation where the customer had no scope of doing business, then such requests were blocked immediately with the help of IP filtration.
- All the above rules were deployed within a 48-hour time frame and the carding attacks were reduced significantly making sure that no fake requests were passed to the origin.
- In spite of the reduction in the attacks, the 24*7 managed services of Indusface constantly monitored the incoming traffic to track any other changing patterns in the behaviour of the incoming traffic and made sure to adjust the defense mechanisms on an ongoing basis.
- Since the deployment of the AppTrana WAAP, the customer has punched zero fake orders due to carding attacks over the past year.
Results:
- Successful mitigation of carding attacks within 48 hours of request
- Significant reduction in fraudulent transactions and zero fake orders
- Regained control over the brand reputation
- Efficient and quick response to prevent disruptions caused by carding attacks