«

»

Aug
09

Credit Card Fraud: Anatomy of a credit card hack

Who doesn’t have a credit card in today’s day and age? Everything seems to be about plastic money. A credit card makes it easier for you to make cash transactions; it comes with loyalty points which can be redeemed for cash vouchers or other freebies. It is all about convenience and anything else seems to be a value added service of sorts. The present generation seems to be carrying more credit cards around than the earlier one.
The belief in the need to carry liquid cash in one’s pockets is now diminishing. I once was in a situation where I was at a friend’s place and he had no cash to give the pizza delivery guy. Nobody in the house had any cash on them – they only had credit cards, and they were sadly not going to work in this case. This is what it has come to-you can’t keep track of how many credit cards you have and yet you want more.
People often forget that this privilege of having a credit card comes with a great and formidable disadvantage. A credit card system is completely digitized and is therefore quite vulnerable to cyber attacks. Once stolen, a credit card’s information can do heavy damage to your bank account or other personal savings. It is very easy to actually manipulate people or online systems into revealing this information. In fact, it is like child’s play to some.
It is what we call credit card fraud, and we know vaguely how one goes about performing it. I am going to discuss 3 concise methods of how one could go about performing the aforementioned fraud.

1. Social Engineering :-

This refers to extracting information directly from the user by interacting with him/her, being next to them when they are using their card to get their number, using your knowledge of their lifestyle to guess their pin number, using bank databases etc. We have already seen numerous cases of credit card fraud by people either at banks or at prominent shopping centres. Although effective, this method rarely works as one will almost definitely be caught. There are advanced methods of social engineering too wherein you make a fake website which directly interacts with the customer, and you intercept all their information thereafter from the server. But again, very few people fall for that. Credit card swiping machines can also be rigged but in almost all successful social engineering cases, perpetrator has had to somehow be directly in contact with the victim.
2. Advanced Cracking Techniques:-

When we fill up our credit card credentials and press the submit button, the information we have entered is encrypted and transferred via the SSL (Secure Sockets Layer)- a transport layer-to the bank, where these credentials are authenticated and transferred back to us with an acknowledgement signal signifying a successful handshake. This completes our payment process and we are directed to the receipt page.
To make understanding easier, this can be imagined via the following example: Let us define 4 roles-the buyer, the middle man or authenticating party and the seller. Assume that I want to buy an apple worth 20 rupees.

1. I will write on a piece of paper that “I want an apple worth 20 rupees” and hand it over to the middle man.

2. This is then encrypted by the middle man as “J XBOU BO BQQMF XPSUI 31 SVQFFT” and taken to the authenticating party who authenticates payment by decrypting the code and making the required payment to the middleman

3. The middle man now takes it to the seller. The seller accepts payment and produces a receipt.

What a perpetrator can do is to hijack the information being carried by the “middle man” in stage 2 itself. That is to say, if I am the perpetrator, I can intercept the middle man, ask him for the encrypted message, try and decode it, then take the same decrypted message to the seller, take the payment and be on my way.
The problem is that the middle man is always trusted. This type of attack is called a called a Session Hijack attack or a Man In The Middle (MITM) Attack.
A perpetrator can intercept information travelling through the SSL layer, decode it and obtain all your personal Credit information. For this to happen, all that he needs to do is be on the same network as you. So if you are at a cyber cafe making a transaction, or if you happen to be sitting at a coffee cafe buying something online over ‘WI-FI’, you are susceptible to such attacks, as this information can be intercepted over ‘WI-FI’ or via cyber cafe networks.

3. Credit Card Number Generation:-

Let us take an arbitrary Credit Card number: 4417 1234 5678 9112

The 1st digit is the industry identifier, the 7th and following digits are the person’s account number, and the last digit is a checksum for algorithm correction. The first 6 digits signify whether the card is Visa, MasterCard etc.

Here, the first “4” means Banking Industry(1 or 2 would have meant airline industry, 3 would have meant travel so on and so forth). People with enough programming knowledge can actually create programs to replicate working credit card numbers. I shall now explain an easy method to verify a credit card number’s authenticity with the help of an algorithm.

• Starting with the first digit, multiply every other digit of the Credit Card number by 2
• Now rewrite the original number with the resultant numbers side by side
• Add each number individually
• If the final sum is divisible by 10 then the credit card number is valid

So it can be easily seen how someone with this knowledge can actually program a valid credit card number generator.

Credit card fraud is a growing menace in our society and I hope this article has served to enlighten you about the ways in which this menace is perpetrated.

Hopefully this has made the readers a bit more wary of the credit card fraud situation prevalent now-a-days.

11 comments

No ping yet

  1. Sameer Gupta says:

    Highly informative. Must read for the younger generation that tends to overuse & replace money with credit cards. Thanks for sharing!

  2. SHREESTI GHOSH says:

    totally agree !

  3. guild wars 2 gold says:

    Good way of explaining, and pleasant piece of writing to take facts concerning my presentation subject matter, which i am going to convey in school.

  4. VSP EDUCATION says:

    Yes Post Is Right

  5. Replica rolex says:

    I have recently started a site, the information you provide on this website has helped me greatly. Thank you for all of your time & work.

  6. handbag articles says:

    My bro bookmarked this webpage for me and I have been reading through it for the past couple hrs. This is really going to benefit me and my friends for our class project. By the way, I enjoy the way you write.

  7. handbag articles says:

    Just to let you know, this content looks a little bit weird from my android phone. Who knows maybe it really is just my phone. Great post by the way.

  8. adidas online says:

    A single function that tends to make this printer convenient for users is that it has direct photo printing functions. If you have photographs in PictBridge-enabled cameras, memory disks, or USB flash disks, you can print photographs straight even without a laptop.

  9. Michael kors purse on sale says:

    Fantastic page design, even better page. The only thing is, I have been having a bit of trouble bringing up this page, not sure if it’s my connectivity or what. Seems like other responders might be having the same issue. Thanks for the info anyway! Cheers, Mate!

  10. http://zhoucn9999.skyrock.com/ says:

    View of one’s articles I like, there is absolutely no such short article. I would like to collections.If you have longer hair similar articles.It Thank you so a great deal.

  11. seo software says:

    I’m really impressed with your writing skills as well as with the layout on your blog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see a nice blog like this one nowadays..

Comments have been disabled.