1 / 28

Friendly Fraud

Learn how to protect your business from different types of fraud, including friendly fraud, synthetic fraud, card-not-present fraud, and more. Discover key takeaways and strategies to minimize the risk of fraudulent activities.

bfontenot
Download Presentation

Friendly Fraud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Friendly Fraud

  2. Takeaways • If Customers can Manipulate for Profit, Fraudsters Will • Variations on Name or Address • Repeats of Type of Excuse • Empty Box • Not all Items • Not Received • Leaky Battery

  3. Takeaways, cont. • Policy of Your Processor • Payment by Prepaid Debit • Never Leave Package, Always Signature • Police Report • Slow Things Down

  4. Synthetic Fraud

  5. Takeaways • Social Security Number Issued Recently or Unable to be Determined • Primary Tradeline from Secured Source • Usually Capital One • Other Primaries from Subprime Type Sources • Credit One • First Premier

  6. Takeaways, cont. • Authorized User Tradelines from Non-Relatives with Outstanding Credit • Other Suspicious Authorized User Tradelines • Age of Credit history • Rapid Credit Boost • Thin File

  7. CNP Fraud

  8. Carding

  9. Two Types • In Store • Online

  10. Instore: Presenting a Physical Card in a Retail Environment

  11. Online: Card Not Present (CNP)

  12. Examples of CNP Fraud • Physical Items to Controlled Drops • Physical Items to Buyer Drops • Physical Items to Reshipper • Virtual Items to Controlled Email • Virtual Items to 3rd Party Email • Payment Processor Fraud (Stripe) • Online Orders for Instore Pickup • All Phone Orders

  13. Carder Behavior

  14. Flavors of the Month • Mobile Phones • RDP • AntiDetect with Socks5

  15. iPhone • Less Security on Mobile Devices • Apple designed to be Extremely Difficult to Fingerprint • Appears as Local • Multiple SIMs

  16. RDP • Local IP to Cardholder • Fresh Fingerprint • Consistent • Residential

  17. AntiDetect with Socks5

  18. What does Antidetect do? • Works to defeat browser fingerprinting by quickly and easily allowing the user to spoof— • Browser type (Safari, IE, Chrome, Etc.) • Version • Language • User Agent • Flash Version • Number and type of other plugins • Operating system • CPU type • Time Zone • Screen Resolution • And Much, Much More!

  19. Basic Antidetect Carding Setup • Carder signs on to VPN outside of virtual machine. • Open Virtual machine • Use proxy manager with socks5 for local address spoof • Use Antidetect to generate new browser config • Use stolen credit card from same area as socks5 • Verify Card is Active • Purchase

  20. Walkthrough • Purchase Local Card Info from High Rated Vendor • Prefers Citi (balance and last transaction) • Email Creation • Free • Academic • Paid • RDP or Socks5 from Same City as Cardholder • Use VPN to Connect to RDP or Socks • Log in to RDP, Download Firefox, Disable webrtc

  21. Walkthrough, cont’d • Check IP on IPtrace, whoer.net, IP-score to Make Sure Everthing is Clean • Download Useragent Changer and Change to Safari on Mac or iPad • Go to Target Website • Sign Up with Full Name, Email, Burner Phone, Drop Address • Age Cookie • Order then Call Customer Service • Added Advice From a Carder

  22. Or You Can Just Use an iPhone or Call It In

  23. Takeaways • Understand How and Why Your Business will be Targeted • Beware Alternate Addresses • Carding Days Are Monday-Wednesday for Shipped Items • Beware Priority Shipping • Age of Email Address

  24. Takeaways, cont. • For Suspicious Orders • Call or Text Billing Number • No Priority Shipping • Direct Signature Required • Check Shipping Address • Require Buyer to List Alternate Address with Bank

  25. ATO Fraud

  26. Takeaways • Different Device Logging In • Different IP Logging In • or VPN • or Proxy • Change of Behavior • Password Change Followed by Conspicuous Behavior

  27. Takeaways, cont. • Add Alternate Address • Add Alternate Payment • Change of Address • Multiple Login Attempts • Abnormal Software or Device Configs

  28. Questions?

More Related