The rapid evolution of artificial intelligence (AI) has brought transformative benefits across industries, but it has also become a powerful tool for cybercriminals.
Fraudsters are increasingly leveraging AI-driven automation to conduct large-scale “card testing” attacks, a scheme used to validate stolen credit card details.
These operations, which exploit vulnerabilities in e-commerce platforms and payment systems, pose significant challenges for fraud detection and prevention mechanisms.
Card testing involves making small, often unnoticed transactions using stolen credit card information to determine whether the cards are active and have sufficient funds.
Once validated, these cards are used for high-value fraudulent purchases or sold on dark web marketplaces at a premium.
The integration of AI into these schemes has enabled cybercriminals to scale their operations, evade detection, and outpace traditional fraud prevention systems.
Automation Tools in the Hands of Cybercriminals
AI-powered tools such as Selenium and WebDriver, originally designed for legitimate purposes like software testing, are being repurposed by fraudsters to mimic human behavior during online transactions.
These tools allow attackers to automate the validation of thousands of stolen card credentials in real-time.
By routing bot traffic through residential proxy networks, cybercriminals can disguise their activities as legitimate user interactions, making detection even more difficult.
The sophistication of these attacks is evident in recent cases where spikes in unusual transaction patterns were observed on specific merchant websites.
For instance, analysts detected significant increases in Three-Domain Secure (3DS) transactions targeting e-ticket merchants like Taiwan High Speed Rail Corporation.
Investigations revealed that these transactions were driven by automated bots using compromised cards obtained from underground markets.
Emerging Threats with AI Agents
The advent of autonomous AI agents has further escalated the threat landscape.
These agents can perform complex tasks such as booking reservations or completing online purchases with minimal human oversight.
While designed for efficiency and productivity, they can be exploited to conduct fraudulent activities at scale.
According to the Group IB Report, cybercriminals can deploy AI agents to rapidly test stolen card data or create synthetic identities for money laundering schemes.
Moreover, AI’s ability to mimic human behavior such as random mouse movements and real-time form completion enables it to bypass basic bot-detection systems.
To combat these evolving threats, financial institutions and e-commerce platforms must adopt advanced fraud detection technologies:
- Behavioral Analytics: Machine learning models can analyze transaction patterns to identify anomalies indicative of fraud.
- 3D-Secure Protocols: Adding multi-factor authentication layers can help prevent unauthorized transactions.
- Proxy Detection: Enhanced monitoring of traffic from residential proxies or hosting servers can flag suspicious activities.
- Real-Time Monitoring: AI-driven systems can provide instant alerts for unusual transaction spikes or repetitive micro-transactions.
- Dark Web Surveillance: Proactive monitoring of underground forums for stolen card data can help mitigate risks before fraud occurs.
While AI offers unparalleled capabilities for fraud prevention, its dual-use nature underscores the need for continuous innovation in cybersecurity measures.
As cybercriminals refine their tactics using AI, staying ahead requires a collaborative effort between technology providers, financial institutions, and law enforcement agencies.
