Mastercard Incorporated
Method and system for identifying merchants selling ransomware

Abstract:

A method for identifying a merchant associated with ransomware includes: storing, in a profile database, a plurality of merchant profiles, wherein each merchant profile is related to a merchant and includes at least a merchant identifier; receiving, by a receiving device, an authorization request for a payment transaction, wherein the authorization request includes a specific merchant identifier associated with a merchant involved in the payment transaction, and the payment transaction is initiated by a computing device infected with one or more ransomware application programs; identifying, by a processing device, a specific merchant profile in the profile database where the included merchant identifier corresponds to the specific merchant identifier included in the received authorization request; and updating, by the processing device, the specific merchant profile in the profile database to include an indication that the related merchant is associated with the distribution of the one or more ransomware application programs.