To gain a deeper understanding of how geolocation helps combat carding (fraud using stolen bank card data), let's examine this process in an educational context, including mechanisms, examples, technical aspects, limitations, and fraudster strategies. I'll also explain how card and device location comparisons integrate into anti-fraud systems and provide recommendations for improving protection.
What is carding?
Carding is a type of fraud in which criminals use stolen bank card information (card number, CVV code, cardholder name, expiration date) to conduct unauthorized transactions. This information can be obtained through phishing, skimming, data leaks, or purchases on dark web forums. The carder's goal is to either purchase goods or services or cash out while minimizing the risk of detection.The Role of Geolocation in the Fight Against Carding
Geolocation is the process of determining the location of a device, user, or transaction point based on various data sources. In the context of carding, geolocation helps identify anomalies that indicate fraudulent activity by comparing the location of the card (where it is used) and the device (where the transaction is initiated). Let's take a closer look:1. How is geolocation data collected?
Geolocation data is collected from multiple sources, allowing banks and payment systems to create an accurate picture of your location:- For the card (transaction point):
- POS terminals: In physical stores, terminals transmit location information (country, city, store address).
- ATMs: Shows the exact location of the ATM, including coordinates.
- Online transactions: Location is determined by merchant data (for example, the country of registration of the online store) or by delivery geography (if an address is specified).
- For device:
- IP address: When conducting online transactions, the IP address of a device (computer, smartphone) indicates its geographic location. For example, an IP address from the United States or Russia can be mapped to a specific region.
- GPS data: If a transaction is made through a mobile app, GPS can pinpoint the device's location (provided the user has allowed access).
- Wi-Fi and Cellular Networks: Signals from Wi-Fi networks or cell towers can also be used to estimate location.
- Browser data: Modern browsers can transmit time zone or language information, which indirectly indicates the region.
2. How does geolocation detect carding?
Comparing the map and device locations helps identify discrepancies that may indicate fraud. Here are the main scenarios:- Geographic mismatch:
- If a card is used at a physical store in Moscow, but the owner's device (via GPS or IP) is located in New York, this raises suspicions. A legitimate user cannot physically be in two places at once.
- Example: A carder purchases electronics from an online store in the US using stolen card details from Russia, but the device's IP address points to China.
- Impossible movements:
- If transactions occur in different countries with a small time difference (for example, a purchase in London and an hour later in Singapore), this signals potential carding, as physical movement over such distances in a short period of time is unlikely.
- Example: A card was used at an ATM in Kyiv at 10:00, and at 10:30 an online purchase is made from an IP in Brazil.
- Behavioral anomalies:
- Anti-fraud systems build a user profile, including typical shopping locations (e.g., region of residence). If a transaction occurs in an unusual location, this increases the risk score.
- Example: A cardholder usually shops at local supermarkets in St. Petersburg, but suddenly makes a purchase at an online store in Indonesia.
3. Technical mechanisms for using geolocation
Geolocation is integrated into the anti-fraud systems of banks, payment systems (Visa, Mastercard, PayPal), and merchants. Here's how it's implemented:- Real-time monitoring systems:
- Banks and processing centers use software that analyzes geolocation data at the time of transaction authorization. For example, systems from FICO, SAS, and ThreatMetrix compare card and device location data with other factors (transaction amount, merchant type, transaction history).
- If the risk is high, the transaction is rejected or sent for manual review.
- Machine learning and scoring:
- Machine learning algorithms analyze thousands of parameters, including geolocation, to create a "risk score." For example, if a device's IP address is associated with known fraudulent networks (such as Tor or VPN), the risk increases.
- Example: A carder uses a VPN to mask their IP, but the anti-fraud system notices a discrepancy between the device's time zone and the transaction's geography.
- 3D-Secure and additional verification:
- If geolocation raises suspicions, the bank may request additional authentication via 3D-Secure (Verified by Visa, Mastercard SecureCode), for example, a one-time code sent to the cardholder's phone.
- Example: Purchasing from an online store with an IP in another country activates 3D-Secure, making it difficult for a carder to complete the transaction without access to the owner's phone.
- Geo-filters:
- Some banks allow customers to set geographic restrictions on card use (for example, to restrict transactions to a specific country). This is especially useful for users who rarely travel.
4. Practical examples
Let's look at a few scenarios to illustrate how geolocation can help combat carding:- Scenario 1: Online Purchase:
- A carder uses stolen card details to make a purchase at an online store. The device's IP address points to Nigeria, but the card is registered in Germany. The store's anti-fraud system notices the discrepancy and rejects the transaction, requiring additional verification.
- A real user traveling abroad can confirm the transaction via SMS or the bank's app.
- Scenario 2: Physical Transaction:
- A carder uses a counterfeit card at an ATM in Thailand, but the cardholder's smartphone (via GPS) is located in Moscow. The bank blocks the transaction and sends a notification to the cardholder.
- Scenario 3: Mass Carding:
- Carders conduct mass testing of stolen cards for small amounts in different countries. The anti-fraud system detects anomalies (for example, multiple transactions from the same IP address in different regions) and blocks suspicious transactions.
5. How do carders try to bypass geolocation?
Fraudsters understand the importance of geolocation and use various methods to bypass anti-fraud systems:- Using VPN and proxy:
- Carders connect via a VPN or proxy to spoof an IP address corresponding to the card's country. For example, a carder in India might use a VPN with an IP address in the US to simulate a legitimate transaction.
- Countermeasure: Anti-fraud systems identify popular VPN services or anonymity networks (such as Tor) and assign them a high risk rating. Other parameters, such as browser language or time zone, which may not match the IP address, are also analyzed.
- Hacked devices:
- Carders may use compromised devices in the same country as the card to make the geolocation appear legitimate.
- Countermeasure: Analyzing behavioral factors (such as unusual transaction times or purchase types) helps identify anomalies.
- Social engineering:
- Carders may contact victims, posing as a bank, and convince them to confirm a transaction or disable geo-filters.
- Countermeasure: User education and two-factor authentication reduce the risk.
- Small Amount Testing:
- Carders make small transactions in the same country to test the card before using it for larger purchases.
- Countermeasure: Monitoring systems track such patterns and block cards after several suspicious transactions.
6. Geolocation restrictions
Despite its effectiveness, geolocation has limitations that are important to consider:- False positives:
- Travelers may experience transaction blocks due to location changes. For example, a purchase made at an airport in another country may be flagged as suspicious.
- Solution: Banks recommend notifying about trips in advance or using a mobile app for quick confirmation.
- Data inaccuracy:
- IP geolocation can be inaccurate, especially on mobile networks or when using satellite internet. For example, the IP may point to the provider's central server rather than the user's actual location.
- Solution: Combining IP data with GPS or Wi-Fi signals improves accuracy.
- Using local intermediaries:
- Carders may hire "drops" (middlemen) in the victim's country to conduct transactions, making geolocation less effective.
- Solution: Analyzing other factors, such as merchant type or transaction history, can help identify fraud.
- Lack of geolocation:
- In some cases, geolocation data may not be available (for example, when GPS is disabled or when using anonymized networks).
- Solution: Anti-fraud systems use additional signals such as biometrics or text input patterns.
7. Recommendations for improving efficiency
There are several ways for banks, merchants, and users to enhance security using geolocation:- For banks and payment systems:
- Integrate geolocation with other data (behavioral factors, biometrics, transaction history) to create more accurate risk models.
- Use adaptive authentication: only require 3D-Secure for high-risk transactions to avoid annoying legitimate users.
- Developing algorithms to recognize VPN, Tor, and other anonymizing tools.
- For merchants:
- Checking the geolocation of the client's IP address and comparing it with the delivery address or the map country.
- Using anti-fraud services (e.g. Signifyd, Riskified) that include geolocation in their analysis.
- For users:
- Enable real-time transaction notifications via SMS or your bank app.
- Notify your bank about trips abroad to avoid false blocking.
- Using two-factor authentication and strong passwords to protect your accounts.