Using a Next-Gen WAF to Identify & Prevent Carding

PUBLISHED ON February 21, 2019
LAST UPDATED July 12, 2022

As more and more businesses elect to conduct business online, not only are they subject to additional threats, but their customers are as well. For customers, this is especially true when using and submitting credit cards to complete online transactions. One of the most common attacks in this space is Carding. Carding occurs when an attacker utilizes illegally obtained credit card information (often in bulk), attempts to validate the stolen card numbers, and sells/utilizes the valid credit card information. In 2018, credit card fraud was expected to exceed $6 billion*. This number is only expected to grow as online shopping becomes more widespread and accepted.

Just last month, one of ThreatX’s customers came under a carding attack. Our 24/7 SOC was able to work with the customer to quickly identify and neutralize the attack before any harm was done. See below for an overview of the incident, including how it was detected, the solution, and the potential impact of such an incident going unprotected.

Problem: A high-volume of failed credit card transactions and fake sign-ups were registered on this customer’s e-commerce site

The challenge with identifying carding quickly is it often looks like normal transactions (I.e. customer input expired or incorrect credit card information) and is not caught until a large quantity of failures is registered. To make matters worse, these attacks are even more challenging to detect when the fraud is committed by multiple entities.

Solution: Within 30-minutes of being notified, the ThreatX SOC had written and initiated a custom rate limiting rule to further track the fraudulent behavior. From there, ThreatX analytics capabilities were used to successfully fingerprint and identify the behavior of the carders so they would be blocked no matter what IP they came from. Now, the custom rule enables the automatic identification of new entities that engage in similar behavior and trigger an auto-block in the future.

Value: This customer avoided a potentially disastrous (and costly) attack, which would have negatively impacted the business and its customers.

Aside from the obvious value to this customer, the ThreatX WAF can now automatically recognize similar patterns of fraudulent traffic across our customer base and prevent these attacks in the future.

To learn more about the ThreatX WAF, our talented SOC, and how we can protect your unique application environment and architecture, schedule a personal demo with one of our systems engineers today.


About the Author

Anthony Velte

Anthony T. Velte, CISSP, CISA, is a ThreatX Security Sales Engineer with over twenty years of experience in Information Systems Security, Architecture, and Engineering. He has written more than a dozen technology books including McGraw-Hill Education’s Cloud Computing: A Practical Approach and Cisco: A Beginner's Guide 1st-5th editions.