In this lecture we will look at the concept of antifraud, everyone has heard of it, but not many understand what it is and how to work with it.
Why, with seemingly the same parameters, some are able to place an order and others cannot, why, with an identical sequence of your actions, with clean IPs, we get a lock of our accounts.
Why can’t we pay for some service even with a blank card, with our own money?
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
We see a bunch of parameters that can be sorted by fraud points or importance for the system
We see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect.
(c) CheapTravels
Why, with seemingly the same parameters, some are able to place an order and others cannot, why, with an identical sequence of your actions, with clean IPs, we get a lock of our accounts.
Why can’t we pay for some service even with a blank card, with our own money?
All this happens due to a lack of understanding of how the payment system works, how Antifraud works, what happens when you enter a card in a shop, because there is no understanding of the picture as a whole, it seems simple, but those methods that worked 2 years ago - they don’t work at all now, everyone has heard the concept of a shop tightening the nuts and stopping giving, but what does it mean to tighten the nuts?
There are also guys who seem to work successfully without delving into anti-fraud systems, and I think there are such people too, but you need to dig a little deeper - what kind of stores do they operate? What kind of goods are in these stores? And it will become clear that these are small shops that did not have time to connect a decent anti-fraud system, or these are shops in small countries, for example, India. Of course, such schemes can work, but they die very, very quickly, connecting to new anti-fraud systems or training the system using machine learning.
Let's skip all the stages of searching for shops, registering in them, this is all part of the process, let's look at the payment stage.
When entering the card number on the payment page, our payment does not go directly to the bank, but goes to a third-party service - Antifraud service, which analyzes all the information that you provided about yourself, and this is not only those the data that you entered manually, such as address, telephone, mail, card and everything else, the system also evaluates you according to those parameters that are not obvious but are unique for each user in the store.
If at this stage the anti-fraud does not have questions for us, or there are, but we have not scored enough fraud points to immediately ban us, our payment goes to the next stage of verification - this is an anti-fraud of the visa system itself , mastercard and others, at this stage we may be asked for a 3DS, this is not a mandatory stage, but it exists and that’s why we are considering it.
Only after these checks does our payment reach the bank, where the bank, based on the results of checking the antifraud systems, sees that we are all white and fluffy and debits the money from our account, and the payment goes to the store.
Everyone is happy - the shop gets money, someone gets a product or service, but what happens behind the scenes of these checks? What do antifraud systems look at?
There are 2 types of anti-fraud systems, open - these are those where we can see what is being checked and closed - in which we will never know exactly what is being analyzed, we will look at the open infrastructure anti-fraud system, look at those parameters which can be analyzed by fraud
There are about 170 such main parameters and this is at the moment, before there were fewer, later there will be more
There is an antifraud system SEON (seon.io) this is a powerful antifraud system that works with large companies Forex Club, Air France, After Pay, PokerStar, Home Credit and hundreds of others, these are those who agreed place your logo on the home page, most do not do this for security reasons.
But even with those that are on the main page, it is clear that these are very large companies.
This service allows you to look inside this system and do it for free, I think that
this opportunity may be closed in the near future.
Since you are registering in the antifraud system, do not forget that you and your registration will also be analyzed, and you will not be able to register with the wrong email or even with a dirty Google account, do it on clean mail.
After registration, we see this powerful tool from the inside, and what to see and what is important for this system - go to the Scoring Engine tab and then in the default rules this will be enough to understand.
We see a bunch of parameters that can be sorted by fraud points or importance for the system
We see what is important and also what category this parameter belongs to.
The first parameter that can kill all pure thoughts and undertakings is if you use Tor to visit the site, you will receive an instant ban, even if you have super trust mail, a clean system and other parameters - immediately by
The second most important parameter concerns your mail - the use of disposable mail will also negate all your further efforts.
The third important parameter and immediately a big jump in points, there are only 20 of them - this is the use of a proxy - if you get caught doing this, then you get 20 points - not critical - but they will
The fourth parameter is your mail, whether you use normal mail or just typed letters, added a dog with the left domain and .com, here you will also get 20 points
ID RULE NAME | SCORE CATEGORY
P103 Customer is using TOR |95 IP Rules
E100 Domain is disposable |80 Email Rules
P105 Customer is using a Web proxy |20 IP Rules
E120 Domain is not registered |20 Email Rules
HC117 Suspicious browser profile - Bots and automation |12 Other Rules
PH105 Phone is disposable |10 Phone Rules
P112 Customer is using public proxy |10 IP Rules
HC107 Customer is from Nordic country and using VPN |10 Other Rules
P106 Customer is using a datacenter ISP |10 IP Rules
E102 Domain is custom and was registered less than 1 month ago. No online profiles were found. It was not involved in a data breach |10 Email Rules
E114 Domain is a free provider. No online profiles were found. It was not involved in a data breach |10 Email Rules
HC125 Suspicious browser profile - Spoofing |8 Other Rules
HC124 Browser version age is greater or equal to 5 years |8 Other Rules
PH103 Phone is not possible |8 Phone Rules
The remaining parameters are less important, and the average parameters for the successful passage of this system are about 50 points, if you don’t mess up hard, then everything will be ok.
But these are all default parameters, just what is there, but what will not be used in this form by default.
And what can the anti-fraud system find out about us if desired, what parameters are available for analysis? This question will be answered by the Custom Rules tab, where you can see all possible parameters
We create a new rule for evaluation and see that only this system can see about 470 parameters about us, each of which can be configured and each of which can be assigned its own value of fraud points
Once again - 470 parameters that the system sees about you.
Most, of course, will not be analyzed by the default antifraud, but if necessary, the rules will be configured so that they can see what they need in each specific case.
In order not to clutter up the lecture, I will post all the parameters for analysis in the form of a link to the private one, you can take a look.
Let's go over the main ones
+ Mail - registered social networks Facebook LinkedIn GitHub Vimeo Flickr Foursquare LastFM Myspace Pinterest Skype Yahoo Twitter Apple Yahoo Ebay Gravatar Airbnb and dozens of others, including Odnoklassniki and VKontakte - you can check not only whether your account is registered or not , but also filled in fields - last name, first name, biography and the rest. This parameter is one of the most important, since there are no living people who do not have this, which means that either this is a newly created account of a living person or it was created for some purpose - but in any case, this is out of the ordinary
+ Phone number - Skype Viber Whatsapp + the same social networks as when analyzing mail, plus the validity of the phone, operator, country, etc.
Please note these are the most important parameters that are currently used in most antifraud systems.
And when you use Google Voice, you should immediately understand that it’s all visible, and you’ve already collected extra fraud points
Google Voice, purchased somewhere in a bot, will not have registrations in social networks, will not have Viber and WhatsApp and other services. I've met Google Voice accounts that had some kind of registration, but these are just a few, usually they are 100% clean
I also draw attention to fake numbers when you indicate false numbers or, even worse, fictitious ones. You must understand that the numbers in a phone number are just the tip of the iceberg, which contains tons of information.
The phone verification system works on the Get Contact principle, it can check how the owner is recorded in the phone books of people with the account name
+ IP – cleanliness, blacklists, proxies, open ports, DNS and everything else related to your IP. This is the third important parameter that you need to work with; using a clean IP is +20% to your success.
People with experience remember the time when the cleanliness of the IP was assessed by the ability to register mail on Google without a phone number, I don’t know if it works now or not, but now you understand that clean, new mail is a bright spot about you in any anti-fraud system, but a clean IP is always good)
Also, this SEO system has machine learning, which will draw conclusions based on the history of work, even if something is not configured for it initially.
How it works.
You find a shop that allowed you to place an order for a good amount, you are glad, you made your first profit by selling this staff cheaply, received a coin, and for the sake of a nice word you told about this shop and bin in to your small group in TG. Hungry classmates are sitting in this group, and having heard that there is a shop, that there is a passing bin, they begin to crowd into it the same bin, of which there are a lot in shops - no one had used it before - but then - things started to happen, you have to beat
And there are such attempts to drive in, and this is nothing more than shopping in a store - instead of the usual 2 purchases per hour - 40 pass, and everything seems to be ok - clean sox, good mail - that's all as it should - and even the warrant was hanged - and then bang
And the order was canceled 12 hours later.
And what happened - after all, everything is clean - you can’t find fault. Yes, from the purity side there are no questions, but for the antifraud this is an anomaly - and the system signaled to the store owner that something was wrong. The owner came in the morning and canceled all orders that seemed suspicious to the system.
You, having received the respect of your classmates for adjusting the giving scheme, the next day decide to make another pack, acting according to the “working scheme” you discover an instant Decline, since the system has learned, the owner adjusted it and the shop is bigger does not work according to this scheme. But what it doesn’t give is only to you, and ordinary customers to continue shopping there.
Let's return to our anti-fraud system.
Fill out the data that you have, mail, IP, and everything else, you don’t need to fill out all the fields - you simply won’t have some of the information - fill in what you have and get the output whether your drive will be successful or not is of course not a 100% guarantee, but having mastered this tool you will understand how your assessment system works and with the right skills - by adapting to them you can bypass any anti-fraud system.
I draw your attention to the example of one anti-fraud system SEON - it is large, works with many services and shops, and if you have an identity (mail, phone, system, IP) that was exposed in one of of these services, then you can guess that with the same introductory information, you will get a turnaround in any other service or shop that is served by the current antifraud system.
This is something that concerns exactly one system. But the parameters for assessing personality are very similar from one system to another. If your mail does not have registrations and is shown as a new region, it will be like this in all antifraud systems, even though the systems have different databases, and the dossier on your identity will be in one system; when you enter it into a shop, it is serviced in another antifraud system, it will pull up almost all the parameters and data that is stored on your personality in SEO.
AF systems are growing and developing, and in order to be successful in our field, we must constantly monitor these changes and adapt to them.
That's all for everything you need to know for Antifraud systems. Practice is what makes everyone perfect.
(c) CheapTravels
Last edited:
