Buy goods or obtain cash utilizing validated stolen payment card or other user account data.
What is Cashing Out?
Obtaining currency or higher-value merchandise via the application using stolen, previously validated payment cards or other account login credentials. Cashing Out sometimes may be undertaken in conjunction with product return fraud. For financial transactions, this is usually a transfer of funds to a mule’s account. For payment cards, this activity may occur following OAT-001 Carding
of bulk stolen data or OAT-010 Card Cracking
, and the goods are dropped at a reshipper’s address. The refunding of payments via non-financial applications (e.g. tax refunds, claims payment) is also included in Cashing Out.
Obtaining other information of value from the application is instead OAT-011 Scraping
Cashing out is also known by terms such as money laundering, online credit card fraud, online payment card fraud, refund fraud, stolen identity refund fraud (SIRF).
The symptoms of Cashing Out
Increased usage of interlinked accounts (e.g. same phone number, same password, same or similar email address)
Same or similar accounts for both “buyer” and “seller” in sites that facilitate consumer-to-consumer (C2C) commerce
Increased demand for higher-value goods or services
Increased demand for a single supplier’s goods or services
Sectors targeted by Cashing Out
Can InfiSecure prevent Cashing Out?
InfiSecure’s advanced bot mitigation technology can stop cashing out attempts by online bots. InfiSecure can identify and restrict automated usage by fingerprinting the user agent for its unique characteristics and other attack vectors. InfiSecure can even puts a limit to the number of payments / transactions per session / user / IP address / device / fingerprint.