Economic offenses through Credit Card Frauds Dissected

50 %
50 %
Information about Economic offenses through Credit Card Frauds Dissected
Technology

Published on January 1, 2009

Author: amiable_indian

Source: slideshare.net

ECONOMIC OFFENCES USING CREDIT CARDS Harshad S. Patil, B.Tech. (I.T.)(V.J.T.I.), PG.Dip. Cyber Crime Management 6/12/08

Agenda Types of frauds Statistics Why is credit card fraud more disastrous and damaging than others? Glossary What credit card numbers signify Working What is Credit Card fraud (CCF) Modus Operandi and scope of fraud in it Common Types of CCF Tools for CCF Factors contributing to CCF Suggested Precautions to be taken by merchants for prevention of online CCF Credit Card Fraud (CCF) Detection Techniques Tools to control CCF Fraud Prevention Techniques Types of Credit Card frauds Cases related to Credit Card frauds Problems in fixing criminal which enhances this crime and new methods to overcome it Videos of credit card frauds Conclusion

Types of frauds

Statistics

Why is credit card fraud more disastrous and damaging than others?

Glossary

What credit card numbers signify

Working

What is Credit Card fraud (CCF)

Modus Operandi and scope of fraud in it

Common Types of CCF

Tools for CCF

Factors contributing to CCF

Suggested Precautions to be taken by merchants for prevention of online CCF

Credit Card Fraud (CCF) Detection Techniques

Tools to control CCF

Fraud Prevention Techniques

Types of Credit Card frauds

Cases related to Credit Card frauds

Problems in fixing criminal which enhances this crime and new methods to overcome it

Videos of credit card frauds

Conclusion

Fraud Defined Fraud is the deliberate misrepresentation (or concealment) which causes another person to suffer damages, usually monetary losses. (Source:www.wisegeek.com/what-is-fraud.htm ) Textbook Definition: All multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions or suppression of the truth. It includes all surprises, tricks, cunning or dissembling, and any unfair way which another is cheated. ( Source: Black’s Law Dictionary, 5th ed., by Henry Campbell Black, West Publishing Co.,) Examples of Fraud Producing Fraudulent Financial Statements Larceny – unlawful taking and removing of property with intent of permanently depriving the owner Skimming – taking of property before it is recorded on the books Fraudulent Disbursements Kickbacks and bribes Unauthorized or illegal use of confidential or proprietary information

Fraud is the deliberate misrepresentation (or concealment) which causes another person to suffer damages, usually monetary losses. (Source:www.wisegeek.com/what-is-fraud.htm )

Textbook Definition:

All multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions or suppression of the truth. It includes all surprises, tricks, cunning or dissembling, and any unfair way which another is cheated. ( Source: Black’s Law Dictionary, 5th ed., by Henry Campbell Black, West Publishing Co.,)

Producing Fraudulent Financial Statements

Larceny – unlawful taking and removing of property with intent of permanently depriving the owner

Skimming – taking of property before it is recorded on the books

Fraudulent Disbursements

Kickbacks and bribes

Unauthorized or illegal use of confidential or proprietary information

Types of Fraud Online Pharmacy Fraud incorporates numerous crimes and potentially dangerous health considerations. In what many are calling America's fastest growing type of robbery, crooks use your name, social security number or that blank, pre-approved credit application you tossed out. Hacking Identity Theft Phishing/Spoofing Spam Spyware Any non-violent offense committed by or against an individual or corporation and which results in a financial loss. Cross-Border Fraud  Advanced Fee Scams Charities Fraud Investment Fraud  Job Scams Debt Elimination Nigerian "4-1-9" Scams Ponzi  Schemes The most common cross-border frauds involve: Phony prize promotions Foreign lottery schemes Advance-fee loans Travel offer scams Unnecessary credit card loss "protection" Thousands of American consumers receive sweepstakes promotions but if you have to pay to play or pay to receive your "winnings" the promotion is a scam. Foreign Lottery Fraud Sweepstakes/Prizes Scam The latest scam to hit American consumers involves counterfeit financial instruments. Counterfeit Cashier's Checks Counterfeit Money Orders Internet auction fraud occurs in several ways, but the most common is the failure to deliver the purchased item. International Auction Fraud Escrow Services Scam     Internet auction fraud involves non-delivery, misrepresentation, triangulation, fee stacking, black-market goods, multiple bidding, and shill bidding: The victim signs up with the phony escrow service and sends payment to the service and receives nothing in return. Pharmacy fraud Identity Fraud Financial Fraud Auction Fraud Sweepstakes Fraud Counterfeit Payments Fraud

Online Pharmacy Fraud incorporates numerous crimes and potentially dangerous health considerations.

In what many are calling America's fastest growing type of robbery, crooks use your name, social security number or that blank, pre-approved credit application you tossed out.

Hacking

Identity Theft

Phishing/Spoofing

Spam

Spyware

Any non-violent offense committed by or against an individual or corporation and which results in a financial loss.

Cross-Border Fraud 

Advanced Fee Scams

Charities Fraud

Investment Fraud 

Job Scams

Debt Elimination

Nigerian "4-1-9" Scams

Ponzi  Schemes

The most common cross-border frauds involve:

Phony prize promotions

Foreign lottery schemes

Advance-fee loans

Travel offer scams

Unnecessary credit card loss "protection"

Thousands of American consumers receive sweepstakes promotions but if you have to pay to play or pay to receive your "winnings" the promotion is a scam.

Foreign Lottery Fraud

Sweepstakes/Prizes Scam

The latest scam to hit American consumers involves counterfeit financial instruments.

Counterfeit Cashier's Checks

Counterfeit Money Orders

Internet auction fraud occurs in several ways, but the most common is the failure to deliver the purchased item.

International Auction Fraud

Escrow Services Scam 

   Internet auction fraud involves non-delivery, misrepresentation, triangulation, fee stacking, black-market goods, multiple bidding, and shill bidding:

The victim signs up with the phony escrow service and sends payment to the service and receives nothing in return.

Causes of Fraud Rationalization Incentive Opportunity

The Fraud Triangle helps explaining the human process for committing fraud Employees, vendor, others justify fraud: “ They owe me” or “I earned it” “ I need it more than they do” “ It’s only fair” “ God will forgive me” • Rationalization is a form of denial. The person is not accepting reality. • Rationalization is the hardest area for management to influence or control. Incentives and Pressure can be real or imagined: Compulsive behaviors Gambling, alcohol, illegal drug use Financial debts Credit cards, health care Family problems Divorce, extramarital affairs, problems with children Opportunity is the perception by someone believing they can commit a fraud without getting caught. Management controls and influences “opportunity” more than any other factor in the Fraud Triangle. Management tools are employment checks, internal controls, internal and external audits and a host of other techniques. 90% of Frauds are committed by “trusted” employees. Source: http://www.acfe.com These issues on employees can be reduced via Employee Assistance Plans, counseling and work assignments. EAPs are management’s tool to help control fraud. Fraud Indicators Accounting anomalies Internal Control weaknesses Analytical anomalies Extravagant lifestyles Unusual behaviors Tips and complaints – whistleblower policy Rationalization Incentive Opportunity

Employees, vendor, others justify fraud:

“ They owe me” or “I earned it”

“ I need it more than they do”

“ It’s only fair”

“ God will forgive me”

• Rationalization is a form of denial. The person is not accepting reality.

• Rationalization is the hardest area for management to influence or control.

Incentives and Pressure can be real or imagined:

Compulsive behaviors

Gambling, alcohol, illegal drug use

Financial debts

Credit cards, health care

Family problems

Divorce, extramarital affairs, problems with children

Opportunity is the perception by someone believing they can commit a fraud without getting caught.

Management controls and influences “opportunity” more than any other factor in the Fraud Triangle.

Management tools are employment checks, internal controls, internal and external audits and a host of other techniques.

90% of Frauds are committed by “trusted” employees. Source: http://www.acfe.com

Accounting anomalies

Internal Control weaknesses

Analytical anomalies

Extravagant lifestyles

Unusual behaviors

Tips and complaints – whistleblower policy

Fraud statistics

Why does credit card fraud matter? The Federal Trade Commission estimates that 10 million people are victimized by credit card theft each year According to the US Department of Homeland Security, the cost of credit and charge card fraud may be as high as $500 million a year These costs ‘trickle down’ in higher interest rates and fees for all consumers Fraud victimisation in credit card frauds 28 per cent of florists; 43 per cent of booksellers; 26 per cent of recorded music retailers; 33 per cent of toy and game retailers; 30 per cent of computer hardware retailers. Overall one-third of all retailers who had ever sold products online have been the victim of Online fraud at some stage.

The Federal Trade Commission estimates that 10 million people are victimized by credit card theft each year

According to the US Department of Homeland Security, the cost of credit and charge card fraud may be as high as $500 million a year

These costs ‘trickle down’ in higher interest rates and fees for all consumers

Fraud victimisation in credit card frauds

28 per cent of florists;

43 per cent of booksellers;

26 per cent of recorded music retailers;

33 per cent of toy and game retailers;

30 per cent of computer hardware retailers.

Overall one-third of all retailers who had ever sold products online have been the victim of

Online fraud at some stage.

Why is CCF more damaging and disastrous than most of the other types?

CCF break up as per types http://www.popcenter.org/problems/credit_card_fraud/images/piechart.gif

Stats in Canada Data source: Statistics Canada, Canadian Centre for Justice Statistics,

Stats in US Source: http://www.stargatesemiconductor.com/9003460290/CreditCardFraud.bmp

Stats in UK Fig Courtesy:KPMG

Glossary: Describes the process in which a device is used to copy the magnetic stripe encoding off of a card - one reason card holders are cautioned against using ATM machines that look unusual Skimming A loan or credit card debt written off as uncollectible from the borrower. The debt, however, remains valid and subject to collection Charge off Secure Socket Layer This is a security protocol for data exchange on the Internet. Set up on a server, mitigates the chance that information exchanged between the merchant’s server and the purchaser’s browser be intercepted by a third party.  SSL (Secure payment gateway) Its independent service acting as an intermediary between merchant’s shopping cart and the different bank networks involved in the transaction, (the purchaser’s bank card bank and the seller’s merchant account bank)  It verifies the validity and encrypts the details of each transaction, ensures of the correct destinations for the data, and decodes the responses sent back to the shopping cart.  Gateway Internet Merchant Account This is the virtual terminal linked to the bank account; it enables the merchant to accept payment by bank card from its customers and to receive money for sales IMA Internet Payment Service Provider or Payment Service Provider, provider supplying an online payment solution. Cashtronics is an IPSP or PSP  IPSP A chargeback takes place when the cardholder informs his/her bank that they have not authorized a transaction or that the product ordered by him/her has not been delivered. In other words, it is an outstanding amount because the merchant is required to reimburse the cardholder. There are several levels of chargebacks, the most serious being for fraud, or if the card has been stolen.  Chargeback

Secure Socket Layer

This is a security protocol for data exchange on the Internet. Set up on a server, mitigates the chance that information exchanged between the merchant’s server and the purchaser’s browser be intercepted by a third party. 

(Secure payment gateway)

Its independent service acting as an intermediary between merchant’s shopping cart and the different bank networks involved in the transaction, (the purchaser’s bank card bank and the seller’s merchant account bank) 

It verifies the validity and encrypts the details of each transaction, ensures of the correct destinations for the data, and decodes the responses sent back to the shopping cart. 

Internet Merchant Account

This is the virtual terminal linked to the bank account; it enables the merchant to accept payment by bank card from its customers and to receive money for sales

A chargeback takes place when the cardholder informs his/her bank that they have not authorized a transaction or that the product ordered by him/her has not been delivered. In other words, it is an outstanding amount because the merchant is required to reimburse the cardholder.

There are several levels of chargebacks, the most serious being for fraud, or if the card has been stolen. 

For the merchants, its terrifying!! If online credit card fraud scares consumers, then it absolutely terrifies merchants! While consumers have some protection against fraud, fraudulent credit card transactions are costing ecommerce merchants many millions of dollars annually.  Counting the cost of fraud. There are a couple of winners when it comes to fraud... the people perpetrating the fraud of course, and the credit card issuing banks. The fees involved with  chargebacks  are horrendous - US$ 30 and upwards per transaction! Additionally, if you experience a high rate of fraud, you may wind up paying higher processing fees or have your  merchant account  terminated altogether. After being terminated, it's very difficult to gain processing services elsewhere. Proper fraud screening is critical in not only saving money, but it can also save your business.

If online credit card fraud scares consumers, then it absolutely terrifies merchants! While consumers have some protection against fraud, fraudulent credit card transactions are costing ecommerce merchants many millions of dollars annually. 

Counting the cost of fraud.

There are a couple of winners when it comes to fraud... the people perpetrating the fraud of course, and the credit card issuing banks. The fees involved with  chargebacks  are horrendous - US$ 30 and upwards per transaction! Additionally, if you experience a high rate of fraud, you may wind up paying higher processing fees or have your  merchant account  terminated altogether. After being terminated, it's very difficult to gain processing services elsewhere. Proper fraud screening is critical in not only saving money, but it can also save your business.

Credit card (Front Side) An ISO 7812 number contains a single-digit Major Industry Identifier (MII), a six-digit Issuer Identification Number (IIN), an account number, and a single digit check sum calculated using the  Luhn algorithm . The MII is considered to be part of the IIN. The term "Issuer Identification Number" (IIN) replaces the previously used "Bank Identification Number" (BIN)

An ISO 7812 number contains a single-digit Major Industry Identifier (MII), a six-digit Issuer Identification Number (IIN), an account number, and a single digit check sum calculated using the  Luhn algorithm . The MII is considered to be part of the IIN.

The term "Issuer Identification Number" (IIN) replaces the previously used "Bank Identification Number" (BIN)

Credit card (Rear Side) CARD VERIFICATION VALUE (CVV) A card verification value, or CVV, is a three- or four-digit number printed on a credit card (and encoded on the mag strip) for fraud protection. It provides a cryptographic check of the information embossed on the credit card. The use of the CVV in an online transaction is intended to signify the physical presence of the card at the transaction’s origin, e.g. in the hands of an online customer, thus reducing the occurrence of credit card fraud in card-not-present transactions. Unfortunately, as CVVs have been captured and stored in merchant databases that are subsequently compromised, the anti-fraud value of the CVV has recently diminished. CVV2 CODE These are the last three digits (or four digits for American express) of the number found on the back of bank cards. Without this number it is often impossible to carry out a purchase in an online shop.   Card Security Code /Card Identification Number (CIN)  is typically the last three digits printed on the signature strip on the back of the card. In the case of American Express cards, it can be a four-digit number printed (but not embossed) on the front of the card.

CARD VERIFICATION VALUE (CVV)

A card verification value, or CVV, is a three- or four-digit number printed on a credit card (and encoded on the mag strip) for fraud protection. It provides a cryptographic check of the information embossed on the credit card. The use of the CVV in an online transaction is intended to signify the physical presence of the card at the transaction’s origin, e.g. in the hands of an online customer, thus reducing the occurrence of credit card fraud in card-not-present transactions. Unfortunately, as CVVs have been captured and stored in merchant databases that are subsequently compromised, the anti-fraud value of the CVV has recently diminished.

CVV2 CODE

These are the last three digits (or four digits for American express) of the number found on the back of bank cards. Without this number it is often impossible to carry out a purchase in an online shop.  

Card Security Code /Card Identification Number (CIN) 

is typically the last three digits printed on the signature strip on the back of the card. In the case of American Express cards, it can be a four-digit number printed (but not embossed) on the front of the card.

Credit card (Rear Side)

Meaning of CC digits: The first digit of your credit card number is the Major Industry Identifier (MII), which represents the category of entity which issued your credit card. Different MII digits represent the following issuer categories: 3 - travel/entertainment cards (such as American Express and Diners Club) 4 - Visa 5 - MasterCard 6 - Discover Card Issuer Identifier The first 6 digits of your credit card number (including the initial MII digit) form the issuer identifier. This means that the total number of possible issuers is a million Issuer Identifier Card Number Length VISA 4xxxxx 13, 16 MasterCard 51xxxx-55xxxx 16 Account Number Digits 7 to (n - 1) of your credit card number are your individual account identifier. The maximum length of a credit card number is 19 digits. the final digit is the check digit, this means that the maximum length of the account number field is 19 - 7, or 12 digits. Each issuer therefore has a trillion possible account numbers. Final digit of your credit card number is a check digit, akin to a checksum. Eg: 4408 0412 3456 7890 The first credit card offer showed a picture of a card with the number 4408 0412 3456 7890. The Major Industry Identifier (MII) is 4 (banking and financial), the issuer identifier is 440804 (a VISA partner), the account number is 123456789, and the check digit is 0. The magstripe can be " written " because the tiny bar magnets can be magnetized in either a north or south pole direction and is very similar to a piece of cassette tape.

The first digit of your credit card number is the Major Industry Identifier (MII), which represents the category of entity which issued your credit card. Different MII digits represent the following issuer categories:

3 - travel/entertainment cards (such as American Express and Diners Club)

4 - Visa

5 - MasterCard

6 - Discover Card

Issuer Identifier

The first 6 digits of your credit card number (including the initial MII digit) form the issuer identifier. This means that the total number of possible issuers is a million

Issuer Identifier Card Number Length

VISA 4xxxxx 13, 16

MasterCard 51xxxx-55xxxx 16

Account Number

Digits 7 to (n - 1) of your credit card number are your individual account identifier. The maximum length of a credit card number is 19 digits.

the final digit is the check digit, this means that the maximum length of the account number field is 19 - 7, or 12 digits. Each issuer therefore has a trillion possible account numbers.

Final digit of your credit card number is a check digit, akin to a checksum.

Eg: 4408 0412 3456 7890

The first credit card offer showed a picture of a card with the number 4408 0412 3456 7890.

The Major Industry Identifier (MII) is 4 (banking and financial), the issuer identifier is 440804 (a VISA partner), the account number is 123456789, and the check digit is 0.

The magstripe can be " written " because the tiny bar magnets can be magnetized in either a north or south pole direction and is very similar to a piece of cassette tape.

Credit Card Skimming   Credit Card Skimming is a method by which encoded information from the magnetic stripe of a credit card is gathered by an electronic credit card reader (skimmer). This information is used legitimately when processing a transaction. In the hands of a criminal the electronic credit card reader becomes a handy tool to gather information to use later in illegal transactions and purchases. Usually a criminal connects this "skimmer" to the credit card machine or a portable "skimmer" could be used to swipe your card when you are not looking. If you make a purchase, your information will automatically be stored in the "skimmer". At a later stage the criminal will use this information to make unauthorized purchases or encode this information on the magnetic stripe of a counterfeit card.   Credit card skimming often occurs in businesses where credit cards are used regularly, such as restaurants and other entertainment venues. In restaurants you will normally lose sight of your card when the waiter takes it to pay your bill. Some skimmers are as small as your hand, which makes it extremely easy for waiters to keep in their pouches.   During 2003 a crime syndicate was detected in New York, Connecticut and Massachusetts in the USA that smuggled Chinese immigrants into the US. The immigrants were forced to work as waiters in various Chinese restaurants to pay back money they owed to smugglers that assisted them to get into the country illegally. As waiters working in these restaurants they were forced by the crime ring to carry pocket-sized credit card skimmers and collect data from the cards of unsuspecting customers. The information they gathered was then handed over to the crime ring to pay off their debt. ‘ Card skimming’ is the illegal copying of information from the magnetic strip of a credit or ATM card. It is a more direct version of a phishing scam. The scammers try to steal your details so they can access your accounts. Once scammers have skimmed your card, they can create a fake or ‘cloned’ card with your details on it. The scammer is then able to run up charges on your account.   Card skimming is also a way for scammers to steal your identity (your personal details) and use it to commit identity fraud. By stealing your personal details and account numbers the scammer may be able to borrow money or take out loans in your name.

 

Credit Card Skimming is a method by which encoded information from the magnetic stripe of a credit card is gathered by an electronic credit card reader (skimmer). This information is used legitimately when processing a transaction. In the hands of a criminal the electronic credit card reader becomes a handy tool to gather information to use later in illegal transactions and purchases. Usually a criminal connects this "skimmer" to the credit card machine or a portable "skimmer" could be used to swipe your card when you are not looking. If you make a purchase, your information will automatically be stored in the "skimmer". At a later stage the criminal will use this information to make unauthorized purchases or encode this information on the magnetic stripe of a counterfeit card.

 

Credit card skimming often occurs in businesses where credit cards are used regularly, such as restaurants and other entertainment venues. In restaurants you will normally lose sight of your card when the waiter takes it to pay your bill. Some skimmers are as small as your hand, which makes it extremely easy for waiters to keep in their pouches.

 

During 2003 a crime syndicate was detected in New York, Connecticut and Massachusetts in the USA that smuggled Chinese immigrants into the US. The immigrants were forced to work as waiters in various Chinese restaurants to pay back money they owed to smugglers that assisted them to get into the country illegally. As waiters working in these restaurants they were forced by the crime ring to carry pocket-sized credit card skimmers and collect data from the cards of unsuspecting customers. The information they gathered was then handed over to the crime ring to pay off their debt.

‘ Card skimming’ is the illegal copying of information from the magnetic strip of a credit or ATM card. It is a more direct version of a phishing scam.

The scammers try to steal your details so they can access your accounts. Once scammers have skimmed your card, they can create a fake or ‘cloned’ card with your details on it. The scammer is then able to run up charges on your account.

 

Card skimming is also a way for scammers to steal your identity (your personal details) and use it to commit identity fraud. By stealing your personal details and account numbers the scammer may be able to borrow money or take out loans in your name.

Working (Simple Version) & Intrusion points Bank issues credit card to Customer . Customer pays Merchant with credit card. Merchant passes credit card to Payment Processor . Payment Processor approves Customer and gives OK to Merchant to deliver. Payment Processor bills Bank . Bank bills Customer . Customer Applies Bank Issues Credit Card Customer Uses Card Merchant Receives Card Payment Processor Receives Card Payment Processor Bills Bank Customer Pays Stolen Illgotten card, theft, or skimmered Issued by bank without demand from customer/supplied by dishonest courier Illegitimate users (criminal involvement at both ends) Forged request

Bank issues credit card to Customer .

Customer pays Merchant with credit card.

Merchant passes credit card to Payment Processor .

Payment Processor approves Customer and gives OK to Merchant to deliver.

Payment Processor bills Bank .

Bank bills Customer .

From where do they get your information? Credit Cards or credit card information is usually fraudulently obtained through methods such as: Card swapping at ATM’s Theft – often out of motor vehicles or houses Skimming Pick-pocketing  E-mails purporting to come from the credit card service provider (Phishing) Bogus Internet web sites Credit card numbers are bought and sold in underground "carder" forums, which bring together the people who have stolen the credit card numbers with those who want to use them. These charitable donations are typically made by the person buying the card numbers as a final check to ensure that the numbers will work, Thief goes through trash to find discarded receipts or carbon, and then uses your account number illegally A dishonest clerk makes extra imprint of your credit card and uses it to make personal charges You respond to mail asking you to call long distance number fro free trip or bargain-priced travel package. you are told you must join travel cub first and you are asked for account number. From then you receive charges on bill which you didn't make and you never get the trip

Credit Cards or credit card information is usually fraudulently obtained through methods such as:

Card swapping at ATM’s

Theft – often out of motor vehicles or houses

Skimming

Pick-pocketing 

E-mails purporting to come from the credit card service provider (Phishing)

Bogus Internet web sites

Credit card numbers are bought and sold in underground "carder" forums, which bring together the people who have stolen the credit card numbers with those who want to use them. These charitable donations are typically made by the person buying the card numbers as a final check to ensure that the numbers will work,

Thief goes through trash to find discarded receipts or carbon, and then uses your account number illegally

A dishonest clerk makes extra imprint of your credit card and uses it to make personal charges

You respond to mail asking you to call long distance number fro free trip or bargain-priced travel package. you are told you must join travel cub first and you are asked for account number. From then you receive charges on bill which you didn't make and you never get the trip

What is Credit Card Fraud (CCF) CCF is a theft and fraud carried out using credit card or any alike payment mechanism as a fake source for fund transaction A credit card fraud is a transaction that is completed with your credit card by someone else. Often a fraudulent transaction is made hours after the credit card or card number is stolen or lost; often before the cardholder gets the chance to report the card as missing or stolen.

CCF is a theft and fraud carried out using credit card or any alike payment mechanism as a fake source for fund transaction

A credit card fraud is a transaction that is completed with your credit card by someone else. Often a fraudulent transaction is made hours after the credit card or card number is stolen or lost; often before the cardholder gets the chance to report the card as missing or stolen.

Techniques used to carry out ATM crime Card swapping  – where a customer’s ATM card is swapped for another card without their knowledge whilst undertaking an ATM transaction. Card jamming  – where an ATM machine card reader is deliberately tampered with so that a customer’s card will be held in the card reader and cannot be removed from the machine by the customer. The criminal removes the card once the customer has departed. Vandalism  – where an ATM machine is deliberately damaged and/or the card reader is jammed preventing the customer’s card from being inserted. Physical attacks  – where an ATM machine is physically attacked with the intention of removing the cash content. Mugging  – where a client is physically attacked whilst in the process of conducting a transaction at an ATM machine.

Card swapping  – where a customer’s ATM card is swapped for another card without their knowledge whilst undertaking an ATM transaction.

Card jamming  – where an ATM machine card reader is deliberately tampered with so that a customer’s card will be held in the card reader and cannot be removed from the machine by the customer. The criminal removes the card once the customer has departed.

Vandalism  – where an ATM machine is deliberately damaged and/or the card reader is jammed preventing the customer’s card from being inserted.

Physical attacks  – where an ATM machine is physically attacked with the intention of removing the cash content.

Mugging  – where a client is physically attacked whilst in the process of conducting a transaction at an ATM machine.

Modus Operandi of CCF using Identity Theft Sale of ID data. Goods available on underground servers: 1 Credit cards (22%) US$ 0.50 – 1 2 Bank accounts (21%) US$ 30-400 3 Email passwords (8%) US$ 1-350 4 Full identity (6%) US$ 10-150 (Symantec data for Jan – June 2007) OBTAIN IDENTITY INFORMATION FRAUD AND OTHER OFFENCES Assume another person’s identity to: Exploit bank accounts, credit cards Create new accounts Take out loans and credit Order goods and services Disseminate malware CREDIT CARD FRAUD USING IDENTITY THEFT 1. Physical methods (skimmers, dumpster diving etc) 2. Search engines 3. Insider attacks (eg: Video) 4.Attacks from the outside (illegal access, trojans, keyloggers, spyware and other malware) 5. Phishing and other social engineering techniques

Assume another person’s identity

to:

Exploit bank accounts, credit cards

Create new accounts

Take out loans and credit

Order goods and services

Disseminate malware

1. Physical methods (skimmers, dumpster diving etc)

2. Search engines

3. Insider attacks (eg: Video)

4.Attacks from the outside (illegal access, trojans,

keyloggers, spyware and other malware)

5. Phishing and other social engineering techniques

Common Types of CCF Types of Credit Card Fraud Credit fraud can fall into one of five categories:  Counterfeit credit card Lost or Stolen Cards No-Card Fraud Non-Receipt Fraud Identity Theft Fraud  CC mail order fraud Chargeback fraud Skimming   Statistics show that the misuse of lost or stolen credit cards is still the most popular type of credit card fraud in India . Counterfeiting credit cards are, however, increasing at an alarming rate. Fraudsters will typically use fraudulent credit cards to buy cigarettes , cellular phones and  computers, jewelry, other electronic items .

Types of Credit Card Fraud

Credit fraud can fall into one of five categories: 

Counterfeit credit card

Lost or Stolen Cards

No-Card Fraud

Non-Receipt Fraud

Identity Theft Fraud 

CC mail order fraud

Chargeback fraud

Skimming

 

Statistics show that the misuse of lost or stolen credit cards is still the most popular type of credit card fraud in India . Counterfeiting credit cards are, however, increasing at an alarming rate. Fraudsters will typically use fraudulent credit cards to buy cigarettes , cellular phones and  computers, jewelry, other electronic items .

Emerging Fraud: Online Credit Card Fraud Credit card fraud has become such an issue that no precise number can truly defined the global losses.  And while most financial institutions are rather sensitive about the subject, a report from the FBI indicated that credit cards were largely responsible for the $315 billion loss the U.S. endured from financial fraud in 2005.  A recent study in Europe also revealed that well over 22 million consumers fell victim to credit card fraud in 2006.  To truly understand the risk and likelihood of credit card fraud, you must first make yourself familiar with a brand new lingo.  Terms such as "phishing", "pharming", "skimming" and "dumpster diving" may not sound malicious, but these are in fact just a few of many ways that money can be thieved from your credit card.  Below you will find more details on these popular techniques and how they are used to commit credit card fraud:  .  This technique refers to randomly distributed emails that attempt to trick recipients into disclosing account passwords, banking information or credit card information.  This one scam has played a major factor in the crisis we face today.  Since  phishing  emails typically appear to be legitimate, this type of crime has become very effective.  Well designed, readily available software utilities make it nearly impossible to trace those guilty of phishing.  Phishtank, an anti-phishing organization, recently revealed that nearly 75,000 attempts of this nature are made each month.  This device is usually secretly mounted to an ATM machine as a card reader.  - This shameless act refers to a process in which an individual vigorously sift's through someone else's trash in search of personal and financial information.  With a mere credit card approval that contains a name and address, a criminal can easily open up a credit card in your name and accumulate substantial debt in no time.  - This new technique is one of the most dangerous of them all.   Pharming  involves a malicious perpetrator tampering with the domain name resolution process on the internet.  By corrupting a DNS, (Domain Name System), a user can type in the URL for a legitimate financial institution and then be redirected to a compromised site without knowledge of the changes.  Unaware of the background predators, the consumer types in their bank account details or credit card number, making them the latest victim of fraud.  Phishing Pharming Skimming Dumpster Diving

Credit card fraud has become such an issue that no precise number can truly defined the global losses.  And while most financial institutions are rather sensitive about the subject, a report from the FBI indicated that credit cards were largely responsible for the $315 billion loss the U.S. endured from financial fraud in 2005.  A recent study in Europe also revealed that well over 22 million consumers fell victim to credit card fraud in 2006. 

To truly understand the risk and likelihood of credit card fraud, you must first make yourself familiar with a brand new lingo.  Terms such as "phishing", "pharming", "skimming" and "dumpster diving" may not sound malicious, but these are in fact just a few of many ways that money can be thieved from your credit card. 

Below you will find more details on these popular techniques and how they are used to commit credit card fraud: 



This technique refers to randomly distributed emails that attempt to trick recipients into disclosing account passwords, banking information or credit card information.  This one scam has played a major factor in the crisis we face today.  Since  phishing  emails typically appear to be legitimate, this type of crime has become very effective.  Well designed, readily available software utilities make it nearly impossible to trace those guilty of phishing.  Phishtank, an anti-phishing organization, recently revealed that nearly 75,000 attempts of this nature are made each month. 

- This shameless act refers to a process in which an individual vigorously sift's through someone else's trash in search of personal and financial information.  With a mere credit card approval that contains a name and address, a criminal can easily open up a credit card in your name and accumulate substantial debt in no time. 

- This new technique is one of the most dangerous of them all.   Pharming  involves a malicious perpetrator tampering with the domain name resolution process on the internet.  By corrupting a DNS, (Domain Name System), a user can type in the URL for a legitimate financial institution and then be redirected to a compromised site without knowledge of the changes.  Unaware of the background predators, the consumer types in their bank account details or credit card number, making them the latest victim of fraud. 

Fake Security Message

A Fake Security Checkup

Tools used for CCF CC number generator site on Internet Merchant/ his dishonest agent (with or without employer consent) retaining CC numbers processed through retail outlet and using them unlawfully! Discarded copies of CC vouchers via waste receptacles Hacking computer where CC Numbers are stored Stolen CC or some mobile top up cards Some magnetic strips, Blank CC from grey markets, embossing device to emboss character on card and holograms, skimmers

CC number generator site on Internet

Merchant/ his dishonest agent (with or without employer consent) retaining CC numbers processed through retail outlet and using them unlawfully!

Discarded copies of CC vouchers via waste receptacles

Hacking computer where CC Numbers are stored

Stolen CC or some mobile top up cards

Some magnetic strips, Blank CC from grey markets, embossing device to emboss character on card and holograms, skimmers

CC generator Command line python program using PHP script and JavaScript It generates CC number (13-16 digits VISA, MasterCard, Amex) to use in e-commerce sites conforming to the Luhn formula (MOD 10 check). In testing situations any expiry date within the next 3 years should work www.darkcoding.net/credit-card-numbers/ 5216888204052176 5361871831570078 5286074279331408 536803086244 3423 5396839522947938 5292133095448960 5167035421750120 5156159382388820 55 69714931432734 5428252030308191 MasterCard 4532939254681966 4024007136276580 4885243440090833 4929608176033892 4 532914364464397 4485479173552029 4539012558094428 4650496026227442 4716291 536495148 4623817115847754 VISA 375619651773339 376605277731560 372447156708581 348116787204085 373 589733548110 American Express 6011077158325292 6011239020479349 6011696418325048 Discover

Command line python program using PHP script and JavaScript

It generates CC number (13-16 digits VISA, MasterCard, Amex) to use in e-commerce sites conforming to the Luhn formula (MOD 10 check).

In testing situations any expiry date within the next 3 years should work

CC generator Rocklegend

Creditwizard site:www.CreditCardgenerator.org

Sale of Credit Cards: Whats the rate going on in US? Forum.carderplanet.net offered credit cards. USD $200.00 - 300 USA credit cards without cvv2 code: credit card number, exp. day. cardholder billing address,zip,state). USD $200.00 - 50 USA credit cards with cvv2 code: credit card number, exp. day. cardholder billing address & CVV code from the back side of the card). Also cards with SSN+DOB at $40 each. Minimal deal $200

Forum.carderplanet.net offered credit cards.

USD $200.00 - 300 USA credit cards without cvv2 code: credit card number, exp. day. cardholder billing address,zip,state).

USD $200.00 - 50 USA credit cards with cvv2 code: credit card number, exp. day. cardholder billing address & CVV code

from the back side of the card).

Also cards with SSN+DOB at $40 each.

Minimal deal $200

Hackershomepage.com 800b MSR206 MAGNETIC STRIPE CARD READER/WRITER THIS IS THE DEVICE EVERYONE HAS BEEN ASKING FOR . This device will allow you to change the information on magnetic stripe cards It will also allow you to write to new cards.

THIS IS THE DEVICE EVERYONE HAS BEEN ASKING FOR

.

This device will allow you to change the information on magnetic stripe cards

It will also allow you to write to new cards.

From Hackershomepage.com POS (Point Of Sale) Data Logger 701 COMPUTER KEYSTROKE GRABBER Use this device to capture ALL keystrokes on a computer including user name and password. Password will be in plain text and not echoed like "********". This device will grab email and system passwords.

701 COMPUTER KEYSTROKE GRABBER

Use this device to capture ALL keystrokes on a computer including user name and password.

Password will be in plain text and not echoed like "********". This device will grab email and system passwords.

801 POS DATA LOGGER 

Warning signs of Credit Card Fraud (CCF) A shop assistant takes your card out of your sight in order to process your transaction. You are asked to swipe your card through more than one machine. You see a shop assistant swipe the card through a different machine to the one you used. You notice something suspicious about the card slot on an ATM (e.g. an attached device). You notice unusual or unauthorized transactions on your account or credit card statement.

A shop assistant takes your card out of your sight in order to process your transaction.

You are asked to swipe your card through more than one machine.

You see a shop assistant swipe the card through a different machine to the one you used.

You notice something suspicious about the card slot on an ATM (e.g. an attached device).

You notice unusual or unauthorized transactions on your account or credit card statement.

Microdot printing on checks, hidden markings on checks and cards that show up on color photocopiers, holograms, magnetic strips, and now embedded chips–all these and many more advances have raised the level of skill and equipment needed for fraudsters to counterfeit checks and cards. Dedicated fraudsters quickly acquire the skills and equipment, so are soon able to produce checks and cards that are extremely difficult to identify as counterfeit. In fact, International organized crime groups that specialize in counterfeit credit cards generally lie beyond the reach of local police, although their markets certainly lie within local neighborhoods. These groups became very active in Southeast Asia toward the end of the 1990s, and in a short time, have managed to overcome every new security feature introduced into plastic-card manufacture. Their distribution system employs Asians in large North American and European cities. Many card issuers are eager to get customers. In recent years, the competition has become very intense. The mail and Internet are loaded with tempting offers, and it is now very easy to get a credit card. Many card issuers do not hold cardholders responsible for any loss incurred through fraudulent use by another. Thus, cardholders have no real motivation to take security precautions. In fact, they may even collude with others. Retailers may bear the loss in card-not present sales, and card issuers in standard credit-card sales. Although police face these and other obstacles when addressing check and card fraud, there is much that can be done. Be aware that most card fraud is due to factors beyond police control Security flaws in card design and production Police do not have access to the vulnerability points in the complex transactions that make up card processing. Inherent difficulty to verify a card user's identity Internet increased the opportunities for fraud, greatest impact through fraudulent card-not-present sales Information about counterfeiting, skimming, and hacking is now available on the Internet To some extent, the sheer volume of card use accounts for the increased amount of card fraud. In the United Kingdom, the United States, and Australia, debit and credit card use has increased tremendously over the last 20 years, although in the U.S., checks remain the primary form of payment (besides cash). In Japan, credit cards have been very slow to catch on, but debit cards have gained wider acceptance. These differences are largely related to the structure of financial service markets in the various countries. The amount of card fraud committed internationally has substantially increased in recent years. For example, the proportion of fraud committed abroad on U.K. cards has doubled in the past decade. Although the rate of check fraud has decreased considerably in the past decade, the financial loss due to check fraud continues to increase, simply because of the increase in the volume of sales. There is a technological "arms race." Each technological advance makes it harder and harder to counterfeit checks and cards. Factors contributing to CCF

Microdot printing on checks, hidden markings on checks and cards that show up on color photocopiers, holograms, magnetic strips, and now embedded chips–all these and many more advances have raised the level of skill and equipment needed for fraudsters to counterfeit checks and cards.

Dedicated fraudsters quickly acquire the skills and equipment, so are soon able to produce checks and cards that are extremely difficult to identify as counterfeit. In fact,

International organized crime groups that specialize in counterfeit credit cards generally lie beyond the reach of local police, although their markets certainly lie within local neighborhoods.

These groups became very active in Southeast Asia toward the end of the 1990s, and in a short time, have managed to overcome every new security feature introduced into plastic-card manufacture.

Their distribution system employs Asians in large North American and European cities.

Many card issuers are eager to get customers. In recent years, the competition has become very intense.

The mail and Internet are loaded with tempting offers, and it is now very easy to get a credit card.

Many card issuers do not hold cardholders responsible for any loss incurred through fraudulent use by another.

Thus, cardholders have no real motivation to take security precautions. In fact, they may even collude with others.

Retailers may bear the loss in card-not present sales, and card issuers in standard credit-card sales.

Although police face these and other obstacles when addressing check and card fraud, there is much that can be done.

Be aware that most card fraud is due to factors beyond police control

Security flaws in card design and production

Police do not have access to the vulnerability points in the complex transactions that make up card processing.

Inherent difficulty to verify a card user's identity

Internet increased the opportunities for fraud, greatest impact through fraudulent card-not-present sales

Information about counterfeiting, skimming, and hacking is now available on the Internet

To some extent, the sheer volume of card use accounts for the increased amount of card fraud.

In the United Kingdom, the United States, and Australia, debit and credit card use has increased tremendously over the last 20 years, although in the U.S., checks remain the primary form of payment (besides cash).

In Japan, credit cards have been very slow to catch on, but debit cards have gained wider acceptance.

These differences are largely related to the structure of financial service markets in the various countries.

The amount of card fraud committed internationally has substantially increased in recent years. For example, the proportion of fraud committed abroad on U.K. cards has doubled in the past decade.

Although the rate of check fraud has decreased considerably in the past decade, the financial loss due to check fraud continues to increase, simply because of the increase in the volume of sales. There is a technological "arms race."

Each technological advance makes it harder and harder to counterfeit checks and cards.

Credit Card Fraud (CCF) Detection Publish your mail server addresses (to thwart spoofing) Educate customers (employees and merchants also) Establish online communication protocols (SSL Credit card protocol) Proactively monitor for phishers and fraudsters General Characteristic of those Who Commit Fraud They are intelligent. They are very egotistical. They are risk takers. They are rule breakers. They are hard workers. They are under stress. Many are married. Many are members of management.

Publish your mail server addresses (to thwart spoofing)

Educate customers (employees and merchants also)

Establish online communication protocols (SSL Credit card protocol)

Proactively monitor for phishers and fraudsters

General Characteristic of those Who Commit Fraud

They are intelligent.

They are very egotistical.

They are risk takers.

They are rule breakers.

They are hard workers.

They are under stress.

Many are married.

Many are members of management.

Strategies Prevention is the best course of action. If fraud does occur, the strategy is to detect and stop fraud in it’s early stages. Failing 1 and 2, we want to develop a strategy for what to do when a fraud does occur. Be PROACTIVE not REACTIVE. Think like a crook. “If I were going to do something like this, how would I do it.” Trust, but verify. Screen your employees. This is an ongoing process, not just when they are hired. Establish a whistleblower policy and better yet, a hotline. Perform an Internal Audit. Conduct an External Audit or Review. Prevention Detection

Prevention is the best course of action.

If fraud does occur, the strategy is to detect and stop fraud in it’s early stages.

Failing 1 and 2, we want to develop a strategy for what to do when a fraud does occur.

Be PROACTIVE not REACTIVE.

Think like a crook. “If I were going to do something like this, how would I do it.”

Trust, but verify.

Screen your employees. This is an ongoing process, not just when they are hired.

Establish a whistleblower policy and better yet, a hotline.

Perform an Internal Audit.

Conduct an External Audit or Review.

Fraud Prevention Techniques

Fraud prevention techniques Tactical Guidelines Enterprises selling online should: • Assess their risk exposure to online credit card fraud based on their own experiences and on the types of goods and services they sell. • Implement internal rules and procedures that can identify many potential frauds. • Consider using fraud-prevention products and services to assess each transaction attempt if the risk of fraud is significant.

Latest means to prevent CCF SSL Certificate SSL is protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. 128-bit encryption - Cryptographers consider 128-bit encryption practically impossible to crack (it would take millions of years with the fastest computers to try all the combinations). With 128-bit encryption you can ensure that your international customer base will be able to exchange information with you using the strongest possible encryption. How does SSL Work? Client requests for secure resource. Web-server presents its certificate. Client verifies the certificate. Client generates a Session Key (40, 56 or 128bit). Client extracts the public key from the web server certificate and encrypts the session key. Client then sends encrypted key back to the Web-server. Web- server decrypts the session key and both now have a common key for that session. Both the web-site and the client can now communicate securely. When the browser closes the window or server drops the connection the session is terminated. Next time browser comes back to the same page a new session key is generated.

SSL Certificate

SSL is protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

128-bit encryption - Cryptographers consider 128-bit encryption practically impossible to crack (it would take millions of years with the fastest computers to try all the combinations). With 128-bit encryption you can ensure that your international customer base will be able to exchange information with you using the strongest possible encryption.

How does SSL Work?

Client requests for secure resource.

Web-server presents its certificate.

Client verifies the certificate.

Client generates a Session Key (40, 56 or 128bit).

Client extracts the public key from the web server certificate and encrypts the session key.

Client then sends encrypted key back to the Web-server.

Web- server decrypts the session key and both now have a common key for that session.

Both the web-site and the client can now communicate securely.

When the browser closes the window or server drops the connection the session is terminated.

Next time browser comes back to the same page a new session key is generated.

Battery credit card to avoid fraud MELBOURNE: An Australian technology firm has come up with a unique battery power super card, which they believe can fight online fraud. Company reckons that it can stop up to $1 billion a year in credit card fraud with its invention. The card, which includes an alpha-numeric display , built-in microprocessor , a keypad and three years of battery power , and will display a one-time number with which to authenticate each online credit card transaction, whenever the user will enter the pin number . The technology was developed by a small Deloitte-backed technology firm based in Adelaide and Melbourne called EMUE Technologies . Each card costs around five times more than a regular credit card to produce and will be sold to bank customers for between $18 and $30 each . The technology could also be used for verifying your bank’s identity when it calls you over the phone. “When the card is created for the user it has a unique seed on it, and that unique seed is stored with the bank along with the pin the user chooses. If I enter the wrong pin [into the credit card] it will still generate a number for me, but when I put that into the browser [to buy something] it will reject that as a transaction .

MELBOURNE: An Australian technology firm has come up with a unique battery power super card, which they believe can fight online fraud.

Company reckons that it can stop up to $1 billion a year in credit card fraud with its invention.

The card, which includes

an alpha-numeric display ,

built-in microprocessor ,

a keypad and

three years of battery power ,

and will display a one-time number with which to authenticate each online credit card transaction, whenever the user will enter the pin number .

The technology was developed by a small Deloitte-backed technology firm based in Adelaide and Melbourne called EMUE Technologies .

Each card costs around five times more than a regular credit card to produce and will be sold to bank customers for between $18 and $30 each .

The technology could also be used for verifying your bank’s identity when it calls you over the phone. “When the card is created for the user it has a unique seed on it, and that unique seed is stored with the bank along with the pin the user chooses.

If I enter the wrong pin [into the credit card] it will still generate a number for me, but when I put that into the browser [to buy something] it will reject that as a transaction .

Softwares for preventing Credit Card fraud MessageLabs (service provider) is able to offer a 100% virus detection service-level agreement. Outbound content inspection capabilities are above average and include dictionaries in multiple languages and credit card and SIN detection, but workflow is limited. Sophos (antivirus) Outbound filtering capabilities include content inspection dictionaries covering credit cards, SSNs but are limited to the Unix compliance module.

MessageLabs (service provider) is able to offer a 100% virus detection service-level agreement. Outbound content inspection capabilities are above average and include dictionaries in multiple languages and credit card and SIN detection, but workflow is limited.

Sophos (antivirus) Outbound filtering capabilities include content inspection dictionaries covering credit cards, SSNs but are limited to the Unix compliance module.

Credit Card Fraud Detection Techniques

AVS (Address Verification System) Address Verification System (AVS) codes are generated at the time the merchant requests credit card authorization. The code tells the merchant if the billing address provided on the order matches the billing address of record for the credit card number. Specific codes mean different levels of matching. For example, the credit card payment company Paymentech(c) (one of many such companies that offer AVS) uses the following AVS response codes (among others): I-1 means the billing address on the order is a complete match to the billing address of record for the credit card provided. I-5 means that only the Zip Code doesn't match; perhaps the customer has been issued a new one without updating the billing address of record. The codes to worry about are I-4 and I-8. AVS code I-4 means that the street address isn't a match, while the Zip Code does match. Blocking such orders may seem to be a given, but there's a slight problem. AVS logic looks for a number at the beginning of an address. Addresses that begin with a letter aren't recognized and result in an I-4 code. Too many customers use addresses that begin with a letter (P.O. Box 100, or One Rockefeller Plaza) to make this a suspect code. AVS code I-8 means that nothing matches - the street address and the Zip Code are both different. Perhaps the customer moved and forgot to change the address, but this is probably an NCE attack, which is sending randomly generated credit card numbers with the addresses of their forwarders in both the billing and ship to address fields. Beware. Canceling I-8 orders Many companies have begun canceling orders that are coming back from Paymentech(c) with an AVS code of I-8. The customer is notified that the billing address of record didn't match the billing address entered on the order. The customer can re-order using the proper address from his credit card statement. This simple step saved the previously mentioned company $4 million in credit card "charge backs" in addition to the handling time. A charge back is the process in which the true credit card holder refuses payment for a good or service that he didn't order. The merchant's account is debited for the money unless the merchant can prove that the card holder actually received the good or service. Internet credit card orders require the merchant to enter into a credit card transaction similar to a person coming into a store with a bag on their head and trying to make a credit card purchase without ID or bothering to sign the credit card slip. Who would allow such a thing? Internet merchants do it every day!

Address Verification System (AVS) codes are generated at the time the merchant requests credit card authorization.

The code tells the merchant if the billing address provided on the order matches the billing address of record for the credit card number. Specific codes mean different levels of matching. For example, the credit card payment company Paymentech(c) (one of many such companies that offer AVS) uses the following AVS response codes (among others):

I-1 means the billing address on the order is a complete match to the billing address of record for the credit card provided.

I-5 means that only the Zip Code doesn't match; perhaps the customer has been issued a new one without updating the billing address of record.

The codes to worry about are I-4 and I-8.

AVS code I-4 means that the street address isn't a match, while the Zip Code does match. Blocking such orders may seem to be a given, but there's a slight problem. AVS logic looks for a number at the beginning of an address. Addresses that begin with a letter aren't recognized and result in an I-4 code. Too many customers use addresses that begin with a letter (P.O. Box 100, or One Rockefeller Plaza) to make this a suspect code.

AVS code I-8 means that nothing matches - the street address and the Zip Code are both different. Perhaps the customer moved and forgot to change the address, but this is probably an NCE attack, which is sending randomly generated credit ca

Add a comment

Related presentations

Related pages

Presentations - ClubHack2008

Economic offenses through Credit Card Frauds Dissected Harshad_ClubHack08.pps : Jonathan Brossard: Reverse Engineering for exploit writers
Read more

A Letter Mail Fraud Techniques. Yazh.co

Mailshark Commonwealth Bank Credit Card ... Mailshark Monthly Credit ... Fraud Prevention Techniques Economic Offenses Through Credit Card Frauds Dissected ...
Read more

ClubHACK 2008 - Secpedia

Economic offenses through Credit Card Frauds Dissected Workshops. BackTrack - Local boot to remote root in one CD Cyber Crime Investigation & Forensics Basics
Read more

ClubHack 2008 Presentations - Infosec Events

Economic offenses through Credit Card Frauds Dissected by Harshad Patil; Reverse Engineering for exploit writers by Jonathan Brossard; Insecure ...
Read more

The Professional Security Testers Warehouse for the CEH V7 ...

Economic offenses through Credit Card Frauds Dissected: Harshad_ClubHack08.pps : Jonathan Brossard: Reverse Engineering for exploit writers: Jonathan ...
Read more

CREDIT CARD FAILED PAYMENTECH AVS DENY

CREDIT CARD FAILED PAYMENTECH AVS ... customer service credit-card-networks ... economic-offenses-through-credit-card-frauds-dissected ...
Read more

Harshad Patil | LinkedIn

View Harshad Patil’s professional profile on LinkedIn. ... Harshad Patil, S. P. Patil; Economic offenses through Credit Card Frauds Dissected
Read more

View source for Talks - ClubHack2008

You do not have permission to edit this page, for the following reason:
Read more