How We Stopped a Coordinated Fraud Attack in Real Time
At Global Processing, security is a priority. In November 2023, our fraud prevention team in the acquiring vertical faced one of the most complex challenges of the year: a series of coordinated attacks by fraudsters attempting to operate through fictitious sub-merchants.
The First Warning Sign
It all started when we identified sub-businesses whose CUITs corresponded to illegitimate individuals. We acted quickly and immediately blocked those businesses. However, we knew this was just the beginning.
The attack evolves…
Weeks later, we detected a new pattern: the fraudsters were creating multiple sub-businesses with similar names but using different tax IDs. It was a sophisticated and fast-moving attack. We needed an equally agile response.
Our Strategy: Sentinel in Action
Using Sentinel, our monitoring and prevention platform, we configured specific rules that allowed us to identify and block these illegitimate sub-merchants. The most valuable aspect was the ability to adapt the rules in real time, using custom fields and statistical behaviors without affecting the authorization flow.
Key Actions
We implemented a series of strategic measures:
• Velocity rules combined with statistical analysis: This gave us a clear advantage in detecting suspicious patterns.
• Negative lists: with cards confirmed as compromised, blocking their use at new merchants.
• Automatic email alerts: from the Sentinel central messaging application, prioritizing the review of critical events.
The Result: Total Effectiveness
The most effective rule to date has been the one that automatically rejects any authorization attempts with previously compromised cards. This measure has achieved 100% effectiveness in real time, declining all fraudulent transactions without exception.
Lucas Palmerio
Claims to Fraud Prevention Manager – Argentina
