The Null Device

A discussion on Ask Metafilter about credit card fraud spawned a rather interesting comment from a former fraud detection department employee about what makes credit card transactions look suspicious:

Testing charges. These are usually online charges through known online vendors that a scammer can use to test a card number as valid. These have been mentioned before in the thread, but there were certain vendors that would fade in and out of popularity (I'm not naming names) that would allow very small (usually 1 dollar) charges on a card and produce some sort of digital product that allowed them to verify “yes this card works” or “no, this card is already being monitored”. They also told us that sometimes there were random guessing programs just trying to stumble across cards (as cards follow certain numbering rules, making it slightly more probable, and there being so many unused cards like college students get at football games and never touch). I'm not sure that I believe that last part, but that's what they told us. So Amazon MP3 followed by newegg... probably going to get called.

My first task was to take a look at the charge that specifically tripped the fraud alarm. I would look at it and first think to myself “Do they have a history of this?” I would compare this against demographics. An 80 year old woman who buys food for 6 months, and all of a sudden a charge coming through from steam? Probably not passing on that one. A 20 year old college student who charges everything from clothes to books, and then an iTunes purchase? Maybe they just got an iPod, I'll pass on it.

Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably. I could see previous history through a comment log. Other operators (regardless of department) are obligated to comment each interaction with an account. For example, after working an account that I passed on I might write: “CHRGS COMING FROM OOS (out of state) BUT GAS TRAIL FROM HOME LOCATION TO CURRENT LOCATION PLUS HISTORY OF TRVL. N/A”

(via MeFi) ¶ credit cards crime deception forensics fraud 0

It has emerged that organised crime gangs modified hundreds of credit/debit card terminals at the Chinese factory they were made at, installing a GSM module and SIM card, which was then used to send stolen credit card data to a number in Pakistan, and also receive instructions on what to target. The terminals, which were distributed across Europe, remained undetected for a long time, stealing only small numbers of details, only arousing suspicion when a security guard noticed mobile phone interference near the checkout area.

The corrupted devices are an extra three to four ounces heavier because of the additional parts they contain, and the simplest way to identify them has been to weigh them. A MasterCard International investigator said: "As recently as a month ago, there were several teams of people roaming around Europe putting the machines on scales and weighing them. It sounds kind of old school, but the only other way would be to tear them apart."

The illicit transactions took place at least two months after the information had been stolen, making it difficult for investigators to work out what had happened.

But after six months of fruitless investigation, investigators spotted an attempt at a similar fraud on a card which had only been used in one location in Britain. The chip and pin machine from the particular store was passed to MasterCard's international fraud lab in Manchester for inspection.

(via Schneier) ¶ credit cards crime fraud gibson's law ingenuity mobile phones pakistan security 0