How hackers rob banks
Remember those epic robbery movies? Where tough guys come up with an ingenious plan, change their looks more often than models in shows, use incredible (unrealizable) psychological tricks and risk their skin in pursuit of profit. I think you remember. It’s hard to imagine such robbers these days. Major economic crimes take place in the digital field. Today the robber is not a psychology genius or a builder who knows where to start digging. Today, a robber is a hacker who knows all the intricacies of the banking sector.
Carding
One of the most common types of “technological” fraud is bank card fraud. It is not surprising, because today almost everyone pays with cards everywhere. But are such payments safe?
There are many different types of attacks that payment systems and banks have to deal with on a daily basis:
Payments without 3-D Secure
Most cases of fraud are related to online payments using the card-not-present scheme (the transaction requires only data written on the card and easily obtained on shadow markets). To combat such schemes, 3-D Secure was invented – an additional authorization scheme that uses three domain entities: the domain of the online store, the domain of the payment system and the domain of the acquiring bank. However, some large stores such as Amazon are not ready to work with 3-D Secure, which is good news for scammers.
Magnetic stripe cloning
Despite the fact that modern cards are equipped with a chip, magnetic stripe cloning is the second most popular type of fraud. The fact is that in many US stores, when paying with a smart card, you can conduct a transaction using a magnetic stripe. And if the terminal refuses to accept the magnetic stripe, there is a technical fallback scheme that works across America (both North and South) and Europe. Just insert a card with a non-existent chip into the terminal / ATM, and after three unsuccessful attempts, the terminal will offer to carry out the operation using the magnetic stripe. In Russia, terminals must not accept a magnetic stripe for payment if the card is equipped with a chip. However, in some stores you can find terminals that accept operations for technical fallback. And besides, no one prohibits cybercriminals from transferring data to Europe / America for further monetization.