Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Underground Ecosystem Of Credit Card Frauds

Published byCaitlin Hodges Modified over 7 years ago

Similar presentations

Presentation on theme: "The Underground Ecosystem Of Credit Card Frauds"— Presentation transcript:

1 The Underground Ecosystem Of Credit Card Frauds
Abhinav Singh @abhinavbom #malwaremustdie

2 Agenda Brief Introduction to Card based Payment Systems.
POS Malwares and the Data dumps. Understanding the Underground Shopping Mall. Money flow, Demand & Supply Future Scope, Challenges & Solutions

3 Processing Card Payments

4 Key Components

5 POS RAM Scrapping Malware In a Nutshell
? ; = ?#112$$&&5yygfrbg*7567 RAM Temporarily Stores the Unencrypted Data MAL.EXE Starts Reading the data in the Primary Memory MAL Meaningful Data is written on Disk Running Processes

6 Dumped Data %B4096654104697113^SINGH/ABHINAV^
? ; = ?

7 Inside the Plastic Card
Image source: Blog.cisco.com

8 Track 1 & 2 Block Diagram %B ^SINGH/ABHINAV^ ?; = ?

9 3 Steps to Multi Million Dollar Fraud
Attack Sell Shop

10 The Underground Shopping Mall
Malware Authors, Phishing Attackers, Skimmers, Exploiters Etc. Forums and Online Shops Buyers Specialized Services

11 Malware Authors, Phishing Attackers, Skimmers, Exploiters
Financially Motivated. Insider threat, 3rd Party IT Service Provider, Outsider threat Background in Payment Processing and related service development

12 Forums and Online Shops

13 Buyers Profile ranges from Newbies to Regular and experienced customers. Can Buy single CC, Dumps of Fullz. Can purchase cards with specific options like Country and City of issue, Card Issuer Bank, Brand(Visa, Master, Amex etc), Genre(Classic, Platinum, Gold etc) Purchase is made using Crypto currencies, wire transfer or money transfer. The price of a single card detail would depend on factors like Brand, Genre, expiry date etc. The cost of dump is calculated based on number of CC details it has. Fullz can be slightly more expensive than others as it contains more detailed information about the card owner.

14

15 Online Carding Offline Carding Buyer

16 Online Carding Process of using the stolen credit card details for purchasing goods online. “Fullz” or details including CVV, Registered Address, Phone etc. is required. Finding a “Cardable” Website.

17 Cardable Website

18 Offline/In-store Carding
Generating Counterfeit cards. Choose shop/cash-out options. Pick up specialized services based on fraud options.

19 Generating Counterfeit Cards
Magnetic Stripe Reader. Plastic cards/Expired cards/Counterfeit printed cards. Encoder Software.

20 Generating Counterfeit Cards
Software: MSRE, TheJerm, Exeba etc.

21 Specialized Services in Fraud Ecosystem
Runner Dropper Shopper

22 Runners Individual or group specializing in ATM cash withdrawals.
Often generate multiple counterfeit cards for single card to do multiple withdrawals In a go. Have Fake digital wallet, crypto currency, online money transfer accounts to safely withdraw money from stolen cards. Runners are the risk bearers; hence their profit margin is also high. They usually charge the carder between 40 to 60 percent of the money stolen in a single run.

23

24

25 Droppers Serves as the drop point for goods purchased online, thus securing the identity of the actual buyer Works by renting apartments, finding empty houses, registering PO Boxes on fake IDs. Since the Dropper bares a fair amount of risk, his profit percent varies between 30 to 50 percent.

26

27

28 Shoppers Shopper specializes in shopping with the counterfeit cards provide by the carder. The Shopper can be an individual or a group that specializes in conducting nervousness-free shopping of goods using the fake cards. The shoppers also have Fail-safe techniques to doge the payment supervisor in case the card fails to authenticate. Profit cut in the range of 10 to 20 percent. The profit margin for Shoppers depends on the type of good the carder wants them to purchase. Expensive luxury items would require a larger profit share to be paid to the shopper.

29 Demand & Supply Any new disclosure about POS breach suddenly raises the demand for fresh CC dumps in the market. This leads to a rise in price of new dumps. The problem arises when the demand is less and supply is huge. to keep up the momentum, the shop owners and sellers begin lowering the price of their dumps and cards. This brings down the market valuation thus creating deficit.

30 Demand & Supply Cost Supply (per 1000 cards) Time (per set of
100 dumps) Supply (per 1000 cards) Time (in months) (per 100 dumps)

31 Credit Card fraud Ecosystem in a Nutshell

32 Future Scope, Challenges & Solutions
Credit card fraud has been around for years now and with time, the model has grown stronger and better with each passing day. The major challenge that this ecosystem faces is double fraud. The payment industry has been dealing with this issue seriously but the problem lies in the widespread reach of card usage. Enforcing a global policy is not easy. Solutions like EMV or Chip-and-Pin cards and RFID cards exist.

33 Questions

Download ppt "The Underground Ecosystem Of Credit Card Frauds"

Similar presentations

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,

Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,
Payment Systems for Electronic Commerce

Payment Systems for Electronic Commerce
Electronic Payment. Amounts transferred through accounts Money transfer instructions Bank’s computer system Other banks / Businesses.

Electronic Payment. Amounts transferred through accounts Money transfer instructions Bank’s computer system Other banks / Businesses.
17-2 Financial Services and Electronic Banking. Types of financial services Savings services Financial institutions accept money for safekeeping. A broad.

17-2 Financial Services and Electronic Banking. Types of financial services Savings services Financial institutions accept money for safekeeping. A broad.
Chapter 5 The Banking System

Chapter 5 The Banking System
Copyright 2007 Thomson South-Western Chapter 5 Banking Procedures.

Copyright 2007 Thomson South-Western Chapter 5 Banking Procedures.
Banking: 101 1. Checking Account What is a Checking Account? An account where money is deposited and kept for day-to-day expenses Also called demand deposit.

Banking: Checking Account What is a Checking Account? An account where money is deposited and kept for day-to-day expenses Also called demand deposit.
Banking: 101 1.

Banking:
Economics Paycheck.

Economics Paycheck.
© 2008. Oklahoma State Department of Education. All rights reserved.1 Credit Cards: More Than Plastic Standard 8. 1 Credit Cards and Online Shopping.

© Oklahoma State Department of Education. All rights reserved.1 Credit Cards: More Than Plastic Standard 8. 1 Credit Cards and Online Shopping.
© 2014 CustomerXPs Software Pvt Ltd | www.customerxps.com | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
The next generation of payments is here. Is your business ready?

The next generation of payments is here. Is your business ready?
Trade Management  Module 4.  Learning Objectives:  Managing receivables  Securing receivables  Sales documentation.

Trade Management  Module 4.  Learning Objectives:  Managing receivables  Securing receivables  Sales documentation.
Business Administration term 4 2008 project 2 (25%) financial Management Systems Debit card and credit card payments By Ashleigh Gray.

Business Administration term project 2 (25%) financial Management Systems Debit card and credit card payments By Ashleigh Gray.
Banking Savings Checking Credit Cards

Banking Savings Checking Credit Cards
Mr. Stasa © You should be able to:  Identify the different parts of a personal check  Complete a personal check  Endorse.

Mr. Stasa © You should be able to:  Identify the different parts of a personal check  Complete a personal check  Endorse.
Stop cybercrime, protect privacy, save world. Chris Monteiro Cybercrime, dark web and internet security researcher Systems administrator Pirate / Digital.

Stop cybercrime, protect privacy, save world. Chris Monteiro Cybercrime, dark web and internet security researcher Systems administrator Pirate / Digital.
Electronic Payment. Amounts transferred through accounts Money transfer instructions Bank’s computer system Other banks / Businesses.

Electronic Payment. Amounts transferred through accounts Money transfer instructions Bank’s computer system Other banks / Businesses.
Checking & Savings Accounts Economics 2015. What is a Checking Account?  Common financial service used by many consumers (a place to keep money)  Funds.

Checking & Savings Accounts Economics What is a Checking Account?  Common financial service used by many consumers (a place to keep money)  Funds.

Similar presentations

Ads by Google