Financial Fraudsters May Have Met Their Match

In April 2020, Brightwell card users found their accounts drained of hard-earned cash due to a brute force cybercriminal attack. Brightwell vowed it would never let this happen again. Here’s what it’s doing to keep card issuers and their users safe.
Michal Christine Escobar
escobar
credit card with lock

In the beginning of 2020, Brightwell was coming off the best year the company had ever had. The company works with a wide variety of major cruise lines to help crew members – who hail from all parts of the world – gain access to their money quickly and easily, regardless of the currency they prefer to use. It does this by providing a card to crew members where the cruise line can deposit their salary, which then can be used as a debit card. For Brightwell, all seemed to be going well until March 13th when the world’s major cruise lines agreed to voluntarily shut down for the next 30 days.

“The industry went into chaos,” explains Larry Hipp, CEO.

Ultimately, the CDC enacted a ‘No Sail’ order on the cruise industry that lasted all the way until July 2021. This resulted in thousands of cruise ship staff members leaving their ships and heading home to try and find work while they waited for the cruise industry to restart.

“As you might imagine, these crew members were facing a very dire work situation. And then it got worse,” Hipp notes.
 

THE ATTACK

One morning in mid-April, Brightwell executives woke up to $3 million in fraudulent losses over the course of about three hours. But it wasn’t Brightwell’s money that was stolen. It was crew member salaries and savings – stored on their Brightwell card – that was stolen.

“That day we weren’t the only company targeted,” Hipp says. “We now know of 12 other companies that were hit the same day and in the same way. To be clear: There was no data breach, there was no hacking into our system. This was a good old fashion brute force attack.”

Cybercriminals threw more than one hundred million card transaction attempts at the card numbers that were in Brightwell’s card range. And they kept trying every combination of card number, expiration date and CVV until they got a match. Then when they got a match, they would drain the card down to zero as fast as they could.

“Fraudsters are extremely intelligent. In some parts of the world, there are cubicle farms employing people to find ways to steal money from good, honest, hard-working individuals. It’s horrible, but it’s true,” Hipp added. “In fact, financial fraud has now overtaken the drug trade as the most profitable fraud industry worldwide.”

So, Brightwell sprang into action. It worked as hard as it could to get the money back as fast as it could. Thankfully, it was able to recover all the missing funds. But this attack made the company realize that there was a “huge fraud hole” facing the card industry.
 

THE SOLUTION

“I took over as CEO of Brightwell on April 30th, just a few weeks after this horrible incident happened and I knew I never wanted that to happen again. But when we went looking for software to buy that would solve this problem, we discovered the software didn’t exist. So, we decided to build it ourselves,” Hipp explained.

Of course, Brightwell isn’t the only company that issues cards to employees and/or guests. Hotels, restaurants, cruise lines, airlines, casinos and more all issue different types of cards – from debit to credit to loyalty. All of these cards are at risk for this type of attack.

“Fraud is bad for everyone,” Hipp adds. “We’ve built something that we know is truly unique because we spent six months trying to buy it. If we could’ve bought this software, we would have! But now that we’ve built it, we’re just trying to help everyone who issues a card to have access to it because any day we’re able to one-up the criminals is a good day for us.”
 

HOW IT WORKS

To help prevent brute force attacks from working, Brightwell designed a software that takes card transaction data – in real-time – and filters it through an AI engine. The AI looks for a variety of metrics and decision points to decide if the transaction looks legitimate or not. This may sound familiar as many companies have been following this model for more than a decade when trying to determine if an individual’s purchasing choice is legitimate or fraudulent. But what sets Brightwell’s solution apart is that it isn’t focused on the individual’s purchasing decision. Instead, Brightwell is searching card transactions looking for large scale attacks.

“Using AI and data and our algorithms, we can figure out where the bad guys are and stop them in their tracks,” Hipp adds. “Every new person/company that uses the software strengthens the defenses for everyone else already on the platform. When we see a fraudulent attack taking place, we can proactively block it from happening for anyone using the product.”

Brightwell values the human on the other side of the card and realizes that when individuals lose their money, their reward points, or whatever else is connected to their branded card – it’s a nightmare.

“The companies that understand that there is a person on the other side of that card and is willing to do everything they can to help those people have a positive interaction with their business, they’ll be the ones who will be most interested in this product and will love this product the most,” Hipp explained.

For those who are interested in learning more about this new product, visit: https://www.brightwell.com/arden

Related Topics

X
This ad will auto-close in 10 seconds