Carders have caused a lot of damage to ordinary cardholders by stealing money from their credit cards. This criminal industry in demand nowadays and it is only growing along with the increases of people using their cards online.
Carders use different hacking methods in order to obtain the data, which is necessary to make a transaction. After they gain access to such information, they pull out the cash from the credit or debit card. Carding is forbidden by law, so carders are not able to make a transfer of money to their own accounts.
One of the most popular ways of cleaning the money and hiding the tracks is purchasing something from an online shop and reselling it later. Such transactions cause financial and reputational damages both to banks, which issued the stolen credit cards and the shops, where the goods were sold for criminal money.
In order to prevent such losses, there exist several security measures implemented by online payment processors. The most popular of them are:
• CVV – card verification value. This is the number on the backside of the card, which might be used for confirmation of owning the card.
• Payer authentication – a process of confirmation of the transaction by the bank. They call the cardholder and ask, whether he really made a corresponding transaction.
• Multifactor authentication – a process of confirming identity by other means than username and password. Most common tool is a text message with a code, sent to the cardholder’s phone number.
• CAPTCHA – online shopping terminals use CAPTCHA’s to prevent bots from testing stolen card data.
• Frequency check – the system automatically checks the amount of transactions from one user and in case there are too many of them, the terminal stops operating with that card.
• Address comparison – the system compares the address entered as the delivery address with the address indicated by the card issuer.
The websites sometimes use several of the protection measures in order to reduce the risks and scare away the most of scammers. However, these methods do not grant full security, as advanced carders may sometimes have access to the SSN’s, e-mail accounts, cell phones, addresses or other data of the users. As for the anti-robot security measures it is only a matter of time for each of them to become outdated, because bot developers are constantly working on passing such protections.