Interesting Credit Card transactions, are you seeing similar?
In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity.
When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently we've started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction goes through the card number and CVC (if needed) or other details are correct.
Recently however I've been seeing more interesting transactions. The transactions start with a high value and step down until the transaction is accepted. ie. we start with a charge of 10K, the next transaction 9K , 8K ......3K, $1000, $900, $800, ....$100. The process is automated so if the limit on the card is high enough multiple transactions are sometimes accepted. Again these transactions are easily identified, however the motive eludes me. We looked at a number of possibilities:
- identify the upper limit on the card. - The process however results in the card being maxed out. The issuing bank or card brand blocks the card. The number now no longer has any value. You know the upper limit, but can no longer use the card.
- purchases for resale - This was the obvious one, but in the cases I worked on, none actually deliver physical product to the purchaser.
- Refunds? - Another scenario we looked at is that after the transactions are done the organisation is called by the fake cardholder and a refund is requested. Because their bank has blocked the card they'd like to be refunded to a different card or some other payment mechanism. Looking at refunds and refund requests through customer service avenues allowed us to discard this scenario in the cases we worked on.
- Credit Card DOS - A third scenario was a DOS on cards, max out the card and as many as possible and irritate either the bank or the card brand, or the proper cardholders. The volumes however would be annoying for the merchant and issuing bank, but were certainly not on epic scales. Unless of course we were only seeing one small part of a much larger distributed effort.
So what I'm asking those of you that deal with credit card payments is this. Have you seen similar behaviour in your payment systems? Multiple transactions on the same card, starting with a big value, stepping down in increments to lower values until the transaction is accepted and in some cases beyond. Those of you that deal with donation sites or online delivery (i.e. no physical product) are more likely to see these.
If you have other ideas on what the point of these transactions is by all means share, either as a comment or through the contact form.
Regards
Mark H (markh.isc at gmail.com)
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago