Customer Success Story: How Scanning the Dark Web Has Changed Elements Financial’s Security

Dark Web Scanning
Share Button

Scanning the dark web for stolen credentials isn’t necessarily on the radar of every financial institution – but it should be. I was recently asked why we at Elements Financial believe so strongly in the power that scanning the dark web has to revolutionize a financial institution’s security, and why we bring it up so often. The answer is simple: because it prevents fraud.

How does it work?

First, we provide Easy Solutions with all of our Bank Identification Numbers (BINs). Easy Solutions is constantly searching the dark web, and when they detect malicious activity involving any of our card numbers, we receive an alert. As a small institution, we receive these alerts, on average, about once per week – sometimes they’ve found 5-10 cards, sometimes 40-plus. For a larger institution, the number will undoubtedly be much higher.

Once we’ve received the data on the potential cards that have been located, our staff gets to work analyzing the compromised data and creating a spreadsheet that includes: the BINs, last name, first name, city, zip code, and expiration date. Sometimes, all of the data points are included in the information received from Easy Solutions; sometimes, just a few. With the data organized, our next step is to determine which of our customers has been affected and if their compromised cards are still active.

When we find an active card on the dark web, we immediately contact the card owner and block the card that same day. All told, about 20 percent of the compromised cards sent to us by Easy Solutions are active cards that require immediate blocking – it’s impossible to put a figure on the amount of fraudulent activity we prevent by taking this proactive approach.

In addition to dark web monitoring for card information, Easy Solutions also searches third-party app stores, looking for copycat and malicious versions of our mobile web application. Any time they find one, which occurs for us about once per month, they immediately send out a cease-and-desist letter to the app store, and the app is almost always removed the same day. There is absolutely no work on our side, meaning that we get to passively ensure that our clients are not being victimized by malicious mobile applications.

Finally, Easy Solutions monitors for copycat domains that try to imitate our website. We have yet to experience a valid incident in which this has happened, but we know that if someone ever attempts to duplicate our site, our clients are safe.

Before we used these dark-web monitoring tools, we didn’t understand why they were so necessary. After seeing the actual amount of dark web activity involving our customers, we were immediately converted into dark-web monitoring evangelists.

 

For more information on dark web monitoring, take a look at Detect Monitoring Service.

Related Posts

When Chatbots Are Fraudbots: Do You Know Who You Are Chatting With? Today’s fraud landscape presents a plethora of potential attack vectors, and criminals are always coming up with more. Chatbots, a feature found on a variety of sites, present a new vector that has encouraged attackers to turn their attention to the profit potential of this well-meaning tool.
Card Not Present Fraud Is Still on the Rise: Can Anything Be Done? EMV was expected to help prevent fraud involving counterfeit credit cards. While the incidence of counterfeit card fraud has dropped, there has been a corresponding (and steady) rise in card not present fraud.

Leave a Reply

Your email address will not be published. Required fields are marked *