Europol – Takes on Cybercrime with EC3

The majority of credit card numbers used in cybercrime in the EU have historically originated
from United States data breaches, so a major focus of the EC3 has been preventing card-not-
present (CNP) fraud. Europol reports that organised crime makes 1.5 billion Euro from credit
card fraud, 900 million of which originate from CNP fraud.

In 2013, EC3 took down the largest ransomware cybercrime network in Russia, Operation
Ransom, which spanned 33 countries, including 22 in the EU. Operation Ransom infected
computers with police ransomware, which is a type of malware that blocks a computer
completely and warns the user that they have visited illegal websites, such as child pornography,
and requests payment of a fine to unblock it.

As part of its “Focal Point Terminal” division, the EC3 busted an Asian criminal network
responsible for the theft of 15,000 credit card numbers and for conducting illegal Internet
transactions and purchases of airline tickets. In July, the EC3 held ‘a day of action’ to target
criminals using stolen credit cards to buy airline tickets as part of a different ring.

(Source: Kenneth C. Laudon and Carol Guercio Traver, E-Commerce 2015 business-
technology-society 10th edition, Pearson: 2015:p.p. 235-237)

Question A1
You are required to answer the following questions based on the above article:

i. Critically analyse TWO (2) types of protections that need to be input into credit card payment
system in order to eliminate credit card fraud. Support your answer with relevant examples

Credit fraud tends to become one of the most prominent ways of online scams plaguing
companies around the world. Card-present fraud and card-not-present fraud are two key forms
of credit card fraud.
There are a few payment gateways for fraud prevention mechanisms used to mitigate losses
linked to fraud such as :

Card Verification Value (CVV)

Payment gateways often use Card Verification Value, also referred to as CVV, as part of multi -
layered fraud protection. The CVV is a 3 or 4 digit code which comes with every credit card. As
CVV codes aren't ever stored in payment gateway databases, this number can only be identified
and used by cardholders through physical cards in the eyes. You can minimize the risk of card
fraud by activating a CVV fraud filter.
Transaction limit

Most payment gateways make it possible for you to restrict the amount of large transactions per
day from the same account. This move will prevent the incidence of major transaction fraud and
can help you avoid expensive chargebacks.

(20 marks)

ii. Critically discuss the type of hacker that attacks Operation Ransom in Russia. Support you
answer with relevant examples.
Ransomware is a type of malware that traps computers in order to unlock them, while hackers de
mand ransom payments. According to Charles Carmakal, the strategic services chief technology 
officer at the cyber security company FireEye Inc., ransoms differ due to factors such as hospital 
scale and perceived ability to pay in a most recent rash of assaults.
Garmin ransomware hack in July 27 2020.

Malware attack is one of the most methods that hackers do to cyber attack.
It is possible to define malicious software as unauthorized software that is installed on the
device without owner permission. It can connect itself and spread to legitimate code; it can
lurk or duplicate itself around the Internet in useful applications. Here are some of the most
prevalent malware types such as macro viruses,file infectors, system or boot record infectors,
polymorphic viruses stealth viruses and many more.

(10 marks)

iii. Critically discuss TWO (2) types of online measures that are implemented by banks in
identifying their online customers’ identity before they can do online banking. Support your
answer with relevant examples.

Banks are expected to comply with customer due diligence requirements according 
to Finnish law, which ensures banks must recognise and know their customers. 
In addition to the customer's personal data, the bank must provide adequate information on the ac
tivities of 
the customer, its financial status, its banking practices and the reason for which the services are u
sed. Banks have to check their customs in reality. Bank may advice us to do several things to
keep the money safe and no one unless you can access it,

1. Keep your security codes confidential.

2. Make sure your debit card is never used by another person.
3. Take care of properly secured equipment that you use for your banking transactions.
4. Check your bank account on a regular basis.
5. Please report incidents directly to Credit Europe Bank and follow the instructions of the
bank.

Verification (Know Your Customer (KYC)

The first one is security codes
As customer we can choose and create our own security codes that usually combine by number,
alphabet, and caps lock. Security codes are all the codes you need to use for electronic, internet 
and mobile banking payments, including the codes issued by your bank's code calculator.
Ensure that when you type in your security codes, no one will watch you. Never, by phone or em
ail or in some other way, pass a security code.

 (customer due diligence (CDD)

The term Customer due diligence is the method of identifying the customer through 
credible, independent source records, data or information to verify the identity of that customer. 
Also included is the procedure. Obtaining details about the intent and planned 
existence of the company and/or transaction relationship.

(10 marks)

(Total 40 marks)