Fintech Series | How to identify a Chinese merchant?
China based cyber criminals use various fintech services like Pay-In, Pay-Outs to create a layer against banking detection. These merchants get onboarded on various fintech companies using genuine documents and partial information. Following are some of indicators of Chinese Merchant:
- ASN Number : Alibaba
An ASN is a set of IP belonging to a Network. Many of the chinese merchants prefer Alibaba cloud for hosting their application or virtual machines. Hence, operational team can detect traffic originating from following ASNs:
AS37963
AS134963
AS45102
ASN Number can be validated from following IP sources:
Dashboard Login details
API call IP address
Website hosting IP address
Second option for these players is Amazon Cloud Service.
2. Website Source Code Analysis
Analyzing html code of the website provided by merchant reveals many information. Chinese patterns and comments may be observed from Website source code.
Source code can be seen by opening the website, right click on page → View Page Source or from developer options.
3. Android App Analysis
For rummy merchants, it is essential to get the Android Package file before giving them access to services. Analysis of Android APK will reaveal many chinese links. For analyzing android APK upload the file on www.virustotal.com and check for “Interesting Strings section”.
Following services indicate chinese links that are embedded in application:
umeng.com
baidu.com
yunos.com
(article in progress…)
