0
Ethical Hacking and
CountermeasuresCountermeasures
Version 6
Mod le LVIIIModule LVIII
Credit Card Frauds
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.wtoc...
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.sfga...
Module Objectives
This module will familiarize you with:
• E-Crime
• Credit Card Fraud
• Credit Card Generator
• Credit Ca...
Module Flow
E-Crime Credit Card Prank
Credit Card Fraud Tips to Manage Money and Credit
Credit Card Fraud Detection Best P...
E-Crime
E-crime is when a computer or other electronic communicationsE crime is when a computer or other electronic commun...
Statistics
Source: http://www.idsafety.net/
2007
2008
Source: http://www cybersource com
EC-Council
Copyright © by EC-Coun...
Credit Card
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://i...
Credit Card FraudCredit Card Fraud
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Proh...
Case Study
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://ww...
Case Study
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://ww...
Credit Card Fraud
Credit card fraud is a theft and fraud carried out using a credit card or any alike
t h i f k f f d t ti...
Credit Card Fraud Over Internet
Credit Card Fraud Over Internet is a term used for unauthorized and
ill l f dit d t h t th...
Net Credit/Debit Card Fraud In The
US After Gross Charge-OffsUS After Gross Charge Offs
EC-Council
Copyright © by EC-Counc...
C dit C d G tCredit Card Generators
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Pro...
Credit Card Generator
www.darkcoding.netwww.darkcoding.net
Credit Card Generator is a command line
h h h dPython program w...
RockLegend’s !Credit Card
GeneratorGenerator
RockLegend’s !Credit Card Generator Generates/Validates
Credit card NumbersCr...
Credit Wizard
www.creditcardgenerator.orgg g
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Str...
C di C d F d D iCredit Card Fraud Detection
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Stri...
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
http://www.businessweek...
Credit Card Fraud Detection
Technique: Pattern DetectionTechnique: Pattern Detection
This technique identifies a person as...
Credit Card Fraud Detection
Technique: Fraud ScreeningTechnique: Fraud Screening
It is a part of CyberSource Decision Mana...
Credit Card Fraud Detection
Technique: Fraud Screening (cont’d)Technique: Fraud Screening (cont d)
Features:
• Shown to co...
Fraud Screening: Screenshot
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
XCART: Online fraud Screening
ServiceService
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Str...
Card Watch
Card Watch is a UK banking industry initiative that aims to raise
awareness of card fraud prevention
It is mana...
www.cardwatch.org.uk
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
MaxMind Credit Card Fraud
DetectionDetection
MaxMind's minFraud is a leading cross-industry and cross-platform fraud
d t t...
MaxMind Credit Card Fraud
Detection (cont’d)Detection (cont d)
Key Benefits
• Reduces chargebacks, losses from fraudulent ...
www.maxmind.com
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
3D Secure
3D Secure authentication requires cardholders to
register their card to take advantage of this service
It is a o...
Limitations of 3D Secure
3D Secure authentication should not be used as a complete3 p
fraud prevention tool, but should be...
FraudLabs
FraudLabs is an XML-based service that validates online credit card
transactions
FraudLab’s web service screens ...
Screenshot 1
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Screenshot 2
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Screenshot 3
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
www.pago.de
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Pago Fraud Screening Process
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
http://www.usdoj.gov/cr...
What to do if you are a Victim of
a Frauda Fraud
When you use a credit card, you can be vulnerable to fraud,y , y ,
whethe...
Facts to be Noted by Consumers
A thief goes through trash to find discarded receipts or carbons, and
then uses your accoun...
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://chuckgal...
Best Practices
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Best Practices: Ways to Protect Your
Credit CardsCredit Cards
Sign your cards as soon as they arriveg y y
Never leave cred...
Best Practices: Ways to Protect Your
Credit Cards (cont’d)Credit Cards (cont d)
Never sign a blank receiptg p
Report lost ...
Summary
E-Crime is a term used to classify investigation of criminal offences,
where computers or other electronic devices...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Upcoming SlideShare
Loading in...5
×

Ce hv6 module 58 credit card frauds

128

Published on

Ce hv6 module 58 credit card frauds

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
128
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Ce hv6 module 58 credit card frauds"

  1. 1. Ethical Hacking and CountermeasuresCountermeasures Version 6 Mod le LVIIIModule LVIII Credit Card Frauds
  2. 2. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.wtoctv.com/
  3. 3. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.sfgate.com/
  4. 4. Module Objectives This module will familiarize you with: • E-Crime • Credit Card Fraud • Credit Card Generator • Credit Card Fraud Detection • Credit Card Prank Ti M M d C di• Tips to Manage Money and Credit • Best Practices EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  5. 5. Module Flow E-Crime Credit Card Prank Credit Card Fraud Tips to Manage Money and Credit Credit Card Fraud Detection Best Practices EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  6. 6. E-Crime E-crime is when a computer or other electronic communicationsE crime is when a computer or other electronic communications devices (e.g. mobile phones) are used to commit an offence; be it the target of an offence or act as a storage device in an offence Source: http://www.netalert.gov.au/ Common offences committed via E Crime: • Credit Card Fraud O li ti f d E-Crime: • Online auction fraud • Computer Hacking • Forwarding of Offensive/Menacing or Harassing Emails EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  7. 7. Statistics Source: http://www.idsafety.net/ 2007 2008 Source: http://www cybersource com EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.cybersource.com
  8. 8. Credit Card EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://i197.photobucket.com/
  9. 9. Credit Card FraudCredit Card Fraud EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  10. 10. Case Study EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.bfso.org.au/
  11. 11. Case Study EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.krollfraudsolutions.com/
  12. 12. Credit Card Fraud Credit card fraud is a theft and fraud carried out using a credit card or any alike t h i f k f f d t tipayment mechanism as a fake source for fund transaction Common type of credit card fraud happens when an offender purchases an item online or by telephone, by utilizing a credit card number that they have obtained l f llunlawfully These numbers can be obtained from: • A credit card generator site on the Internet • An unscrupulous retail merchant retaining credit card numbers processed These numbers can be obtained from: • An unscrupulous retail merchant retaining credit card numbers processed through a retail outlet and using them unlawfully • Offenders who utilize skimming machines to record multiple credit card numbers via retail outlets • Sourcing discarded copies of credit card vouchers via waste receptacles EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited g p p • Hacking into computers where credit card numbers are stored
  13. 13. Credit Card Fraud Over Internet Credit Card Fraud Over Internet is a term used for unauthorized and ill l f dit d t h t th I t tillegal use of a credit card to purchase property over the Internet The fraudster uses the credit card or debit card of another person for t titransaction Types of fraud: Credit Card Mail Order Fraud Chargeback Fraud Skimming EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  14. 14. Net Credit/Debit Card Fraud In The US After Gross Charge-OffsUS After Gross Charge Offs EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.epaynews.com/
  15. 15. C dit C d G tCredit Card Generators EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  16. 16. Credit Card Generator www.darkcoding.netwww.darkcoding.net Credit Card Generator is a command line h h h dPython program which uses PHP script and JavaScript It generates credit card numbers that are used to test e-commerce sites It generates 13 and 16 digit VISA, MasterCard, and Amex numbers If installed, it can steal passwords, credit card EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited numbers, and bank details
  17. 17. RockLegend’s !Credit Card GeneratorGenerator RockLegend’s !Credit Card Generator Generates/Validates Credit card NumbersCredit card Numbers EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  18. 18. Credit Wizard www.creditcardgenerator.orgg g EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  19. 19. C di C d F d D iCredit Card Fraud Detection EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  20. 20. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://www.businessweek.com/
  21. 21. Credit Card Fraud Detection Technique: Pattern DetectionTechnique: Pattern Detection This technique identifies a person as a fraudster if:q p Multiple orders are placed which are to be delivered to the same address, but using, b g different credit cards Multiple orders are being sent from the IP ddsame IP address The credit card number varies by only a fewy y digits User repeatedly submits same credit card EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Use epeated y sub ts sa e c ed t ca d number with different expiry dates
  22. 22. Credit Card Fraud Detection Technique: Fraud ScreeningTechnique: Fraud Screening It is a part of CyberSource Decision Manager This technology is enhanced by Visa, which provides fraud risk prediction scores by assessing d i blover 150 order variables These order variables include domestic andThese order variables include domestic and international address validation, and domestic and international IP address verification EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  23. 23. Credit Card Fraud Detection Technique: Fraud Screening (cont’d)Technique: Fraud Screening (cont d) Features: • Shown to control fraud to as little as 0.5% Features: • Automatically identifies whether an order is valid or potentially fraudulent in real time • Patented global identity morphing detection • Detailed, web-based reportsDetailed, web based reports Benefits: • Detects more single-event fraud as soon as it occurs D t t f d t d i kl Benefits: EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Detects fraud trends more quickly • Minimizes time, cost of manual review
  24. 24. Fraud Screening: Screenshot EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  25. 25. XCART: Online fraud Screening ServiceService EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  26. 26. Card Watch Card Watch is a UK banking industry initiative that aims to raise awareness of card fraud prevention It is managed by APACS, the UK payments association • Providing fraud prevention training for retail staff through retailer training programs and publications including the Spot & Stop Card Fraud training The Card Watch prevents credit card fraud by: programs and publications, including the Spot & Stop Card Fraud training materials • Encouraging staff vigilance and awareness to aid in the prevention of card crime • Providing fraud prevention advice for cardholders• Providing fraud prevention advice for cardholders • Providing education and support to police and crime reduction officers • Giving advice and assistance to other fraud prevention organizations such as Crime stoppers Running an annual card security initiative to increase awareness amongst EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Running an annual card security initiative to increase awareness amongst the public and other relevant stakeholders
  27. 27. www.cardwatch.org.uk EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  28. 28. MaxMind Credit Card Fraud DetectionDetection MaxMind's minFraud is a leading cross-industry and cross-platform fraud d t ti l ti d b i i h d l d i tdetection solution powered by various in-house developed proprietary technologies It l d i k f t f h li t ti i l ti th tIt analyzes and scores risk factors for each online transaction in real-time so that merchants can make better informed decisions, process more orders with less staff, and reduce the amount of time spent on manual review The minFraud service works in the background without the customer's knowledge and does not require the customer to go through extra steps during the checkout process For example, if MaxMind detects suspicious activity from an IP address, it will be flagged throughout the network in real-time, allowing for a more dynamic d d ti h t f d d t ti EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited and adaptive approach to fraud detection
  29. 29. MaxMind Credit Card Fraud Detection (cont’d)Detection (cont d) Key Benefits • Reduces chargebacks, losses from fraudulent orders, and fraud attempts • Mitigates the risks of selling cards worldwide where conventional y • Mitigates the risks of selling cards worldwide where conventional card-authorization tools may not be available • Saves on gateway and processing fees by filtering out fraudulent orders • Adds fraud detection capabilities for alternative payments likep b p y PayPal and ACH Key features • Geographical IP address location checking • High risk IP address and e-mail checking Key features EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Issuing bank BIN Number country matching minFraud Network • Post query analysis
  30. 30. www.maxmind.com EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  31. 31. 3D Secure 3D Secure authentication requires cardholders to register their card to take advantage of this service It is a one time process which takes place on the card issuer’s website and involves the cardholder answeringg several security questions to which only the card issuer and the cardholder have the answer 3D Secure can be thought of as an online version of ‘Chip and Pin’ technology, whereby the cardholder has a personalized password registered with his/her card EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited p p g / that is entered during the checkout process
  32. 32. Limitations of 3D Secure 3D Secure authentication should not be used as a complete3 p fraud prevention tool, but should be used in conjunction with existing fraud checks such as AVS and CVV2 to help minimize your risk of fraud Chargebacks can still occur even when they have been fully th ti t d b D Sauthenticated by 3D Secure EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  33. 33. FraudLabs FraudLabs is an XML-based service that validates online credit card transactions FraudLab’s web service screens and detects online credit card fraud FraudLabs is a proven solution to prevent chargebacks and reduce fraud for online merchants EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  34. 34. Screenshot 1 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  35. 35. Screenshot 2 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  36. 36. Screenshot 3 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  37. 37. www.pago.de EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  38. 38. Pago Fraud Screening Process EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  39. 39. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited http://www.usdoj.gov/criminal/cybercrime/butcherIndict.htm
  40. 40. What to do if you are a Victim of a Frauda Fraud When you use a credit card, you can be vulnerable to fraud,y , y , whether you pay online, over the phone, or even in person at your neighborhood grocery store If you think you have been the victim of fraud or a scam, immediately follow these steps: • Close any affected accounts • Change the passwords on all your online accountsg p y • Place a fraud alert on your credit reports • Contact the proper authorities • Record and save everything EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  41. 41. Facts to be Noted by Consumers A thief goes through trash to find discarded receipts or carbons, and then uses your account numbers illegally A dishonest clerk makes an extra imprint from your credit or charge card and ses it to make personal chargescard and uses it to make personal charges You respond to a mail asking you to call a long distance number for aYou respond to a mail asking you to call a long distance number for a free trip or bargain-priced travel package. You are told you must join a travel club first and you are asked for your account number so you can be billed. The catch! Charges you did not make are added to your bill, and you never get your trip EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited and you never get your trip Source: http://www.ftc.gov
  42. 42. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://chuckgallagher.wordpress.com
  43. 43. Best Practices EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  44. 44. Best Practices: Ways to Protect Your Credit CardsCredit Cards Sign your cards as soon as they arriveg y y Never leave credit cards unattended Protect your Personal Identification Number (PIN) or security code Ch k d h t d t ft hCheck your card when returned to you after a purchase Keep an eye on your card during the transaction, and get it back as quickly as possiblep Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place
  45. 45. Best Practices: Ways to Protect Your Credit Cards (cont’d)Credit Cards (cont d) Never sign a blank receiptg p Report lost or stolen cards immediately Destroy unwanted cards to avoid misuse Maintain a list of all your cards and their respective numbers, which is useful when lost or stolen cards are reported i d b h h lNever give your card number over the phone unless you are dealing with a reputable company Report any questionable charges promptly and in writing to EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report any questionable charges promptly and in writing to the card issuer
  46. 46. Summary E-Crime is a term used to classify investigation of criminal offences, where computers or other electronic devices have been used in somewhere computers or other electronic devices have been used in some manner to ease the commission of an offence Theft and fraud carried out using a credit card or any alike payment mechanism as a fake source of funds in a transaction When you use a credit card, you can be vulnerable to fraud, whether you pay online, over the phone, or even in person at your neighborhood grocery storeneighborhood grocery store Credit Card Generator software that generates credit card details to fool the basic checks which certain online stores do when you pay for EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited fool the basic checks which certain online stores do when you pay for goods
  47. 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  48. 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×