Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Today we will consider the fraud detector Forter. What parameters does it pay attention to, how to adjust? Where on which shops is it installed? etc.
Here is an example of a shop. The Wapalayzer extension shows us that there are 3 protections at once. But you shouldn't be convinced that this is really so. We haven't looked at the code itself through the f12 sniffer or the hhtp tracker or fidler software yet.
Makes schedules - which delivery services you use.
Here the user hid his identity. Manipulated his IP address so that it matched the CC (stolen, bought in the CC shop) and changed the geo so that it was close to the address of the CC holder. That is, the nearest socks under the CC zip. There is also a connection here that this IP has already appeared on the network (fraud detector Forter) But there is also one solution - calling the shop.
You can hire a caller after the order, so to speak, for confirmation. And then the SAPs in the shop will be able to make a note - that is, put the order manually.
They check the IP - check the IP for cleanliness.
Mail - there are of course hidden markers also, what social networks the email is registered to where it is not.
Billing location. Of course shipping = billing
But the device - the IP of another city - this is immediately exposed. It is better to take the IP directly in the same ZIP.
AVS - it is here. It passed through AVS.
The fraud detector itself works in real time. Machine learning changes to different parameters every time.
These are transaction details - but here, as in riskfield, there is a connection between transactions, if this person has already appeared somewhere in the Forter network - then your order will be cancelled. And it works across the entire network where Forter is.
The red dots are rejected transactions that were already in their network.
Here are the communication parameters.
Name, device, billing, shipping, behavioral factors, IP, etc. - everything is taken into account.
There is a hidden parameter - a mail reputation check.
That is, to bypass this detector we need:
High rep mail, clean IP exactly under ZIP CC. It is also better to specify phone numbers CH (you can take old ones from BG).
Behavior in the shop, in the browser.
Device (some antidetects are more likely to be detected, you need to try).
I met in shops where there are merchants Cashstar, giftcards, wgiftcard, gap and other complex merchants, and also saw in intranets (simple shops).
That's all! I analyzed briefly.
Here is an example of a shop. The Wapalayzer extension shows us that there are 3 protections at once. But you shouldn't be convinced that this is really so. We haven't looked at the code itself through the f12 sniffer or the hhtp tracker or fidler software yet.
- Forter - we'll analyze it below. PremeterX - I won't consider it, if you're interested in what it is, you can analyze it yourself.
- Onetrust - Here the protection is based on cookies, you are identified with other sites, etc.
Makes schedules - which delivery services you use.
Here the user hid his identity. Manipulated his IP address so that it matched the CC (stolen, bought in the CC shop) and changed the geo so that it was close to the address of the CC holder. That is, the nearest socks under the CC zip. There is also a connection here that this IP has already appeared on the network (fraud detector Forter) But there is also one solution - calling the shop.
You can hire a caller after the order, so to speak, for confirmation. And then the SAPs in the shop will be able to make a note - that is, put the order manually.
They check the IP - check the IP for cleanliness.
Mail - there are of course hidden markers also, what social networks the email is registered to where it is not.
Billing location. Of course shipping = billing
But the device - the IP of another city - this is immediately exposed. It is better to take the IP directly in the same ZIP.
AVS - it is here. It passed through AVS.
The fraud detector itself works in real time. Machine learning changes to different parameters every time.
These are transaction details - but here, as in riskfield, there is a connection between transactions, if this person has already appeared somewhere in the Forter network - then your order will be cancelled. And it works across the entire network where Forter is.
The red dots are rejected transactions that were already in their network.
Here are the communication parameters.
Name, device, billing, shipping, behavioral factors, IP, etc. - everything is taken into account.
There is a hidden parameter - a mail reputation check.
That is, to bypass this detector we need:
High rep mail, clean IP exactly under ZIP CC. It is also better to specify phone numbers CH (you can take old ones from BG).
Behavior in the shop, in the browser.
Device (some antidetects are more likely to be detected, you need to try).
I met in shops where there are merchants Cashstar, giftcards, wgiftcard, gap and other complex merchants, and also saw in intranets (simple shops).
That's all! I analyzed briefly.
