Friendly Fraud Takeaways If Customers can Manipulate for

  • Slides: 28
Download presentation
Friendly Fraud

Friendly Fraud

Takeaways • If Customers can Manipulate for Profit, Fraudsters Will • Variations on Name

Takeaways • If Customers can Manipulate for Profit, Fraudsters Will • Variations on Name or Address • Repeats of Type of Excuse • Empty Box • Not all Items • Not Received • Leaky Battery

Takeaways, cont. • Policy of Your Processor • Payment by Prepaid Debit • Never

Takeaways, cont. • Policy of Your Processor • Payment by Prepaid Debit • Never Leave Package, Always Signature • Police Report • Slow Things Down

Synthetic Fraud

Synthetic Fraud

Takeaways • Social Security Number Issued Recently or Unable to be Determined • Primary

Takeaways • Social Security Number Issued Recently or Unable to be Determined • Primary Tradeline from Secured Source • Usually Capital One • Other Primaries from Subprime Type Sources • Credit One • First Premier

Takeaways, cont. • Authorized User Tradelines from Non-Relatives with Outstanding Credit • Other Suspicious

Takeaways, cont. • Authorized User Tradelines from Non-Relatives with Outstanding Credit • Other Suspicious Authorized User Tradelines • Age of Credit history • Rapid Credit Boost • Thin File

CNP Fraud

CNP Fraud

Carding

Carding

Two Types • In Store • Online

Two Types • In Store • Online

Instore: Presenting a Physical Card in a Retail Environment

Instore: Presenting a Physical Card in a Retail Environment

Online: Card Not Present (CNP)

Online: Card Not Present (CNP)

Examples of CNP Fraud • Physical Items to Controlled Drops • Physical Items to

Examples of CNP Fraud • Physical Items to Controlled Drops • Physical Items to Buyer Drops • Physical Items to Reshipper • Virtual Items to Controlled Email • Virtual Items to 3 rd Party Email • Payment Processor Fraud (Stripe) • Online Orders for Instore Pickup • All Phone Orders

Carder Behavior

Carder Behavior

Flavors of the Month • Mobile Phones • RDP • Anti. Detect with Socks

Flavors of the Month • Mobile Phones • RDP • Anti. Detect with Socks 5

i. Phone • Less Security on Mobile Devices • Apple designed to be Extremely

i. Phone • Less Security on Mobile Devices • Apple designed to be Extremely Difficult to Fingerprint • Appears as Local • Multiple SIMs

RDP • Local IP to Cardholder • Fresh Fingerprint • Consistent • Residential

RDP • Local IP to Cardholder • Fresh Fingerprint • Consistent • Residential

Anti. Detect with Socks 5

Anti. Detect with Socks 5

What does Antidetect do? • Works to defeat browser fingerprinting by quickly and easily

What does Antidetect do? • Works to defeat browser fingerprinting by quickly and easily allowing the user to spoof— • • • Browser type (Safari, IE, Chrome, Etc. ) Version Language User Agent Flash Version Number and type of other plugins Operating system CPU type Time Zone Screen Resolution And Much, Much More!

Basic Antidetect Carding Setup • Carder signs on to VPN outside of virtual machine.

Basic Antidetect Carding Setup • Carder signs on to VPN outside of virtual machine. • Open Virtual machine • Use proxy manager with socks 5 for local address spoof • Use Antidetect to generate new browser config • Use stolen credit card from same area as socks 5 • Verify Card is Active • Purchase

Walkthrough • Purchase Local Card Info from High Rated Vendor • Prefers Citi (balance

Walkthrough • Purchase Local Card Info from High Rated Vendor • Prefers Citi (balance and last transaction) • Email Creation • Free • Academic • Paid • RDP or Socks 5 from Same City as Cardholder • Use VPN to Connect to RDP or Socks • Log in to RDP, Download Firefox, Disable webrtc

Walkthrough, cont’d • Check IP on IPtrace, whoer. net, IP-score to Make Sure Everthing

Walkthrough, cont’d • Check IP on IPtrace, whoer. net, IP-score to Make Sure Everthing is Clean • Download Useragent Changer and Change to Safari on Mac or i. Pad • Go to Target Website • Sign Up with Full Name, Email, Burner Phone, Drop Address • Age Cookie • Order then Call Customer Service • Added Advice From a Carder

Or You Can Just Use an i. Phone or Call It In

Or You Can Just Use an i. Phone or Call It In

Takeaways • Understand How and Why Your Business will be Targeted • Beware Alternate

Takeaways • Understand How and Why Your Business will be Targeted • Beware Alternate Addresses • Carding Days Are Monday-Wednesday for Shipped Items • Beware Priority Shipping • Age of Email Address

Takeaways, cont. • For Suspicious Orders • Call or Text Billing Number • No

Takeaways, cont. • For Suspicious Orders • Call or Text Billing Number • No Priority Shipping • Direct Signature Required • Check Shipping Address • Require Buyer to List Alternate Address with Bank

ATO Fraud

ATO Fraud

Takeaways • Different Device Logging In • Different IP Logging In • or VPN

Takeaways • Different Device Logging In • Different IP Logging In • or VPN • or Proxy • Change of Behavior • Password Change Followed by Conspicuous Behavior

Takeaways, cont. • Add Alternate Address • Add Alternate Payment • Change of Address

Takeaways, cont. • Add Alternate Address • Add Alternate Payment • Change of Address • Multiple Login Attempts • Abnormal Software or Device Configs

Questions?

Questions?