Online Fraud Keywords Explained (Part 2)

Hey, Before reading this please read my first article about this title. (Part 1)

PAYMENT PROCESSORS: A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels such as credit cards and debit cards for merchant acquiring banks. They are usually broken down into two types: front-end and back-end. Front-end processors have connections to various card associations and supply authorization and settlement services to the merchant banks’ merchants. Back-end processors accept settlements from front-end processors and, via The Federal Reserve Bank, for example, move the money from the issuing bank to the merchant bank. In an operation that will usually take a few seconds, the payment processor will both check the details received by forwarding them to the respective card’s issuing bank or card association for verification and also carry out a series of anti-fraud measures against the transaction. Additional paraments, including the card’s country of issue and its previous payment history, are also used to gauge the probability of the transaction being approved. Once the payment processor has received confirmation that the credit card details have been verified, the information will be relayed back via the payment gateway to the merchant, who will then complete the payment transaction. If verification is denied by the card association, the payment processor will relay the information to the merchant, who will then decline the transaction. Such examples of payment processors are Square, PayPal, Stripe, and Flint.

PAYMENT GATEWAYS: This is a merchant service provided by an e-commerce website that authorizes credit card or direct payments processing for e-businesses, online retailers, or traditional brick and mortar stores. The payment gateway may be provided by a bank to its customers but can be provided by a specialized financial service provider as a separate service. It facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone, or interactive voice response service) and the front-end processor or acquiring bank. Here’s how a typical transaction plays out.

  1. A customer places an order on a website by pressing the “Submit Order” or equivalent button, or perhaps enters their card details using an automatic phone answering service.
  2. If the order is via a website, the customer’s web browser encrypts the information to be sent between the browser and the merchant’s webserver. In between other methods, this may be done via SSL encryption. The payment gateway may allot transaction data to be sent directly from the customer’s browser to the gateway, bypassing the merchant’s systems. This reduces the merchant’s Payment Card Industry Data Security Standard compliance obligations without redirecting the customer away from the website.
  3. The merchant then forwards the transaction details to their payment gateway.
  4. The payment gateway converts the message from XML to ISO 8583 or a variant message format and then forwards the transaction information to the payment processor used by the merchant’s acquiring bank.
  5. The payment processor forwards the transaction information to the card association (e.g. Visa/Mastercard/AMEX). If an American Express or Discover Card was used, then the card association also acts as the issuing bank and directly provides a response of approved or declined to the payment gateway. Otherwise, the card association routes the transaction to the correct card issuing bank.
  6. The credit card issuing bank receives the authorization request, verifies the credit or debit available, and then sends a response back to the processor with a response code (approved or denied). In addition to communicating the fate of the authorization request, the response code is also used to define the reason why the transaction failed (e.g. insufficient funds, or bank link not available). Meanwhile, the credit card issuer holds an authorization associated with that merchant and consumer for the approved amount. This can impact the consumer’s ability to spend further (because it reduces the line of credit available or it puts a hold on a portion of the funds in a debit account).
  7. The processor forwards the authorization response to the payment gateway.
  8. The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted as a relevant response then relayed back to the merchant and cardholder. This is known as the Authorization or “Auth”
  9. This entire process typically takes 2-3 seconds.

WEB DOMAIN: This is traditionally known as the name or URL of a website and is sometimes called the hostname. The hostname is a more memorable name to stand in for the numeric, and hard to remember, IP address of a website. This allows website visitors to find and return to a web page more easily. It also allows advertisers the ability to give a website a memorable name that visitors will remember and come to, hopefully leading to conversions for the web page. The flexibility of website domains allows several IP addresses to be linked to the same website domain, thus giving a website several different pages while remaining at the easily remembered address.

VIRTUAL CARDING: This is the process of purchasing physical or digital goods online using someone else’s credit/debit card details.

PHYSICAL CARDING: This is the process of purchasing physical goods by going to an actual physical store in person and using pre-made credit cards with dumps punched in them to conduct fraudulent transactions. Transactions are also possible to be conducted with an Android phone using NFC payments with TR1+TR2 data.

CARDING: Term used when referring to using someone else’s CVV details to conduct a fraudulent purchase on an online website or physically in person in a store using DUMPS. For example, we can CARD a cellphone using someone else’s details through Amazon, or CARD a $400 belt at a Gucci Store using dumps that were punched into a blank card using devices specifically made for such purposes.

CARDHOLDER: The owner of the CVV that we’re using to conduct the fraudulent transaction.

BILLING ADDRESS: An address directly attached to a CVV. This is where the card holder’s bank sends his bills, hence the name BILLING.

SHIPPING/MAILING ADDRESS: An address used exclusively to receive mail. Most websites do not allow transactions to be accepted if the billing address on a credit card and the shipping address provided to the website are different.

AVS & NON-AVS: AVS stands for Address Verification System. This is a system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. AVS is used by mostly all merchants in the US, Canada, and the UK. Because AVS only verifies the numeric portion of the address, certain anomalies like apartment numbers can cause false declines; however, it is reported to be a rare occurrence. AVS verifies the numeric portions of a cardholder’s billing address. For example, if the address is 101 Main Street, Highland, CA 92346, United States, AVS will check 101 and 92346. Cardholders may receive false negatives, or partial declines for AVS from e-commerce verification systems, which may require manual overrides, voice authorization, or reprogramming of the AVS entries by the card-issuing bank. Cardholders with a bank that does not support AVS may receive an error from Internet stores due to a lack of data. All countries besides UK, US & Canada, are NON-AVS.

VBV & NON-VBV: This is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions. VBV stands for Verified by Visa. This is used to validate the card holder’s identity and prevent fraudulent transactions. It works by asking for additional information either from the cardholder directly or by analyzing data behind the scenes to see if the purchase fits the usual payment behavior. When a website and a card have been Verified by Visa, a message box pops up on the screen after you have entered the Visa card details. You are then asked to identify yourself with your Verified by Visa password or a code sent to your phone. What you need to do at this stage varies but your bank will tell you about the method they use and what they expect from you. If you don’t notice the VBV message box appearing but instead see a revolving wheel, all the security associated with VBV is still happening but in the background. And you don’t need to do anything. The bank is verifying the purchase by making background checks to see that everything is at it should be. Any Visa card that does not have the above feature in place, is known as NON-VBV and you should ultimately look for NONVBV cards instead of VBV because as you can see this verification process is a huge hassle.

MASTERCARD SECURE CODE (MCSC): MasterCard SecureCode is very much similar to Visa’s VBV. It is a private code for a MasterCard account that gives the cardholder an additional layer of online shopping security. Only the cardholder and the financial institution know what the code is, merchants are not able to see it. Fortunately, the majority of MasterCard cards do not have this security in place.


AMERICAN EXPRESS SAFE KEY: This is one of the least used security measures around, and it is not even available in the United States. However, it is the same thing as MasterCard SecureCode and Visa’s VBV.


NEAR-FIELD COMMUNICATION (NFC): NFC technology lets smartphones and other enabled devices communicate with other devices containing an NFC tag. It is widely used as a payment method, all you have to do is swipe your smartphone at the checkout in any store, and most stores support NFC. Apple Pay, for example, uses NFC.


SSN: Social Security Number. This is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents in the United States. Although its primary purpose is to track individuals for Social Security purposes, the Social Security number has become the national identification number for taxation and other purposes. SSN is frequently used by those involved in identity theft since it is interconnected with many other forms of identification, and because people asking for it treat as an authenticator. Financial institutions generally require an SSN to set up bank accounts, credit cards, and loans-partly because they assume that no one except the person it was issued to knows it.

MMN: Mother’s Maiden Name. This is the name of someone’s mother BEFORE they got married, that is, her name with her original family name (or “surname”), the name she used when she was a girl and a young woman. “Maiden” here means “unmarried woman”. So “maiden name” refers to a woman’s name when she was still an unmarried woman. In many cultures, when a woman gets married, she takes the family name of her husband’s family, so her name changes. For example, let us say your mother’s name was Mary and she was born into the Smith family. Her maiden name would be “Mary Smith”. Then, let us say, she married your father, who’s name was Tom Jones. When she married him, she became Mary Jones. That is her married name, but her maiden name will always be Mary Smith. This is one of the most important aspects of conducting successful transactions online for high-value products, as most banks ask this as a security question for making any changes to the account.

DOB: Date of Birth. This is one of the most important pieces of information you can get on your victim. The reason for that is because, with the date of birth, full name, and hometown, you can easily find the person’s SSN. And also because you need this information if the bank ever asks you for it.

MAIL DROP: A mail drop is a location where you are able to freely receive illegal products that were either carded or drugs. You never want to use your own house for these purposes as it will bring a lot of headaches for you in the future. With a mail drop, you can use it let’s say a month, and never show your face there again. This will make it extremely hard for any law enforcement official to track you down and arrest you or conduct an investigation into your life.

BIN: Bank Identification Number. These is the first four to six numbers that appear on a credit card. The bank identification number uniquely identifies the institution issuing the card. The BIN is key in the process of matching transactions to the issuer of the charge card. This numbering system also applies to charge cards, gift cards, debit cards, prepaid cards, and even electronic benefit cards. This numbering system helps identify identity theft or potential security breaches by comparing data, such as the address of the institution issuing the card and the address of the cardholder. The first digit of the BIN specifies the Major Industry Identifier, such as airline, banking, or travel, and the next five digits specify the issuing institution or bank. For example, the MII for a Visa credit card starts with a 4. The BIN helps merchants evaluate and assess their payment card transactions. After submitting the first four to six digits of the card, the online retailer can detect which institution issued the customer’s card, the card brand (such as Visa or MasterCard), the card level (such as corporate or platinum), the card type (such as debit card or a credit card), and the issuing bank country. BINs can be check through the websites below.

• https://www.bincodes.com/bin-checker/
• http://binchecker.com/
• https://bincheck.org/
• https://binlists.com/

PROXY SERVER: Every time you reach out to a website or connect with anyone online, your online connection gives your computer “address” to the site/person you’re connecting with. This is so that the other end knows how to send information back to your computer. That address is your public IP address. IP stands for Internet Protocol and you can check yours by going to whoer.net. Without an IP address, you wouldn’t be able to do any Internet/online activity and others online wouldn’t be able to reach you. It is how you connect to the world. Your IP address comes from your Internet Service Provider (ISP). Unfortunately, there are a lot of privacy concerns when it comes to public IP addresses such as

• Your IP address identifies where you are in the world, sometimes to the street level.
• It can be used by websites to block you from accessing their content.
• It ultimately ties your name and home address to your IP address, because someone is paying for an Internet connection at a specific location.

A proxy lets you go online under a different IP address identity. You don’t change your Internet provider; you simply get a proxy server. A proxy server is a computer on the web that redirects your web browsing activity. Here’s what that means.

• Normally, when you type in a website name (Amazon.com or any other), your Internet Service Provider (ISP) makes the request for you and connects you with the destination-and reveals your real IP address, as mentioned
before.
• When you use a proxy, your online requests get rerouted.
• While using a proxy, your Internet request goes from your computer to your ISP as usual, but then gets sent to the proxy server, and then to the website/destination. Along the way, the proxy uses the IP address you chose in your setup, masking your real IP address.

Proxy servers are commonly used by identity thieves to fake their location to the cardholder’s billing address. The reason for that is because some websites will not allow a transaction to be accepted if the purchase is being made from a location much farther away than the cardholder’s billing address.

BANK DROPS: Bank drops are bank accounts that are opened specifically for the purpose of storing your dirty funds. Once you open them, you can decide whether you wish to withdraw the funds directly from the account as cash by going to the bank ATM, or possibly clean them with specific methods, and only after cleaning them, cashing them out (my preferred method and much safer). It is important to mention also, that all bank drop accounts, are opened ONLY with the information of someone else (aka FULLZ), so there is absolutely no possibility of these dirty funds ever being traced back to your real identity. To open one of these bank drop accounts, you will usually require the person’s DOB + SSN + DL + BACKGROUND CHECK + FULL CREDIT REPORT + MVR/DRIVING RECORD for maximum success.

PROXY SCORE: When it comes to fraud detection, finding proxies is a big topic. Fraud detection begins with thinking intelligently about the IP address associated with a transaction. Where is that IP address, and how does that location relate to other transaction data? Whereas most IP addresses inspire confidence, those associated with a proxy generate suspicion. As the name suggests, a proxy acts as an intermediary, passing requests from one computer to other servers. But although there are legitimate uses of proxies, fraudsters are well known to use proxies. Detecting proxies comes with two challenges. The first is how to recognize an IP address as a proxy. The second is how to distinguish a “good” proxy from a “bad” one; since by definition, a proxy is merely an intermediary, a proxy is not high risk in and of itself. To consider how best to address these challenges, it’s helpful to look to the primary goal of eCommerce fraud detection: thinking intelligently about the IP address associated with a transaction in order to assess risk. Fraud detection uses transaction data as the basis for this thinking and risk assessment. Using this data and analysis, they’re able to gain insight into the kind of traffic on a particular IP address. The Proxy Score is a summary of the risk associated with an IP address. You want this to be as low as possible (0.80 MAX). Anything above 0.80, you should move on and look for another proxy as that will lead to a declined transaction 70-80% of the time. You can check your proxy score on the websites below. Ideally, you want the lowest proxy score that you can find, I have used RDPs with a proxy score of 0.01 many times.

• https://getipintel.net/
• https://www.maxmind.com/en/request-service-trial?service_minfraud=1 (FREE TRIAL)
• xdedicvhnguh5s6k.onion (private RDP provider website, but the best one to check this kind of stuff, send me a PM and I will send you an invite)

FRAUD SCORE: Every online transaction is given what is called a “Fraud Score”. This is a number ranging between 0 and 999. It gives the merchant a number from which he can determine if a given transaction is fraudulent or not. Transactions that are given high fraud scores (over 300) are placed under manual verification by an agent, who will decide if they contact the cardholder or let it through. Scores [email protected] 16 over 500 with auto-decline, will block the card and an agent will immediately contact the cardholder.


Some banks have different criteria but certain things that can affect the fraud score are:

• Comparison with the usual spending pattern of the cardholder
• Location of the charge
• Amount
• Risk factor associated with the merchant

For example, a $15.56 charge in the cardholder’s local Walmart will not trigger anything, while a purchase of $2000 on Newegg will have an extremely high fraud score and probably auto-decline if the cardholder rarely makes purchases online.

RISK SCORE: This is a percentage given to each transaction that ranges from 0.00% to 100.00%. The factors that determine this score are whether an IP address, email, device, and proxy used are high risk or low risk. This is determined by fraud systems that websites have in places such as MaxMind, which establishes the reputations of IP addresses, emails, geolocation, and other parameters. This should always be checked before purchasing an RDP. Anything above 1.00% will lead to declined transactions most of the time.

MAC ADDRESS: Whether you work in a wired network or a wireless one, one thing is common for both environments. It takes both network software and hardware (cables, routers, etc.) to transfer data from your computer to another or from a computer thousands of miles away to yours. In the end, to get the data you want right to YOU, it comes down to addresses. So not surprisingly, along with an IP address, there’s also a hardware address. Typically, it is tied to a key connection device in your computer called the network interface card, or NIC. The NIC is essentially a computer circuit card that makes it possible for your computer to connect to a network. A NIC turns data into an electrical signal that can be transmitted over the network.

Every NIC has a hardware address that’s known as a MAC, for Media Access Control. Where IP addresses are associated with TCP/IP (networking software), MAC addresses are linked to the hardware of network adapters. A MAC address is given to a network adapter when it is manufactured. It is hardwired or hard-coded onto your computer’s network interface card (NIC) and is unique to it.

Unfortunately, a MAC address can be used by law enforcement in combination with Internet Service Providers, to find someone’s true location and consequently his identity. Further in this guide, I will explain how to mitigate this risk.

VIRTUAL PRIVATE NETWORK (VPN): An essential step of conducting a successful fraudulent transaction, is having a VPN. Most of you already know what this is, but for those of you who don’t, VPNs are used to funnel your entire traffic to an encrypted tunnel. This way, none of your traffic is able to be captured by your ISP or an attacker, and consequently sniffed upon. Nor can your real location be revealed if you are using a good and reliable VPN that prevents DNS leaks. This will be discussed in more detail further in this guide.

RDP: Remote Desktop Protocol. This is a protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. You can, for example, be using a Linux machine, and connect to a Windows 7 RDP. RDPs are absolutely essential to conducting a successful fraudulent transaction, especially HACKED RESIDENTIAL RDPs. The reason for that is because these RDPs are from a REAL PERSON, with a REAL LOCATION/IP, and REAL COMPUTER and BROWSER FINGERPRINT. They will exponentially increase your success rate. They will also be discussed in more detail further in this guide.

SOCKS5: This is a proxy server that allows us to fake our real location. This is very good if let’s say, we have a credit card with a billing address in Miami, we can use a SOCKS5 near the billing address in Miami so that the website we are conducting the fraudulent transaction in doesn’t raise our fraud score because the transaction [email protected] 18 is being conducted in another state/far away from the credit card’s billing address as this will lead to a declined transaction most of the time.

VIRTUAL MACHINE: This is an emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. They allow you to run an operating system using an app window on your desktop that behaves like a full, separate computer. The most used software for virtual machines is respectively, Virtual Box and VMWare. Unfortunately, they are not as reliable as using an RDP, but they are very good to CONNECT to an RDP, so as to leave no traces on your original computer. Windows and OS X are still not reliable enough in the aspect of leaving no traces, as the virtual machine in these operating systems, will leak information to the host OS, and consequently leave a lot of illegal evidence/traces on your computer that could later be used as potential evidence in an investigation. However, you should never let it get to that point in the first place.

Akalanka Ekanayakehttps://akalanka.uk
Security Researcher & Explorer

Related Stories

Advertisement

Discover

Learn How To Manage Your Stress Using 10 Tips!

These days it is hard not to be weighed down once in a while....

Online Fraud Keywords Explained (Part 2)

Hey, Before reading this please read my first article about this title. (Part 1)PAYMENT...

Online/Physical Carding Explained (Online Fraud Part 1)

Fraud is something I have been doing for many years, even before internet fraud...

Exploiting DOM Based Cross-site Scripting (XSS) [location.href]

I just recently found exploitable DOM Based XSS vulnerability because of Vulnerable JavaScript dependency(Jquery).Okay,...

Downloading music from Spotify without DRM protection.

DRM, short for Digital Rights Management, is created to protect copyrights and restrict the...

The drugs that improve your sexual life.

This might be an interesting article for all of you. There are so many...

Popular Categories

Comments

LEAVE A REPLY

Please enter your comment!
Please enter your name here