What Happened:

On May 3rd, 2023, US Secret Service and DOJ shut down Try2Check, a website that offered card testing services on the dark web. Many of the largest sites that sell stolen card information (commonly known as card dump sites) offered the option to run cards through Try2Check at the time of purchase to show the stolen cards worked. One of the common forms of testing used involved transactions with merchant names filled with seemingly random letters, sometimes called keyboard smash or alphabet soup. With the seizure of this site, these specific card checks are no longer happening.

Rippleshot Findings:

Rippleshot completed analysis using our consortium of over 4,500 banks and credit unions. We found keyboard smash and alphabet soup testing patterns occurred on thousands of transactions daily in late April. That activity stopped completely on May 5th and has continued to be dark. 

What It Means For FIs:

The lack of immediate verification by a third party system most likely will lead to mistrust of card dump sites. There are short term benefits, as well as potential consequences that FIs should understand. If an FI or their processor were already monitoring these testing patterns, those systems have effectively stopped working. This had been an effective indicator that a particular BIN was being sold and a way to identify the cards that had been tested. It was one of the few instances where a card could be identified and closed just before fraud occurs.

What Comes Next:

The big card dump sites will look for a replacement for this verification service. Try2Check’s main appeal was that it was a third party and had a positive reputation in the carding community. An alternative verification vendor will most likely be viewed with skepticism. Regardless, FIs and processors should be vigilant in looking for new testing patterns going forward.

What FIs Should Do - Short Term:

FIs and processors that had incorporated those testing patterns into their processes will need to put more emphasis on mitigating fraud transactions. Detecting and mitigating known fraud merchants can help with that goal, ideally incorporating information from sources outside of the financial institution’s cardbase. Rippleshot Rules Assist is designed to provide financial institutions with high risk merchants from our consortium allowing fraud analysts to take action on those merchants before fraudulent transactions occur on their cardholders.

What FIs Should Do - Long Term Outlook:

In the past few years, law enforcement has had a number of notable successes in shutting down sites relating to selling stolen card information. Multiple card dump sites were seized in early 2022, a major reseller of account credentials was seized in April of 2023, and now Try2Check has been seized. It appears that US agencies are making a serious effort to shut down these dark web resellers. With enough of a disruption in the card dump market, that leaves the groups that harvest the card data in an interesting situation.

For those groups, we speculate they may be getting to a point where the remaining card dump sites reduce the offer price for those card lists. If the offer is low enough, the harvesting groups may consider cutting out the card dump sites completely and selling the cards directly or attempting fraud transactions themselves. This would make Common Point of Purchase (CPP) analysis, which is examining cards which have experienced similar fraud patterns to find the source of the breach, much more effective. Systems built on that type of analysis to detect CPPs, like Rippleshot Sonar, would become even more powerful solutions in predicting future fraud. 

Conclusion

The shutdown of Try2Check is a significant development in the ongoing battle against websites that aid in the selling of card information. The fact that keyboard smash/alphabet soup type testing has effectively ceased is a startling development. Until the card dump sites can find a replacement, fraudsters may start increasing their own testing which will  make CPP analysis increasingly more valuable. Organizations that had built monitoring and rules strategy around those types of tests will need to re-evaluate them in this new environment.

About Rippleshot and Rules Assist

Since 2013, Rippleshot has been leveraging the power of machine learning and automation to protect your customers from card fraud.

Rules Assist is the perfect blend of these tools. Together, they help your institution avoid falling behind the competition by providing the automation, machine learning, and data you need to implement effective rule writing strategies.

To learn more about how we can reduce cost, increase efficiency, and keep your fraud strategies up to date, please click the button below.

‍

‍