Ethical Hacking and
Countermeasures
Countermeasures
Version 6
Mod le LVIII
Mod
u
le LVIII
Credit Card Frauds
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />Module Objectives
This module will familiarize you with:
•E-Crime
• Credit Card Fraud
• Credit Card Generator
• Credit Card Fraud Detection
• Credit Card Prank
Ti M M d C di
•
Ti
ps

to
M

anage
M
oney

an
d C
re
di
t
• Best Practices
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
E-Crime
Credit Card Prank
Credit Card Fraud
Tips to Manage Money and Credit
Credit Card Fraud Detection
Best Practices
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
E-Crime
E
-
crime is when a computer or other electronic communications
E
crime is when a computer or other electronic communications
devices (e.g. mobile phones) are used to commit an offence; be it

the target of an offence or act as a storage device in an offence
Source: />Common offences committed via
E
Crime:
• Credit Card Fraud
Oli ti f d
E
-
Crime:
•
O
n
li
ne

auc
ti
on
f
rau
d
• Computer Hacking
• Forwarding of Offensive/Menacing or Harassing
Emails
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Statistics
Source: />2007
2008

Source:
http://www cybersource com
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source:
http://www
.
cybersource
.
com
Credit Card
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />Credit Card Fraud
Credit Card Fraud
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Study
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />Case Study
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />Credit Card Fraud
Credit card fraud is a theft and fraud carried out using a credit card or any alike

t h i f k f f d t ti
paymen
t
mec
h
an
i
sm

as

a
f
a
k
e

source
f
or
f
un
d t
ransac
ti
on
Common type of credit card fraud happens when an offender purchases an item
online or by telephone, by utilizing a credit card number that they have obtained
lfll
un

l
aw
f
u
lly
These numbers can be obtained from:
• A credit card generator site on the Internet
•
An unscrupulous retail merchant retaining credit card numbers processed
These numbers can be obtained from:
•
An unscrupulous retail merchant retaining credit card numbers processed
through a retail outlet and using them unlawfully
• Offenders who utilize skimming machines to record multiple credit card
numbers via retail outlets
•Sourcin
g
discarded co
p
ies of credit card vouchers via waste rece
p
tacles
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
gp p
• Hacking into computers where credit card numbers are stored
Credit Card Fraud Over Internet
Credit Card Fraud Over Internet is a term used for unauthorized and
ill l f dit d t h t th I t t

ill
ega
l
use

o
f
a

cre
dit
car
d t
o

purc
h
ase

proper
t
y

over
th
e
I
n
t
erne

t
The fraudster uses the credit card or debit card of another person for
tti
t
ransac
ti
on
Types of fraud:
Credit Card Mail
Order Fraud
Chargeback
Fraud
Skimming
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Net Credit/Debit Card Fraud In The
US After Gross Charge
-
Offs
US After Gross Charge
Offs
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: />C dit C d G t
C
re
dit C
ar

d G
enera
t
ors
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Credit Card Generator
www.darkcoding.net
www.darkcoding.net
Credit Card Generator is a command line
hhh d
Pyt
h
on program w
h
ic
h
uses PHP script an
d

JavaScript
It generates credit card numbers that are used
to test e-commerce sites
It generates 13 and 16 digit VISA, MasterCard,
and Amex numbers
If installed, it can steal passwords, credit card
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

numbers, and bank details

RockLegend’s !Credit Card
Generator
Generator
RockLegend’s !Credit Card Generator Generates/Validates
Credit card Numbers
Credit card Numbers
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Credit Wizard
w
ww.creditcard
g
enerator.or
g
gg
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Cdi Cd F d D i
C
re
di
t
C
ar
d F
rau

d D
etect
i
on
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
/>Credit Card Fraud Detection
Technique: Pattern Detection
Technique: Pattern Detection
This techni
q
ue identifies a
p
erson as a fraudster if:
qp
Multiple orders are placed which are to be
delivered to the same address
,

b
ut usin
g

,b g
different credit cards

Multiple orders are being sent from the
IP dd
same
IP
a
dd
ress
The credit card number varies b
y
onl
y
a few
yy
digits
Use
r

r
epeated
l
y sub
mi
ts sa
m
e c
r
ed
i
t ca
r

d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Use epeated y sub ts sa e c ed t ca d
number with different expiry dates
Credit Card Fraud Detection
Technique: Fraud Screening
Technique: Fraud Screening
It is a part of CyberSource Decision Manager
This technology is enhanced by Visa, which
provides fraud risk prediction scores by assessing
d ibl
over

150

or
d
er

var
i
a
bl
es

These order variables include domestic and
These order variables include domestic and
international address validation, and domestic

and international IP address verification
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Credit Card Fraud Detection
Technique: Fraud Screening (cont
’
d)
Technique: Fraud Screening (cont d)
Features:
• Shown to control fraud to as little as 0.5%
Features:
• Automatically identifies whether an order is valid or
potentially fraudulent in real time
• Patented global identity morphing detection
•
Detailed, web
-
based reports
Detailed, web
based reports
Benefits:
• Detects more single-event fraud as soon as it occurs
Dt t f d t d ikl
Benefits:
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
•
D

e
t
ec
t
s
f
rau
d t
ren
d
s

more

qu
i
c
kl
y

• Minimizes time, cost of manual review
Fraud Screening: Screenshot
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
XCART: Online fraud Screening
Service
Service
EC-Council
Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited