Deviating from the cybercriminal script: Exploring the contextual factors and cognitive biases involved in carding

This thesis explores the contextual factors and cognitive biases involved in the decision-making of carders. Carders engage in carding, the obtaining and cashing out of stolen payment card details. This works examines what operational security carders employ to stay secure and how they can make mistakes in these processes. It also analyses what mechanisms are in place to create bonds of trust in pseudonymous environments on the Web and how this complicates investigations into such illicit activities. Tutorials, created by carders, are analysed with crime script analysis to create insights into ‘optimal’ decision-making and to design situational crime prevention measures. An analysis of the organisation and tasks involved in carding with the CommonKADS method, however, will show that more extensive mapping of the carding process is required to understand decision-making. Cognitive biases will be explored to better understand the psychological reality of online crime commission. Expert interviews with law enforcement officers, bankers and card issuers will provide some evidence for the existence of such biases in carders. These interviews will also create novel insights into tactics against carding and common issues encountered in policing such international online crimes

Deviating from the cybercriminal script: exploring tools of anonymity (mis)used by carders on cryptomarkets

This work presents an overview of some of the tools that cybercriminals employ to trade securely. It will look at the weaknesses of these tools and how the behavior of cybercriminals will sometimes lead them to use tools in a nonoptimal manner, creating opportunities for law enforcement to identify and apprehend them. The criminal domain this article focuses on is carding, the online trade in stolen payment card details and the consequent criminal misuse of such data. However, these findings could be applied more broadly, as many of the analyzed tools are used across (cyber) criminal domains. This article is a continuation of earlier work, in which a crime script analysis of 25 carding tutorials presented the tools that cybercriminals use to cash-out stolen payment card details while remaining anonymous. We use these tutorials and an analysis of the literature to identify how they can be used incorrectly and create a typology of potential behavioral and technological pitfalls in these tools. Finally, we conclude that finding pitfalls in the usage of tools by cybercriminals has the potential to increase the efficiency of disruption, interception, and prevention approaches. However, in future work, interviews with law enforcement experts and convicted cybercriminals or still active users should be used to analyze the operational security of cybercriminals in more depth