What happened to Try2Check?

On May 3rd, 2023, US Secret Service and DOJ shut down Try2Check, a website that offered card testing services on the dark web. Many of the largest sites that sell stolen card information (commonly known as card dump sites) offered the option to run cards through Try2Check at the time of purchase to show the stolen cards worked. A common form of testing involved transactions with merchant names consisting of seemingly random letters, sometimes called keyboard smashing or alphabet soup. With the seizure of this site, these specific card checks are no longer happening.

Rippleshot findings:

Rippleshot conducted an analysis using our consortium of over 5,000 banks and credit unions. We found keyboard smash and alphabet soup testing patterns occurred on thousands of transactions daily in late April. That activity stopped completely on May 5th and has continued to be dark.

‍

“When we saw that a major card dump site was shut down, we immediately reviewed our internal data to understand the impact. What we found is that common fraud testing patterns had completely halted on the same day Try2Check was shuttered. This is definitely not a coincidence.” -Rippleshot Fraud Specialist, Greg Lenihan

What does this mean for your financial institution?

The lack of immediate verification by a third party system most likely will lead to mistrust of card dump sites. Financial institutions (FI) must understand both the short-term benefits and potential consequences of this situation. If an FI or their processor already monitored these testing patterns, those systems have effectively stopped working. This had been an effective indicator that a particular BIN was being sold and a way to identify the cards that had been tested. It was one of the few instances where a card could be identified and closed just before fraud occurred.

What comes next?

Popular card dump sites will look for a replacement for this verification service.Try2Check’s main appeal to fraudsters was that it was a third party and had a positive reputation in the card fraud community. An alternative verification vendor will most likely be viewed with skepticism. This is due to the fact that Try2Check had a reputation for being neutral. Any new alternatives would need time to develop that reputation. Regardless, FIs and processors should be vigilant in looking for new testing patterns going forward.

What can FIs do in the short term?

FIs and processors that have incorporated those testing patterns into their processes will need to place additional emphasis on mitigating fraud transactions. Detecting and mitigating known fraud merchants can help with that goal, ideally incorporating information from sources outside of the financial institution’s card base.

‍Rules Assist is designed to provide financial institutions with high-risk merchants from our data consortium of 50 million daily transactions from more than 5,000 financial institutions. Our weekly report empowers fraud analysts to take action before fraudulent transactions occur and better protect their cardholders. To download a sample of this high-fraud merchant list, click here.

What can FIS do in the long term?

In the past few years, federal law enforcement agencies have attempted to shut down websites that sell stolen card information. Multiple card dump sites were seized in early 2022 and a major reseller of account credentials was seized in April of 2023. It appears that U.S. law enforcement agencies are making a serious effort to shut down these dark web resellers. With disruption in the card dump market, this leaves the groups that harvest the stolen card data in a precarious situation. We will continue to monitor this ever-changing environment and keep you posted.

Conclusion

The shutdown of Try2Check is a significant development in the ongoing battle against websites that aid in the selling of card information. The fact that keyboard smash/alphabet soup type testing has effectively ceased is a startling development. Until the card dump sites can find a replacement, fraudsters may start increasing their own testing which will make CPP analysis increasingly more valuable. Organizations that have built monitoring and rules strategy around these types of tests should re-evaluate them in this new environment.

About Rippleshot and Rules Assist

Since 2013, Rippleshot has been leveraging the power of AI, machine learning and automation to protect your customers from card fraud.

Rules Assist is the perfect blend of these tools. Together, they help your institution avoid falling behind the competition by providing the automation, machine learning, and data you need to implement effective rule writing strategies.

To learn more about how we can reduce cost, increase efficiency, and keep your fraud strategies up to date, please click the button below.