WWH education 20-21. Part 6. «Antifraud system»
Lecture#4 Antifraud system. 11.19.2020
Lecturer: InMafia
(18:54:20) InMafia: Hello everyone. For today I am your lecturer. The topic of our lecture: Antifraud system. Don't interrupt me, questions at the end.
(19:06:49) InMafia: And so, let's start with the definition:
Antifraud (hereinafter AF) is a system for monitoring and preventing fraudulent transactions, which checks each payment in real time, running them through dozens, and sometimes hundreds of filters.
(19:07:34) InMafia: The anti-fraud mechanisms work in such a way as to see if there is anything "unusual" in the payment. That is, AF scans our system completely to identify a fraudster from us by calculating FraudScore.
(19:09:26) InMafia: To understand and disassemble the whole system in more detail, let's look at the scheme by which the protection system works: http://prntscr.com/rudjr1
(19:09:55) InMafia: The buyer is the real owner of the card or the one who was able to receive data from it.
(19:10:36) InMafia: A trading company is an online shop (merch) in which this action takes place.
(19:11:42) InMafia: Electronic payment system - a service that processes and accepts payments.
(19:11:59) InMafia: Acquiring bank - a bank that provides data processing services to merchandise.
(19:12:10) InMafia: Payment system - responsible for transfers between banks.
(19:12:25) InMafia: Issuing bank - the bank that issued the card
(19:13:34) InMafia: As everyone knows, all sites on the Internet have their own data protection and processing system. In fact, an ordinary person making a purchase in some online store (hereinafter referred to as a shop) provides only basic information on the type of wallet, number, card, payment system, etc.
(19:14:17) InMafia: But in fact, there are much more filters and factors for checking your system.
There are some AF filters. List, we'll talk about this.
(19:14:24) InMafia: Basic AF Filters:
(19:15:05) InMafia: "Validators" - the validity of the details from which it is driven. If one \ several times they are not valid, the AF system will consider you a suspicious user.
(19:15:54) InMafia: "Geographic" - this filter compares your location by IP with the location of the actual owner of the account / card, the longer the distance, the more suspicion.
(19:16:58) InMafia: "Stop list" - some cards can get into the stop list because their owner has already called the bank. With PP accounts, the same situation can be. AF will immediately kick you in the ass.
(19:17:40) InMafia: "Matching parameters" - for example, the card with which you pay must match your IP and configured system. Otherwise AF will have questions.
(19:18:37) InMafia: "Authorization" - of course, if you jerk off 1 sock to authorize multiple accounts, AF will say goodbye.
(19:18:44) InMafia: There are 4 stages of AF system:
(19:18:48) InMafia: Green - no risks
(19:18:53) InMafia: Gray - ok
(19:18:58) InMafia: Yellow - risky
(19:19:01) InMafia: Orange - Big risk
(19:19:11) InMafia: Red - extreme risk
(19:19:43) InMafia: In other words, AF will scan your browser, IP address, cookies, etc. for suspicious activity.
(19:20:16) InMafia: That is, if we consider this system from our side (from the side of carders), our footprint should coincide as much as possible with the owner of the card / log / video and everything from which you can work.
(19:21:03) InMafia: Our task is to be as similar as possible to a real buyer with all possible data under the CH, otherwise the AF will have us in all the cracks.
(19:21:32) InMafia: AF has its own system for counting suspicious activity, not matching, and it is called differently: FraudScore, RiskScore, etc.
(19:22:12) InMafia: For each discrepancy, a certain number of points or percentages are accrued, according to the calculation of which, in the future, the fate of your drive is formed. Thanks to AF, a variety of errors can take off, not only CC \ PP but also many others.
(19:22:35) InMafia: Also, the anti-fraud system has its own list of restrictions that they place on payments, looking at factors such as:
(19:22:55) InMafia: - the number of purchases by the account holder or one card within a certain period of time.
(19:23:04) InMafia: - purchase amount
(19:23:25) InMafia: - the number of users who made or tried to make a payment with this card
(19:23:59) InMafia: - profile of a standard customer in the online store.
(19:25:48) InMafia: I would also like to emphasize that anti-fraud systems have their own labels, the so-called "triggers" by identifying which your actions are automatically marked as suspicious and the system is watching you more closely and verifies your data against a typical client (or its customer group) behavior
(19:26:38) InMafia: The most common suspicious transactions are:
(19:27:14) InMafia: - Payment from one card / account on different devices
(19:27:51) InMafia: - Different cards on one system (IP, cookies, account)
(19:28:16) InMafia: - Constant attempts to pay even after failure
(19:28:53) InMafia: - The difference between the name of the cardholder and the delivery address (the distance from the KX to the drop also plays a role).
(19:29:24) InMafia: In addition, AF in large shops often uses "fingerprints" of the user, the account owner (AC).
(19:30:13) InMafia: In short - in them it stores their activity, keyboard layout, time zone, IP address. The list goes on and on and is regularly updated.
(19:30:39) InMafia: You will learn more about this in the lecture on security.
(19:32:12) InMafia: By the way, in special cases when your RiskScore reaches a certain mark but does not cross it - you go to an anti-fraud analyst
(19:35:07) InMafia: which manually controls insufficiently suspicious payments and distinguishes the fraudster from the real buyer and the final decision of your transaction will depend not on one analyst - but on the aggregate of assessments of several analysts.
(19:36:16) InMafia: Let's look at this in more detail with some simple examples and see how the protection system works.
(19:37:45) InMafia: To begin with, an example: a regular user signs up in a shop. The client creates an account at [email protected], wanders around the shop, selects the product he needs for several hours. After that, he climbs into the billing and changes it.
(19:39:48) InMafia: Then he leaves the account for a week, after which he logs in again and immediately changes the billing and makes a spike. The system allows him to make these operations, but payments fall for more detailed processing by the employee, in other words - the fraud system sends him.
(19:39:55) InMafia: Let's see why:
(19:40:47) InMafia: In this situation, the first thing that catches your eye is the mail domain. Few people use such a domain and AF immediately starts to swear at it and gives the client 52 fraud points.
(19:42:06) InMafia: Besides, he created an account for himself quite quickly, not even a few minutes passed. Also, the fraud system can check this mail on different social networks to determine whether the person is a fraudster or not.
(19:42:35) InMafia: After the client has created an account, he immediately starts running through the tabs like crazy, after which he closed our site and went for a walk for two weeks.
(19:43:36) InMafia: After logging into an account after a long stay, he immediately starts changing the billing address to another, which already gives us AF points, but in addition to everything, his billing address differs from his IP by 1000 km.
(19:44:12) InMafia: This account is immediately marked Orange.
(19:46:22) InMafia: After that, our client starts to make orders like mad with different bills / spikes and gets a Red mark, after which the account can simply be thrown out
(19:46:31) InMafia: So, based on this small example, we can see the following:
(19:47:32) InMafia: AF system checks our registration data on other social networks to make sure that its client is human.
(19:48:57) InMafia: Next, it checks how quickly the account was created and what was done on it, for various actions on the account, fraud points can both decrease and increase, but more on that later.
(19:49:56) InMafia: Then he left the account and let him lie down for two weeks, after entering which he immediately changes the billing and gets a hard blow from AF.
(19:51:09) InMafia: In addition, he changes the billing in each of the orders, which kills the account completely.
(19:52:06) InMafia: As practice shows, the AF system checks its client most often based on these criteria:
(19:52:17) InMafia: - IP \ billing \ shipping distance between all these parameters.
(19:52:26) InMafia: - Check for virtual machine \ proxy \ vpn
(19:52:55) InMafia: - Checks client behavior client behavior.
(19:53:20) InMafia: - Availability of accounts in social networks to registered mail.
(19:53:32) InMafia: - Checks information about the payment system, be it SS or PP.
(19:53:59) InMafia: - Using its own generated database of fraudulent activities.
(19:54:45) InMafia: Now let's discuss specifically for what actions the AF system can reward us, and for which ones it can punish:
(19:55:02) InMafia: Promotion:
(19:55:51) InMafia: - Long hold on the order page, doubts among several sellers, viewing product descriptions, choosing a color, text for a postcard, correspondence with a seller to clarify details and check reviews.
(19:56:02) InMafia: - Accurate and clean IP.
(19:56:24) InMafia: - Availability of accounts in different social networks
(19:56:48) InMafia: - The uniqueness and similarity of your system to the real CH.
(19:56:55) InMafia: Punishment:
(19:57:21) InMafia: - Quick shopping, text input by copying. In other words, suspicious behavior.
(19:57:53) InMafia: - Change of password, address and other data on the account that may raise doubts among AF.
(19:58:38) InMafia: - Large distance between the bill \ spike and, accordingly, your IP address.
(19:58:46) InMafia: And many other nuances
(19:59:50) InMafia: There are also other working moments. Your order and billing address may coincide with other fraudulent transactions (we are talking about keeping records of fraudulent transactions), that is, those who are delayed with their drops can play a cruel joke with you.
(20:00:42) InMafia: In the same way, the amount that is exposed in the AF system plays a huge role. Let's analyze this moment in more detail.
(20:01:03) InMafia: It works like this:
(20:01:24) InMafia: If, there are> 10 items in the order -> Check the order amount> 1000 $ - send for verification to a specialist
(20:01:37) InMafia: If the product amount is <1000 $ - look at your RiskScore.
(20:02:16) InMafia: That is, in simple terms - the system works not only to check your data, but also to your gluttony.
(20:03:10) InMafia: It is unlikely that the account owner will make frantic purchases of goods that he has not done before, keep this in mind.
(20:03:46) InMafia: I also want to notice something. Let's take a look at other shops, not as large as ebay, amazon, wallmart, etc.
(20:04:41) InMafia: As you already understood, the anti-fraud system is configurable, so in large stores it is sharpened and tightened to the maximum, because scammers love big fish with a proven history.
(20:06:07) InMafia: But besides these shops, there are also other small shops. If we consider an example based on their presence, the antifraud system there may work softer, without automatic verification \\ cancellation, it will simply send to a specialist who decides to skip this order or not
(20:06:53) InMafia: Less problems with drop address, money threshold of your order, etc. You will learn more about this in other lectures.
(20:08:26) InMafia: By the way, in large shops, the system is sharpened to the point that it checks the system requirements of its client during registration and verifies them in case of suspicions.
(20:09:11) InMafia: The list of criteria by which AF will scan your system (it is very large and constantly updated, so it is very difficult to find and calculate a complete list):
(20:09:35) InMafia: 1. The difference between your system's DNS and IP country
(20:09:53) InMafia: 2. Difference between DNS and subnet (not so relevant)
(20:10:15) InMafia: 3. The uniqueness of your system (fingerprint)
(20:10:23) InMafia: 4. System characteristics.
(20:10:58) InMafia: I repeat once again - all our data should be as pure as possible, individual and at the same time look like a real CH.
(20:11:43) InMafia: We try as much as possible to be like an ordinary customer, enter all the text manually, check various goods and thereby warm up cookies.
(20:12:18) InMafia: And many more actions that other lecturers will tell you about.
(20:14:13) InMafia: There are a lot of side facts from all these points. The AF system can see you and identify you as a fraudster for the simplest things, for example: you copy data to enter information, you accidentally switched to the Russian layout and entered some text.
(20:14:54) InMafia: You forgot to delete cookies from the last session, clean the system, and so on - all this can cause the AF to give you a U-turn.
(20:15:27) InMafia: Our task is to get the lowest FraudScore for the system to consider us as KX. This ideally requires:
(20:15:33) InMafia: - System like KX
(20:15:44) InMafia: - Pure IP addresses
(20:16:11) InMafia: - In the middle not far from KH and other standard things.
(20:16:58) InMafia: There are many ways how to correctly bypass all this using antiques, antidetect browsers, they will tell you more in detail in another lecture, but now briefly:
(20:17:10) InMafia: To bypass the AF system you have to be extremely careful and smart.
(20:17:47) InMafia: You can't rush, you need to choose the cleanest socks, not jammed prints and configs for HELL browsers, you can't mess around in trifles such as typing on the Russian layout.
(20:18:21) InMafia: An example is very funny, but quite often people have come across this.
(20:19:28) InMafia: This concludes the lecture, thank you all for your attention. Can you ask questions by sending "?" in the chat. I will answer in turn. While you are waiting, you can leave a review about my lecture on the forum: https://wwh-club.cc/index.php?threads/otzyvy-o-inmafia.183458/
(20:19:56) gangass13: 1) When you adjust to ip kx, do you need to adjust to the state, city, or right under the street? Is it even possible to tune as close as possible to the kx?
2) Do I need to register social accounts by email? networks? Is it tracked that the account is not new?
3) How to find out which system is kx?
(20:21:12) InMafia: 1. As close as possible. The city, of course. preferably a street, and ideally in his house.
2. Someone registers, someone does not. Personally, I regret, because in my opinion the af is not so dry
3. The data is given in the log. If we work with ss, we take the standard system for americos.
(20:21:18) RedHeadCockatoo: The lecture was as clear as possible, several questions arise, and then, rather, to confirm what you read:
1. In the part of the lecture about the list of restrictions, AF had such a factor as the number of users who made payments from the card. What does this mean? Device list? 2. With regards to mail domains: later they will tell you which domains are better to use for a particular CH? 3. Billing address - is it ...? The actual address of the KH (country city)? 4. In fact, the whole anti-fraud check is a kind of captcha, but instead of entering characters for the robot / human check, we should simulate the "online life" of KX as believably and not as quickly as possible? 5. Regarding AF check for virtual / proxy / vpn: that is, AF can detect that we are using a virtual machine? How to avoid this in the future will tell? 6. Based on the amount set in the AF system: AF may not send for a detailed check if the number of goods and their amount is lower than a certain amount set in the system? In other words - do not get impudent, immediately trying to realize as large a sum as possible? 7. Summing up the lecture: it turns out that for each store, by trial and error, it will be possible to choose a specific scenario that will work for some time?
(20:21:31) InMafia: for the future - no red.
(20:24:36) InMafia: 1. List of devices including. The card can be passed around by bad sellers who sell checkmate in several hands. Or KH paid from a heap of devices and each new one is treated more and more rigidly.
2. Yes, they will. But I can tell right away - proton and gmile.
3. Billing is a real address. Which is tied to the card / ba / akku in the shop. Shipping is a delivery address.
4. Roughly speaking - yes
5. In rare cases, it can, solely because you did not configure it correctly.
6. Exactly. As the saying goes, "Greed ruined the frayer"
7. To the point.
(20:25:02) InMafia: Guys, I forgot to warn you - don't miss your question. If it has already been answered, do not ask it again.
(20:25:16) AlexFlex2134: you wrote about checking the presence of social networks on registered mail in the shop, but mostly they do it in guest mode, without registering an account
(20:25:58) InMafia: Not always. It is a frequent practice to regret and warm up an account in a shop or to beat with a purchased one.
(20:26:06) user80: What does it mean - the difference between the owner's name and the delivery address, i.e. a different delivery address from the usual system?
Why does our character change the bill address when registering, why does he change billing so often, different ss on one account?
(20:27:53) InMafia: 1. Yes.
2. It was an example of handshaking. Changing billing is often death for an account. Shipping usually changes.
(20:28:01) OTJlU4HUK: What is PP?
What amount will be considered safe for personal practice in an average shop when you observe everything to the smallest detail?
(20:28:42) InMafia: 1. РР - PayPal
2. Everything is always different, there is no general recipe. On average, up to 300-500 bucks comes easily. But, you are newbies. You need to start with smaller amounts.
(20:28:52) Izolentna: 1) I don't understand the system at all. When we buy ss, what is it given with?
Full infa kh?
2) How can we fully adapt to kx without knowing special information about him? Search the internet for information about this person?
3) How do you understand at what AF level you are? Or does it come with experience?
4) How dangerous is an AF fraud attack? What consequences? (if all safety tips are followed)
5) Billing / shipping, returning to the questions above should we know in advance?
I apologize for the silly questions
(20:32:16) InMafia: 1. name, address, ss itself, mail. You will be told about it.
2. Already answered. This was an example from the log, I will give full info about the PC. If we work with SS, we take an average, clean system. The one you have been told about and will still be told.
3. Predicting AF is difficult, just with experience you begin to understand what and where you can poke and what you can't.
4. The order will simply not work, the account will go to lock. If you're talking about a criminal, nothing. They won't look for you for trying to drive in socks.
5. Bill / spike is written in the account, your drop panel, etc. This is the data on which the account is registered / registered.
(20:32:34) goldenbaum: 1. Is it possible to revive a map after unsuccessful attempts, by creating or buying a Stick and therefore linking a CC to this stick?
2. Is it possible to get rewards by calling the SIP telephony and fooling around on the phone? + is it worth trying to work with! real friends! who can speak English as native? Or is it better to contact the dialers?
3. Small shops on all kinds of Shopify out there today are there ways to bypass anti-fraud?
4. Shop where Stripe is connected can you bypass today? or don't even dunk?
5. Is it possible to use random guys in the USA, whom you tied to yourself through Romance Scam, as drops who will accept and send goods? Was there such an experience?
(20:33:23) goldenbaum: 5. it meant dating scam
(20:35:48) InMafia: 1. No. If the card is dead, the card is dead. You can't resurrect a person)
2. Of course. Only taking into account that the shop itself asked for a ringing. Dialers are real people who know English)
3. There has never been and never will be a detour. AF can be fooled, but there is no way to bypass it completely.
4. Samples are always useful)
5. Such men and can breed you. Use drop services or look for a proven drop guide.
(20:35:56) deadhasan: 1. Where can we beginners learn theremenorlogy? PP beat / spike etc.
(20:36:34) InMafia: 1. You were told about this at the beginning + you were given terms in the main conference on the forum. Read it.
(20:36:43) AK-Baks: Thanks for the lecture already left a review!
Much like a beginner, the terminology is not always clear:
1.Can we conclude that the simpler the shop, the easier it is for nigo AF?
2. What is Clean Sock?
3. Will AF scold if KX does not have sufficient balance on the map?
4. How long should the account be kept ideally?
(20:38:09) InMafia: 1. You can.
2. Clean socks. When setting up the system, most often we take nipples because they are cheaper and easier to connect. Pure sox is a sox without blacks (bans), etc. Check whoer sites.
3. There will be no AF, the site will be) If there is no balance, it will not be possible to place an order)
4. In different ways. I warm up from half an hour to one and a half. Depending on fatigue)
(20:38:29) Yarah: translation:
will you guys show us a live scam session in the future?
thanks
(20:38:42) InMafia: Yes, we will show.
(20:38:58) Koba787:
A thousand apologies in advance for stupid questions;)
1-Matching parameters - how do we know if it matches or not?
2-Authorization - can you learn more about how to work correctly with socks and authorizations?
3-Our trail - maps / logs / videos - I often hear "logs" what are we talking about?
4-Address of KX and drop - first look for a drop and a card for it or look for a drop under KX?)
6-all the work with the shop takes place in one sitting or in several days? The question is, how to use always the same IP - I haven't figured it out here, to be honest? Does this provide purchased soks? or also a vpn server from ded.im?
7-how to fix dns? is it enough to put in a network neighborhood from Google?
8-all the same, fitting under ip kx at the address up to the street is not clear how it is carried out ((sorry
9- in the question above, they answered that when digging the material in the logs, which system is given in kx. I’m stuff for fun, there was a name, number, zip and everything like
(20:43:41) InMafia: 1. As I already wrote - you give everything in the log (if we are about setting up the system). If we work with SS \ n, we take the standard assembly that we have already mentioned.
2. I didn't quite understand the question. How to connect the sock? It depends on which one to use) Most often, the program comes bundled, with the help of it you connect.
3. All information about the computer up to the first password that was created. Average price $ 20
4. A matter of taste. In my opinion, it is more convenient to look for a drop and a map for it. Although, again, there cannot be a card for a drop, and in the same way, there may not be a drop for a card.
6. 80% of shop customers have a dynamic IP address. Ie every turn off and on the computer - it changes. Therefore, it is not so important which IP, the main thing is that it is as close to the KX as possible.
7. These are PC settings, not Google) Basically, it is configured correctly so that it does not leak into the shop.
8. When you buy a sock, you write the ZIP code. Ie the post office of KH. Further, you already look out for the closest one along the street.
9. Data on the PC KX are given, not its system. Ie his monitor, vidyuha, Windows, etc.
(20:43:48) dat_user1: Can I set KX billing address, but shipping drop?
Or do you need to put the same addresses (KX), and on the way use the services of drop services, and they will ring up (they call it a redirect, for interception when the goods have already been sent)?
(20:44:24) InMafia: You can do this and that. But basically everyone changes shipping for a drop and that's it. Root doesn't always work.
(20:44:30) OTJlU4HUK: By the way, an acquaintance of mine lives in the states. Is it risky for him if he is a drop?
(20:44:48) InMafia: Yes, sooner or later they will come to him and believe me - he will merge you)
(20:44:59) gangass13: AF checks newreg mail or not? Do I need to use the real name kx in the mail, or can you come up with anything?
(20:45:45) InMafia: The name is naturally better to use KX. Both in the title and in the full name. AF will not look at the registration date.
(20:47:34) Koba787: 1) When you buy that item 3 is the data from item 9? And this is not about the SS data - right? what about?))
(20:47:46) Koba787: I'm back to answering my questions)
(20:48:52) InMafia: Logs, Logs, etc. - data that was stolen from the victim's PC using a virus. Passwords, cookies, PC data, etc. Everything is stored in the log.
(20:49:10) Temporary: how long do socks live on average?
(20:49:48) InMafia: It depends on what kind of socks, expensive or cheap) Day or two on average, if the quality is good.
(20:49:52) dat_user1: Can I ask you for help when I try to beat myself ??)
(20:50:18) InMafia: No problem. And not only to me, all questions can be left in the chat question / answer on the forum. I and other lecturers will answer and help.
(20:50:24) Yarah: Is the order time also due to anti-fraud? should we order real customer time? because when his night is here his day is there and vice versa
(20:51:25) InMafia: People are different. Someone buys at night, someone during the day. Someone starts the morning with surfing in an online store. But, in general, it is advisable to select the time when KH goes to sleep. So that he does not interrupt our work in any way.
(20:51:31) Koba787: 1 - That is, in addition to working with the SS, where we buy data such as name, number and zip and go to the shop to beat, there is a topic to buy data with logs, where we create the illusion of his pc by logs, what would be more successful after driving?
2 - all work with the shop takes place in one sitting or in several days?
(20:53:05) InMafia: 1. These are offshoots. There is a lot of material for work. For EVERYONE, you need to properly configure the system.
2. In different ways, depending on what we are working with. You can warm up and swing your account for several days to place a large order. Or you can drive it in at 300-500 in an hour. Matter of chance.
(20:53:17) InMafia: That's all, the questions are over. If you still have them or will appear - write a question / answer to the conference on the forum, there I and other lecturers will answer you.
I will also ask you to leave a review about my work, I am pleased - it is not difficult for you: https://wwh-club.cc/index.php?threads/otzyvy-o-inmafia.183458/
Don't forget that we have a private channel with the most up-to-date information and material, please contact our support team @ouhom2 to enter