Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Beginners Questions
Bank cards [lecture, 2023]
Message
<blockquote data-quote="Skyworld" data-source="post: 156" data-attributes="member: 14"><p>- Merchant: actually, an online point of sale of goods with a checking account, where funds for the goods should eventually arrive. Many people confuse merchant and what is more correct to call payment gateway. These are different entities, but in carder slang, to simplify, we talk about them as a single whole (about merch);</p><p></p><p>- Payment Gateway (payment gateway) is a technology that allows you to connect a merchant with a processing center and an acquiring bank;</p><p></p><p>- Processing Center is a high-tech system for processing bank card payments in the field of e-commerce. Accepts data from payment gateways, processes and redirects them to the issuing bank;</p><p></p><p>- Acquiring bank (merchant bank): a bank that is a member of the global payment system (Visa/MC, etc.) and allows businesses to accept payments using bank cards;</p><p></p><p>- Issuing Bank (CH Bank) : a bank that is also a member of the global payment system and has issued a card to the holder;</p><p></p><p>- The Global Payment System (Visa/MC, etc.) is an organization that regulates and performs interbank settlements. In simple words, it allows you to transfer money from the account of the issuing bank to the account of the acquiring bank and handles the entire process that takes place at the same time.</p><p></p><p>(20:23:16) Pustota: After pressing the Place Order button, first the data gets into the shop's anti-fraud system.</p><p></p><p>And decides whether to skip the order further automatically, send it to manual verification or give an instant decline. At this stage, in most cases, the card data has not yet gone beyond the shop</p><p></p><p>(20:24:13) Pustota: If the anti-fraud check is successfully passed, or the manager manually approved the order, the payment process continues. After the order is approved, your data is collected, encrypted and transmitted to the Payment Gateway. In turn, he evaluates the transaction according to his criteria (gateways have their own anti-fraud systems that allow detecting suspicious patterns) and can immediately deploy the payment</p><p></p><p>(20:25:18) Pustota: Let's say the KX transaction seemed legitimate to the gateway - in this case, it passes all the data on to the processing center. The processing center again checks its criteria for fraudulent transactions and decides whether to forward the transaction further. If the processing center liked everything, the transaction goes through the global payment system to the issuing bank</p><p></p><p>(20:26:01) Pustota: The issuing bank analyzes the transactions of KX and if the transaction seems out of the ordinary to him (for example, KX has never bought anything more than $100 from the card, and you suddenly try to drive a gold bar for $10k) - it can also wrap the transaction (at least, before KX calls the bank and verifies such a transaction, usually accompanied by a decent number of questions, the answers to which in theory should be known only to KX)</p><p></p><p>(20:26:26) Pustota: The issuing bank also looks at the limits set by the holder and, of course, the availability of available own/credit funds</p><p></p><p>(20:27:27) Pustota: If it seems to the issuing bank that everything is in order, it sends a positive response to the acquiring bank back through the global payment system, which, in turn, returns the result of a successful transaction to the payment gateway and the gateway informs you and the shop managers directly about the successful payment.(20:28:51) Pustota: Now do you understand why the fact that you have a card with a known balance on your hands does not give you confidence in a successful drive-in? You are dealing with a multi-stage anti-fraud (shop, payment gateway, processing center and banks). Most of our activity when working with maps is to learn how to effectively bypass all the steps of anti-fraud. This is quite difficult, because there are always a lot of variables that are inaccessible to us, but competently analyzing the drives, sooner or later we find vulnerabilities that we exploit until they close</p><p></p><p>(20:30:02) Pustota: If we are talking about working with maps, then we have 2 main entities that we need to choose correctly in order to bypass the above-mentioned protection systems. The first is the technical side, namely, the correct configuration of the system, simulating that of a real holder (includes, for example, system languages, time zone, etc., IP address substitution using anonymizers (proxy servers, SSH tunnels, OVPN/PPTP configs, direct access to machines ((H)RDP, (H)VNC, etc.) and behavioral factors (imitation of the actions of a real user). In future lectures, we will somehow touch on both of these sides applicable to various areas in carding.</p></blockquote><p></p>
[QUOTE="Skyworld, post: 156, member: 14"] - Merchant: actually, an online point of sale of goods with a checking account, where funds for the goods should eventually arrive. Many people confuse merchant and what is more correct to call payment gateway. These are different entities, but in carder slang, to simplify, we talk about them as a single whole (about merch); - Payment Gateway (payment gateway) is a technology that allows you to connect a merchant with a processing center and an acquiring bank; - Processing Center is a high-tech system for processing bank card payments in the field of e-commerce. Accepts data from payment gateways, processes and redirects them to the issuing bank; - Acquiring bank (merchant bank): a bank that is a member of the global payment system (Visa/MC, etc.) and allows businesses to accept payments using bank cards; - Issuing Bank (CH Bank) : a bank that is also a member of the global payment system and has issued a card to the holder; - The Global Payment System (Visa/MC, etc.) is an organization that regulates and performs interbank settlements. In simple words, it allows you to transfer money from the account of the issuing bank to the account of the acquiring bank and handles the entire process that takes place at the same time. (20:23:16) Pustota: After pressing the Place Order button, first the data gets into the shop's anti-fraud system. And decides whether to skip the order further automatically, send it to manual verification or give an instant decline. At this stage, in most cases, the card data has not yet gone beyond the shop (20:24:13) Pustota: If the anti-fraud check is successfully passed, or the manager manually approved the order, the payment process continues. After the order is approved, your data is collected, encrypted and transmitted to the Payment Gateway. In turn, he evaluates the transaction according to his criteria (gateways have their own anti-fraud systems that allow detecting suspicious patterns) and can immediately deploy the payment (20:25:18) Pustota: Let's say the KX transaction seemed legitimate to the gateway - in this case, it passes all the data on to the processing center. The processing center again checks its criteria for fraudulent transactions and decides whether to forward the transaction further. If the processing center liked everything, the transaction goes through the global payment system to the issuing bank (20:26:01) Pustota: The issuing bank analyzes the transactions of KX and if the transaction seems out of the ordinary to him (for example, KX has never bought anything more than $100 from the card, and you suddenly try to drive a gold bar for $10k) - it can also wrap the transaction (at least, before KX calls the bank and verifies such a transaction, usually accompanied by a decent number of questions, the answers to which in theory should be known only to KX) (20:26:26) Pustota: The issuing bank also looks at the limits set by the holder and, of course, the availability of available own/credit funds (20:27:27) Pustota: If it seems to the issuing bank that everything is in order, it sends a positive response to the acquiring bank back through the global payment system, which, in turn, returns the result of a successful transaction to the payment gateway and the gateway informs you and the shop managers directly about the successful payment.(20:28:51) Pustota: Now do you understand why the fact that you have a card with a known balance on your hands does not give you confidence in a successful drive-in? You are dealing with a multi-stage anti-fraud (shop, payment gateway, processing center and banks). Most of our activity when working with maps is to learn how to effectively bypass all the steps of anti-fraud. This is quite difficult, because there are always a lot of variables that are inaccessible to us, but competently analyzing the drives, sooner or later we find vulnerabilities that we exploit until they close (20:30:02) Pustota: If we are talking about working with maps, then we have 2 main entities that we need to choose correctly in order to bypass the above-mentioned protection systems. The first is the technical side, namely, the correct configuration of the system, simulating that of a real holder (includes, for example, system languages, time zone, etc., IP address substitution using anonymizers (proxy servers, SSH tunnels, OVPN/PPTP configs, direct access to machines ((H)RDP, (H)VNC, etc.) and behavioral factors (imitation of the actions of a real user). In future lectures, we will somehow touch on both of these sides applicable to various areas in carding. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Beginners Questions
Bank cards [lecture, 2023]
Top