SlideShare une entreprise Scribd logo

Credit Card Frauds

Télécharger en tant que PPSX, PDF
Rastislav Turek
Rastislav Turek
Économie & financeBusiness
1  sur  49
CREDIT CARD FRAUDS RASTISLAV TUREK
Who am i Blogger (blog.synopsi.com) Slovak Independent security consultant (synopsi.com) Twitterholic (almost 6 500 tweets in year and half) Technologist
Before we start … little survey Do you know the differences between credit and debit card? Do you have one or two debit or credit cards? Do you have more than two cards? Do you know what credit card number means? Did somebody steal money from you card?
History of Credit Cards First credit card (1920” in US) Diners Club (1950) First modern credit card company American Express (1958) BankAmericard (1958) later Visa Everything Card (1967) later Master Charge (1969) later Master Card (1979)
Card security improvements Personal ,[object Object]
Magnetic stripe from 1966
Pin from 1967
Chip and Pin from 2003Internet ,[object Object]
MasterCard from 1997
Visa from 2001
3D Secure from 2004
Verified By Visa
MasterCardSecureCode
J/SecureGlobal ,[object Object]
Payment Application Data Security Standard,[object Object]
Card number All magnetic stripe identification cards are generated in ISO/IEC 7812 Almost every issued card number can be validated with Luhn “mod 10” algorithm You can check your card via IS (BIN) on http://bins.bankinfo.sk
IssuerIdentificationNumber Previously “Bank IdentificationNumber” (BIN) This number is used to identify: ,[object Object]
Issued bank (HSBC, Citibank, Commerce AG, …)
Exact card type (Credit Gold, Debit Business, …)
Issuer phone number for card blocking* Card Number Length
PIN ,[object Object]
generated by encrypting PAN (Primary Account Number) with PGK (PIN Generation KEY) with 3DES and at the end decimalised. Sometimes can be added offset to original PINCVV/CVV2/CVC/CVC2 ,[object Object],4 digit, printed on the back side of card, AMEX on the front ,[object Object],Card security elements
Card security elements Magnetic Stripe Track 1B4888603170607238^Head/Potato^050510100000000001203191805191000000 Track 24888603170607238=05051011203191805191 Track 2 plus/se (Track 3)014888603170607238==0401000000000000003000000000000007020===0= Track 2 can be generated manually from track 1 and vice versa. Also Track 3 can be generated from Track 1, but not vice versa.
Card security elements Chip More secure than Magnetic stripe Same CHIP as in GSM SIM cards (not encryption) Encrypted data by 3DES or RSA Key set is usually loaded (DES) or generated (RSA) After decryption, there are similar tracks as in Magnetic stripe Chip (Track 2)4974101234567890=0810221xxxxxx40600004970891234567890=0909221xxxxxx3000000 Magnetic (Track 2)4974101234567890=0810221xxxxxx02100004970891234567890=0909221xxxxxx3370000
3-D Secure XML based protocol Always using SSL connection You are buying something from a merchant He will redirects you to payment processor page (encrypted) You’ll enter card information (encrypted) Payment processor checks if you card is valid for VBV/MSC/JSC If it’s ok, it redirects you to card issuer website (your bank). Many banks are outsourcing this step, then you can be redirected to different website (encrypted) You’re prompted to fill up form (if you’re there for first time), or fill up password (SMS code, etc.) (encrypted) If verification passed, you are redirected back to payment processor website which will check your supplied card data (encrypted) And at the last step you are redirected back to merchant website Card security elements
Card transactions ATM, POS and Internet payments works very similar, there are just little differences. You give card to a merchant He puts it in to POS terminal POS terminal send important information to payment processor (encrypted) Payment processor checks who is a issuer and ask him if your card is ok, if you have enough money for this transaction (encrypted) Bank will send response (only YES, NO) to payment processor (encrypted) Payment processor sends response to your merchant (encrypted) If response is positive, you’ll get your stuff
Frauds There are many ways how to steal from people But there are just few ways how to cash money from stolen cards There is bran new business just for this In this part you will see business models of thieves You will see real life examples, from real businesses used by these people
Stealing Your card can be stolen using many ways : ,[object Object]
hacked payment processor
hacked bank
hacked mall
skimming
phishing / vhishing
stolen card
malware / keylogger
generated card http://www.ic3.gov/media/annualreports.aspx
Business models Universal business model to get cash from stolen credit cards Sometimes one person is able to serve several positions
Position: Hacker His job is get credit card with all accessible information Middle dangerous position As a “freelancer” will get only approximately $1 for each working card In a group he gets smallest cut How he gets credit cards? SQLi on websites (mostly eShops) Hacking payment processors (millions cards) Eavesdropping traffic in mall all cards are checked before selling
Hacker’s Pricelist Talking about “freelancer” Prices mostly depends on amount of information He can get much more, if he can provide information like balance of credit on the card, SSN, DOB, MMN, etc. all cards are checked before selling
Position: Skimmer His job is get cards information from Magnetic Stripe / Chip / RFID Very dangerous position As a “freelancer” will get approximately $25 for each working card
Skimmer’s Pricelist Talking about “freelancer” Price depends on type of card, issued country and bank He can get much more, if he can provide information about balance Price also depends on source of card (Hotels have high value, restaurants have low value, …) all cards are checked before selling
Skimmer in action
Skimmer in action
Skimmer in action
Skimmer in action
This will not help
Position: Phisher/Vhisher His job is to get information about cards by using social engineering Low dangerous position Success only in 0.001% from all sent emails (depends on quality of email and site) He mostly get all information about card and his owner (on black market known as Fullz, high valuable cards) In 65% he also get access to owners email and in 47% is the target site PayPal Vhishing is form of phishing but over the phone (much more successful)
Phisher’sPricelist Talking about “freelancer” High valuable cards They’re mostly selling with cards PayPal, MoneyBookers, eBay, RapidShare, … accounts. Declined Fullz can be used for shopping with “Bill Me Later, PayPal Later, …” all cards are checked before selling Talking about Fullz (SSN, DOB, MMN, PIN, …)
Phisher’sSuccess

Recommandé

Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud Mikael Wagner
 
Credit card frauds
Credit card frauds Credit card frauds
Credit card frauds Rushikesh Maddalwar
 
Credit card frauds
Credit card fraudsCredit card frauds
Credit card fraudsJeetendra Khilnani
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft pptAngela Lawson
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft PresentationRandall Chesnutt
 

Recommandé

Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud Mikael Wagner
 
Credit card frauds
Credit card frauds Credit card frauds
Credit card frauds Rushikesh Maddalwar
 
Credit card frauds
Credit card fraudsCredit card frauds
Credit card fraudsJeetendra Khilnani
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft pptAngela Lawson
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft PresentationRandall Chesnutt
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and FraudsQuick Heal Technologies Ltd.
 
Credit card fraud(1)
Credit card fraud(1)Credit card fraud(1)
Credit card fraud(1)jagruti anjankar
 
Seminar on atm
Seminar on atmSeminar on atm
Seminar on atmkhurda
 
Phishing
PhishingPhishing
PhishingHHSome
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptBushra22
 
Internet Fraud
Internet FraudInternet Fraud
Internet FraudElijah Ezendu
 
Credit Card Fraud 97
Credit Card Fraud 97Credit Card Fraud 97
Credit Card Fraud 97alessio d
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyShruti Bansal
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment SystemsAmit Naik
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Fraud in Ecommerce
Fraud in EcommerceFraud in Ecommerce
Fraud in EcommerceMartyn Sukys
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Identity Theft
Identity Theft Identity Theft
Identity Theft Fairfax County
 
ATM BANKING SYSTEM
ATM BANKING SYSTEMATM BANKING SYSTEM
ATM BANKING SYSTEMsathish sak
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 
Credit card fraud
Credit card fraudCredit card fraud
Credit card fraudNitin kumar Gupta
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detectionkalpesh1908
 

Contenu connexe

Tendances

Seminar on atm
Seminar on atmSeminar on atm
Seminar on atmkhurda
 
Phishing
PhishingPhishing
PhishingHHSome
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptBushra22
 
Credit Card Fraud 97
Credit Card Fraud 97Credit Card Fraud 97
Credit Card Fraud 97alessio d
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment SystemsAmit Naik
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Fraud in Ecommerce
Fraud in EcommerceFraud in Ecommerce
Fraud in EcommerceMartyn Sukys
 
ATM BANKING SYSTEM
ATM BANKING SYSTEMATM BANKING SYSTEM
ATM BANKING SYSTEMsathish sak
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 

Tendances (20)

Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Credit card fraud(1)
Credit card fraud(1)Credit card fraud(1)
Credit card fraud(1)
 
Seminar on atm
Seminar on atmSeminar on atm
Seminar on atm
 
Phishing
PhishingPhishing
Phishing
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Credit Card Fraud 97
Credit Card Fraud 97Credit Card Fraud 97
Credit Card Fraud 97
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Cyber safety
Cyber safetyCyber safety
Cyber safety
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment Systems
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Fraud in Ecommerce
Fraud in EcommerceFraud in Ecommerce
Fraud in Ecommerce
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
ATM BANKING SYSTEM
ATM BANKING SYSTEMATM BANKING SYSTEM
ATM BANKING SYSTEM
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 

En vedette

Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detectionkalpesh1908
 
Pollenizer Universal Startup Pitch Deck
Pollenizer Universal Startup Pitch DeckPollenizer Universal Startup Pitch Deck
Pollenizer Universal Startup Pitch DeckMick Liubinskas
 
Výročná správa SK-NIC, a.s. za rok 2008
Výročná správa SK-NIC, a.s. za rok 2008Výročná správa SK-NIC, a.s. za rok 2008
Výročná správa SK-NIC, a.s. za rok 2008Rastislav Turek
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detectionanthonytaylor01
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlDominic Sroda Korkoryi
 
Výročná správa SK-NIC, a.s. za rok 2007
Výročná správa SK-NIC, a.s. za rok 2007Výročná správa SK-NIC, a.s. za rok 2007
Výročná správa SK-NIC, a.s. za rok 2007Rastislav Turek
 
Kritika pravidiel poskytovania menného priestoru v internetovej doméne sk
Kritika pravidiel poskytovania menného priestoru v internetovej doméne skKritika pravidiel poskytovania menného priestoru v internetovej doméne sk
Kritika pravidiel poskytovania menného priestoru v internetovej doméne skRastislav Turek
 
Dodatok k zmluve o spolupraci
Dodatok k zmluve o spolupraciDodatok k zmluve o spolupraci
Dodatok k zmluve o spolupraciRastislav Turek
 
Credit card fraud detection methods using Data-mining.pptx (2)
Credit card fraud detection methods using Data-mining.pptx (2)Credit card fraud detection methods using Data-mining.pptx (2)
Credit card fraud detection methods using Data-mining.pptx (2)k.surya kumar
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
 
Credit Card Fraud Detection Client Presentation
Credit Card Fraud Detection Client PresentationCredit Card Fraud Detection Client Presentation
Credit Card Fraud Detection Client PresentationAyapparaj SKS
 
Cybercrime
CybercrimeCybercrime
CybercrimeSERCOD
 
Analysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detectionAnalysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detectionJustluk Luk
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentationHernan Huwyler
 

En vedette (20)

Credit card fraud
Credit card fraudCredit card fraud
Credit card fraud
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
 
Pollenizer Universal Startup Pitch Deck
Pollenizer Universal Startup Pitch DeckPollenizer Universal Startup Pitch Deck
Pollenizer Universal Startup Pitch Deck
 
Výročná správa SK-NIC, a.s. za rok 2008
Výročná správa SK-NIC, a.s. za rok 2008Výročná správa SK-NIC, a.s. za rok 2008
Výročná správa SK-NIC, a.s. za rok 2008
 
Credit card fraud
Credit card fraudCredit card fraud
Credit card fraud
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & control
 
Výročná správa SK-NIC, a.s. za rok 2007
Výročná správa SK-NIC, a.s. za rok 2007Výročná správa SK-NIC, a.s. za rok 2007
Výročná správa SK-NIC, a.s. za rok 2007
 
Kritika pravidiel poskytovania menného priestoru v internetovej doméne sk
Kritika pravidiel poskytovania menného priestoru v internetovej doméne skKritika pravidiel poskytovania menného priestoru v internetovej doméne sk
Kritika pravidiel poskytovania menného priestoru v internetovej doméne sk
 
Dodatok k zmluve o spolupraci
Dodatok k zmluve o spolupraciDodatok k zmluve o spolupraci
Dodatok k zmluve o spolupraci
 
Zmluva o spolupraci
Zmluva o spolupraciZmluva o spolupraci
Zmluva o spolupraci
 
Credit card fraud detection methods using Data-mining.pptx (2)
Credit card fraud detection methods using Data-mining.pptx (2)Credit card fraud detection methods using Data-mining.pptx (2)
Credit card fraud detection methods using Data-mining.pptx (2)
 
Fraud detection
Fraud detectionFraud detection
Fraud detection
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Credit Card Fraud Detection Client Presentation
Credit Card Fraud Detection Client PresentationCredit Card Fraud Detection Client Presentation
Credit Card Fraud Detection Client Presentation
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Analysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detectionAnalysis of-credit-card-fault-detection
Analysis of-credit-card-fault-detection
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
 
Credit Cards
Credit CardsCredit Cards
Credit Cards
 

Similaire à Credit Card Frauds

Id Theft
Id TheftId Theft
Id Theftmojo_5
 
Area of impact -banking and finance
Area of impact -banking and financeArea of impact -banking and finance
Area of impact -banking and financeJia
 
Virtual money, internet, privacy, piracy & e-commerce
Virtual money, internet, privacy, piracy & e-commerceVirtual money, internet, privacy, piracy & e-commerce
Virtual money, internet, privacy, piracy & e-commerceVijayan Ganapathy
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemWarren Smith
 
Avoiding Fraud and Identity Theft - October 2008
Avoiding Fraud and Identity Theft - October 2008Avoiding Fraud and Identity Theft - October 2008
Avoiding Fraud and Identity Theft - October 2008FinancialCenter
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008ClubHack
 
Ec2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systemsEc2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systemsNuth Otanasap
 
Identity Theft Investigator Training
Identity Theft Investigator TrainingIdentity Theft Investigator Training
Identity Theft Investigator TrainingSLINGR
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft Rahmat Inggi
 

Similaire à Credit Card Frauds (20)

Id Theft
Id TheftId Theft
Id Theft
 
Area of impact -banking and finance
Area of impact -banking and financeArea of impact -banking and finance
Area of impact -banking and finance
 
ATM
ATMATM
ATM
 
Payments & Its Innovations
Payments & Its InnovationsPayments & Its Innovations
Payments & Its Innovations
 
PLASTIC MONEY
PLASTIC MONEYPLASTIC MONEY
PLASTIC MONEY
 
Virtual money, internet, privacy, piracy & e-commerce
Virtual money, internet, privacy, piracy & e-commerceVirtual money, internet, privacy, piracy & e-commerce
Virtual money, internet, privacy, piracy & e-commerce
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
 
Avoiding Fraud and Identity Theft - October 2008
Avoiding Fraud and Identity Theft - October 2008Avoiding Fraud and Identity Theft - October 2008
Avoiding Fraud and Identity Theft - October 2008
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
 
Frauds and scams
Frauds and scamsFrauds and scams
Frauds and scams
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
 
ID Theft
ID TheftID Theft
ID Theft
 
Ecommerce
EcommerceEcommerce
Ecommerce
 
Ec2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systemsEc2009 ch11 electronic payment systems
Ec2009 ch11 electronic payment systems
 
Identity Theft Investigator Training
Identity Theft Investigator TrainingIdentity Theft Investigator Training
Identity Theft Investigator Training
 
credit card theft
credit card theftcredit card theft
credit card theft
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Smart Cards
Smart CardsSmart Cards
Smart Cards
 
Identity Theft: The Other You
Identity Theft: The Other YouIdentity Theft: The Other You
Identity Theft: The Other You
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft
 

Plus de Rastislav Turek

Sociálne siete a bezpečnosť
Sociálne siete a bezpečnosťSociálne siete a bezpečnosť
Sociálne siete a bezpečnosťRastislav Turek
 
Socialne siete: navod pre deti
Socialne siete: navod pre detiSocialne siete: navod pre deti
Socialne siete: navod pre detiRastislav Turek
 
SYNOPSI Boyfriend Audit 2.0
SYNOPSI Boyfriend Audit 2.0SYNOPSI Boyfriend Audit 2.0
SYNOPSI Boyfriend Audit 2.0Rastislav Turek
 
Cílené útoky na klienty banky
Cílené útoky na klienty bankyCílené útoky na klienty banky
Cílené útoky na klienty bankyRastislav Turek
 
Slovenské deti a riziká virtuálneho priestoru
Slovenské deti a riziká virtuálneho priestoruSlovenské deti a riziká virtuálneho priestoru
Slovenské deti a riziká virtuálneho priestoruRastislav Turek
 
Rodičovská kontrola vo Windows Vista
Rodičovská kontrola vo Windows VistaRodičovská kontrola vo Windows Vista
Rodičovská kontrola vo Windows VistaRastislav Turek
 
Vraj rodinách chýbajú pravidlá
Vraj rodinách chýbajú pravidláVraj rodinách chýbajú pravidlá
Vraj rodinách chýbajú pravidláRastislav Turek
 
Pravá zdravá strava alebo Jeden Vifon, prosím
Pravá zdravá strava alebo Jeden Vifon, prosímPravá zdravá strava alebo Jeden Vifon, prosím
Pravá zdravá strava alebo Jeden Vifon, prosímRastislav Turek
 
Information Security Survey in Slovak Republic 2008
Information Security Survey in Slovak Republic 2008Information Security Survey in Slovak Republic 2008
Information Security Survey in Slovak Republic 2008Rastislav Turek
 
Information Security Survey in Czech Republic 2007
Information Security Survey in Czech Republic 2007Information Security Survey in Czech Republic 2007
Information Security Survey in Czech Republic 2007Rastislav Turek
 

Plus de Rastislav Turek (13)

Sociálne siete a bezpečnosť
Sociálne siete a bezpečnosťSociálne siete a bezpečnosť
Sociálne siete a bezpečnosť
 
Socialne siete: navod pre deti
Socialne siete: navod pre detiSocialne siete: navod pre deti
Socialne siete: navod pre deti
 
SYNOPSI Boyfriend Audit 2.0
SYNOPSI Boyfriend Audit 2.0SYNOPSI Boyfriend Audit 2.0
SYNOPSI Boyfriend Audit 2.0
 
Cílené útoky na klienty banky
Cílené útoky na klienty bankyCílené útoky na klienty banky
Cílené útoky na klienty banky
 
Slovenské deti a riziká virtuálneho priestoru
Slovenské deti a riziká virtuálneho priestoruSlovenské deti a riziká virtuálneho priestoru
Slovenské deti a riziká virtuálneho priestoru
 
Rodičovská kontrola vo Windows Vista
Rodičovská kontrola vo Windows VistaRodičovská kontrola vo Windows Vista
Rodičovská kontrola vo Windows Vista
 
Vraj rodinách chýbajú pravidlá
Vraj rodinách chýbajú pravidláVraj rodinách chýbajú pravidlá
Vraj rodinách chýbajú pravidlá
 
Pravá zdravá strava alebo Jeden Vifon, prosím
Pravá zdravá strava alebo Jeden Vifon, prosímPravá zdravá strava alebo Jeden Vifon, prosím
Pravá zdravá strava alebo Jeden Vifon, prosím
 
Information Security Survey in Slovak Republic 2008
Information Security Survey in Slovak Republic 2008Information Security Survey in Slovak Republic 2008
Information Security Survey in Slovak Republic 2008
 
Information Security Survey in Czech Republic 2007
Information Security Survey in Czech Republic 2007Information Security Survey in Czech Republic 2007
Information Security Survey in Czech Republic 2007
 
OWASP Testing Guide v3
OWASP Testing Guide v3OWASP Testing Guide v3
OWASP Testing Guide v3
 
Practical Web Attacks
Practical Web AttacksPractical Web Attacks
Practical Web Attacks
 
Synopsi Barcamp
Synopsi BarcampSynopsi Barcamp
Synopsi Barcamp
 

Dernier

VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...dipikadinghjn ( Why You Choose Us? ) Escorts
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Call Girls in Nagpur High Profile
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Call Girls in Nagpur High Profile
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Vinodha Devi
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfGale Pooley
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Basic concepts related to Financial modelling
Basic concepts related to Financial modellingBasic concepts related to Financial modelling
Basic concepts related to Financial modellingbaijup5
 

Dernier (20)

VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
 
Basic concepts related to Financial modelling
Basic concepts related to Financial modellingBasic concepts related to Financial modelling
Basic concepts related to Financial modelling
 

Credit Card Frauds

  • 1. CREDIT CARD FRAUDS RASTISLAV TUREK
  • 2. Who am i Blogger (blog.synopsi.com) Slovak Independent security consultant (synopsi.com) Twitterholic (almost 6 500 tweets in year and half) Technologist
  • 3. Before we start … little survey Do you know the differences between credit and debit card? Do you have one or two debit or credit cards? Do you have more than two cards? Do you know what credit card number means? Did somebody steal money from you card?
  • 4. History of Credit Cards First credit card (1920” in US) Diners Club (1950) First modern credit card company American Express (1958) BankAmericard (1958) later Visa Everything Card (1967) later Master Charge (1969) later Master Card (1979)
  • 5.
  • 8.
  • 14.
  • 15.
  • 16. Card number All magnetic stripe identification cards are generated in ISO/IEC 7812 Almost every issued card number can be validated with Luhn “mod 10” algorithm You can check your card via IS (BIN) on http://bins.bankinfo.sk
  • 17.
  • 18. Issued bank (HSBC, Citibank, Commerce AG, …)
  • 19. Exact card type (Credit Gold, Debit Business, …)
  • 20. Issuer phone number for card blocking* Card Number Length
  • 21.
  • 22.
  • 23. Card security elements Magnetic Stripe Track 1B4888603170607238^Head/Potato^050510100000000001203191805191000000 Track 24888603170607238=05051011203191805191 Track 2 plus/se (Track 3)014888603170607238==0401000000000000003000000000000007020===0= Track 2 can be generated manually from track 1 and vice versa. Also Track 3 can be generated from Track 1, but not vice versa.
  • 24. Card security elements Chip More secure than Magnetic stripe Same CHIP as in GSM SIM cards (not encryption) Encrypted data by 3DES or RSA Key set is usually loaded (DES) or generated (RSA) After decryption, there are similar tracks as in Magnetic stripe Chip (Track 2)4974101234567890=0810221xxxxxx40600004970891234567890=0909221xxxxxx3000000 Magnetic (Track 2)4974101234567890=0810221xxxxxx02100004970891234567890=0909221xxxxxx3370000
  • 25. 3-D Secure XML based protocol Always using SSL connection You are buying something from a merchant He will redirects you to payment processor page (encrypted) You’ll enter card information (encrypted) Payment processor checks if you card is valid for VBV/MSC/JSC If it’s ok, it redirects you to card issuer website (your bank). Many banks are outsourcing this step, then you can be redirected to different website (encrypted) You’re prompted to fill up form (if you’re there for first time), or fill up password (SMS code, etc.) (encrypted) If verification passed, you are redirected back to payment processor website which will check your supplied card data (encrypted) And at the last step you are redirected back to merchant website Card security elements
  • 26. Card transactions ATM, POS and Internet payments works very similar, there are just little differences. You give card to a merchant He puts it in to POS terminal POS terminal send important information to payment processor (encrypted) Payment processor checks who is a issuer and ask him if your card is ok, if you have enough money for this transaction (encrypted) Bank will send response (only YES, NO) to payment processor (encrypted) Payment processor sends response to your merchant (encrypted) If response is positive, you’ll get your stuff
  • 27. Frauds There are many ways how to steal from people But there are just few ways how to cash money from stolen cards There is bran new business just for this In this part you will see business models of thieves You will see real life examples, from real businesses used by these people
  • 28.
  • 36. generated card http://www.ic3.gov/media/annualreports.aspx
  • 37. Business models Universal business model to get cash from stolen credit cards Sometimes one person is able to serve several positions
  • 38. Position: Hacker His job is get credit card with all accessible information Middle dangerous position As a “freelancer” will get only approximately $1 for each working card In a group he gets smallest cut How he gets credit cards? SQLi on websites (mostly eShops) Hacking payment processors (millions cards) Eavesdropping traffic in mall all cards are checked before selling
  • 39. Hacker’s Pricelist Talking about “freelancer” Prices mostly depends on amount of information He can get much more, if he can provide information like balance of credit on the card, SSN, DOB, MMN, etc. all cards are checked before selling
  • 40. Position: Skimmer His job is get cards information from Magnetic Stripe / Chip / RFID Very dangerous position As a “freelancer” will get approximately $25 for each working card
  • 41. Skimmer’s Pricelist Talking about “freelancer” Price depends on type of card, issued country and bank He can get much more, if he can provide information about balance Price also depends on source of card (Hotels have high value, restaurants have low value, …) all cards are checked before selling
  • 47. Position: Phisher/Vhisher His job is to get information about cards by using social engineering Low dangerous position Success only in 0.001% from all sent emails (depends on quality of email and site) He mostly get all information about card and his owner (on black market known as Fullz, high valuable cards) In 65% he also get access to owners email and in 47% is the target site PayPal Vhishing is form of phishing but over the phone (much more successful)
  • 48. Phisher’sPricelist Talking about “freelancer” High valuable cards They’re mostly selling with cards PayPal, MoneyBookers, eBay, RapidShare, … accounts. Declined Fullz can be used for shopping with “Bill Me Later, PayPal Later, …” all cards are checked before selling Talking about Fullz (SSN, DOB, MMN, PIN, …)
  • 51.
  • 52. Web (mostly forum) [mazafaka.cc, cardingzone.org,…]
  • 53. SILC (most exclusive) [access only for invited people]
  • 54. Mail discussions [access only for invited people]To get access to private black markets you need to be invited from 5 or more people and pay from $1 000 to $10 000
  • 56.
  • 57. Liberty Reserve (Very similar as eGold, but HQ is in Costa Rica)Exchange service can be used to cover much more identity, which will transfer money from one service to another in few seconds for big fees (5% - 25%, depends on services). There exists more than 500 Exchange services, and 95% are from China, Russia, Costa Rica, Belize, Seychelles, etc. Many rippers (frauders) on ordinary black markets
  • 60. Position: Buyer / Cashier His job is use cards for buying stuff to safe drop Low dangerous position Must have very good skills, know security of payment gateways and eShops Many times he need to confirm orders by additional information about card owner, like background, SSN, MMN, DOB Sometimes he need to confirm orders by phone conversation Buyers have mostly very good access to all information from 3rd party services They have access to high valuable proxys, which can be chosen by country and city and are also high anonymous (not sending any proxy identificators) If are they independent, they are asking for 10% - 25% from goods price If they’re working in group, they get 30% - 60% from sold prices
  • 61. Position: Drop His job is pick-up money or ordered goods Very dangerous position Safe drops for money are used for wire transfers, or WesterUnion orders Many times is drop for WesterUnion WU Agent in country like Thailand, Indonesia, India, etc. Good drops often use homeless or asocial people for picking goods from UPS, Fedex, or Post Independent drops takes 20% - 50% from goods or money In group they takes 20% - 40% from goods selling price or money They’re also cashing skimmed cards Mostly in countries like Thailand or Italy, because of countries block (Many US, AU, CA, … cards are blocked for countries like Germany, Slovakia, Russia, etc. Card owner can withdraw money from card in a bank with assistance of bankers)
  • 62. How to … Real life examples
  • 63. How to get cards Most ordinary way is to hack eShop Most popular technique is SQLi
  • 64. How to check card validity Most ordinary way is to use “Donate us” form on any foundation website to make payment on small amount ($0.1 - $15) Much more sophisticated is to use three step payment processors, which can tell in first step, if a card is valid, in second will check AVS (adress verification system), if address and zip are same as in card and in third will try to make payment An hacker can stop this in first or second step and not make payment on card Bigger chance not loose this card
  • 65. How to get SSN, DOB, … In US, UK, DE, etc. law enforcements, firefighter, doctors in hospitals, employments in social security and lawyers, have access to this information There are always people, who wants make more money
  • 66.
  • 67. Example of such a request:
  • 72.
  • 73. How to get proxy for exact city Every buyer/carder needs good proxy for exact city in exact country/state as is his stolen credit card. Many eShops and payment processors are using GeoIP localization Anyone can buy proxies from specialized russian service, which is using botnet to provide socks 5 proxies. They can be ordered by country, state, city and speed They’re offering approximately 250 000 working proxies from almost every country in the World
  • 74.
  • 75. They’re using 3-D secure and every order must be confirmed online via phone.
  • 76. Phone number must be same as in credit card file in the issuer database and they’re asking for background information (if it’s available).
  • 77. Cashier need to have access to good VoIP service to change displayed number, good information about card owner (including background) and also there must be very good drop, to receive this money.
  • 78. Many times is drop original Western Union Agent in countries like Thailand, India, China, etc.
  • 79.
  • 80. …and if you are asking yourself: Why would somebody risk long jailtime? here is the answer
  • 81.
  • 82. Thank you Rastislav Turek turek@synopsi.com +1 (615) SYN-OPSI