Have you ever had your credit card used for fraudulent transactions? What is your first reaction when it comes to fraudulent transactions? Huge profits? Side business? A million-dollar monthly income is a paradise for those who make it.
Every time Xiaobai mentions a fraudulent card, it is always full of mystery and huge wealth, tempting you to go there and take a look. But is it really like this?
Hello everyone, today we will give you a comprehensive introduction to CVV fraud and how to prevent credit card fraud.
First of all, in the credit card fraud industry, they call it credit card fraud also known as CVV fraud.
What is CVV? CVV is the three-digit security code on the back of your credit card.
Why is it called CVV fraud? Because overseas credit card consumption is different from domestic credit card consumption.
Domestic credit card payments generally require a payment password and SMS verification code, and large payments also require special confirmation from the bank.
Credit card consumption abroad is different. Foreign bank cards generally enable security code payment by default, that is, CVV payment, which means that you can pay directly by using the credit card number, credit card name and credit card date, plus the three-digit security code on the back. There is no need to confirm the SMS verification code and payment password twice like in China, because this allows payment, which gives room for fraud.
Usually, the stolen credit card information is called "materials" in China, and they are divided into several categories:
The first is to obtain track material of credit card information through illegal transfer POS machines.
The second is to steal payment data from shopping websites or other trading websites through accounts or crawlers, which is called library data.
The third is fish food obtained through phishing links or direct telephone scams.
Obtaining credit card information is the first step in their fraudulent transactions, and cashing out the credit card is the more critical step.
The track material we mentioned earlier requires a modified POS machine for consumption because it is used to steal credit card information.
Because the applications and account opening merchants of POS machines can be queried, and with the upgrade and replacement of international payment systems and the gradual improvement of credit cards, the magnetic stripe for card payment is basically impossible to be copied, so the track material has almost disappeared from our sight.
Now they have three mainstream cash-out methods:
The first one is cashing out through POS machine.
The second is cashing out on shopping websites.
The third is cash withdrawal through the cash channel.
First, let’s talk about cashing out through POS machines. The first method of cashing out through POS machines is to bind a mobile wallet for payment.
They obtain credit card information through online phishing links and bind some Apple wallets, Samsung wallets or Google wallets.
Many people say that now you need 3DS security authentication or other security authentication to bind your wallet to payment. How do they bind it? As long as you click on the scammer's phishing link and enter the information as required by the scammer, your information data will be collected immediately and automatically bound to your wallet.
Because some wallets have different binding verifications, they will register through software or crawlers, and there will always be a wallet that can be bound. Once the wallet is successfully bound, they usually do not consume during the day because it is easy to be discovered. They consume in the early morning, and they only need to use the NFC payment function of the POS machine to swipe the money in your card.
The second type of POS cash withdrawal is through the manual payment function on the POS machine, which is also commonly known as the manual input machine in China. This is a function called emergency payment added to specific industries or specific merchants to prevent cardholders from making normal purchases without a card.
It should be noted that not all foreign POS machines have this function. This function is only open to specific industries or specific merchants. Not all industries or merchants have this function. If the fraudster holds such a POS machine, he can directly enter the card number, date, name and CVC security code to make direct POS machine purchases. Because such POS machines have low risk control and fast settlement time, they are very popular among fraudsters.
Also because this kind of machine is needed in large quantities for credit card fraud and this kind of machine is relatively rare, an industrial chain of selling fake machines has gradually formed in China. Because there is less information about this kind of machine in China and there are many novices who want to make a fortune in the credit card fraud industry, there are opportunities for scammers.
Let me just chat here. All the mobile phone machines in China are fake. Why do I say that? Because China UnionPay cancelled the manual payment function of its direct-affiliated POS machines in 2016. So, if the application and settlement were cancelled as early as 2016, why are there a large number of these inside-out POS machines in 2022?
This is obviously a clear deception. Why do so many newbies fall for such a low-level scam?
Isn't that just taking advantage of the newbies' desire to get a bargain and know relevant information? As long as the scammers package the fake POS machines as machines through domestic short video platforms or Tieba forums, with unlimited consumption when bills are received in seconds, support face-to-face payments and low prices, and then steal a few foreign POS payment videos and post them on the short video platform, they can attract countless newbies.
Anyone with a little financial knowledge would know that if they want to use foreign cards for instant settlement, it would be impossible unless they buy Visa, the largest international card issuer. Moreover, banks and POS institutions will proactively limit the single transaction amount of POS machines in order to reduce transaction risks. If the amount is not limited, it will definitely be exploited by those with ulterior motives for malicious tax evasion and money laundering.
These scammers who sell machines simply take advantage of newbies' lack of knowledge of basic information and their desire to get a bargain.
Because the real machines often cost more than 50,000 or 60,000 yuan or even more than 100,000 yuan, and novices don’t have that much start-up capital.
The scammers' machines usually only require a few thousand or ten or twenty thousand yuan, and newbies can often raise the funds by gritting their teeth or taking out a loan, so the scammers take advantage of these people's weaknesses.
The second cash-out model is to cash out through shopping websites. This is the most commonly used method, which is to purchase physical goods through overseas shopping platforms for resale or purchasing on behalf of others for cash-out.
Of course, shopping platforms are not fools, and the stolen credit card funds must be recovered. If the goods are still shipped by others, then the cost is huge.
In order to prevent such situations from happening, online payment has added a series of security verifications. Online security verification generally compares the commonly used payment IP browser fingerprint recognition, payment environment recognition and random 3DS verification.
But obviously, the devil is always stronger than the good, and soon these people found a way. The bank card consumption record will record the IP address. Then they collect the cardholder's IP through phishing or database collision, and then find the regional IP with the same IP address to act as a proxy. Fingerprint browser is very simple for them, and it can be solved by using a fingerprint browser. They also have methods for payment environment, usually using VPS or virtual machines. The least knowledgeable ones will also buy a computer virtual machine on Taobao to use.
As long as the website ships the goods to him normally, he will find a purchasing agent, ask for a delivery address, and let the purchasing agent help them receive the goods, consign them, send them back to the country, or resell them.
What about the last cash channel model? It is the same as the shopping platform, except that the shopping platform becomes a partner and there is no delivery process. I will not explain it in detail here.
Finally, let's talk about how to prevent your credit card from being stolen. First, do not swipe your card or fill in your information on unknown websites. Second, when traveling or going abroad, scratch off the last three digits of your credit card security code and do not fill in random links. This will prevent 99% of credit card fraud.
Well, that’s all for this issue. If this article is helpful to you, please support us by clicking three times. We will continue to update and expose the scams in the future.