Introduction to Carding: Unauthorized Transactions and Geolocation Analysis

[Student]

Carding is a type of cybercrime involving the illegal acquisition, trading, or use of credit card information without the owner's permission. This includes information theft through phishing, skimming (installing devices on ATMs), database hacking, keylogging (intercepting keystrokes), SQL injection, shoulder surfing, formjacking (injecting malicious code into payment forms), and the creation of fake apps or websites. Fraudsters then test cards using bots for small transactions (card testing), make purchases of high-value items or gift cards, and disguise their activity using proxies, VPNs, and distributed bot networks. This results in financial losses for banks, merchants, and consumers, and also facilitates identity theft.

Unauthorized transactions are those carried out without the cardholder's consent, often in an online environment (card-not-present, or CNP). They constitute a significant portion of fraud, especially with the growth of e-commerce. Geolocation analysis helps identify such transactions by analyzing the geographic location of the device they're made from and comparing it with expected user behavior. This anti-fraud system tool operates in real time, preventing damage.

What is geolocation analysis?​

Geolocation analysis is a technology that determines a device's geographic location based on its network data. It uses databases to match IP addresses with coordinates such as country, state, city, postal code, latitude, and longitude. Connection type (e.g., DSL, mobile) and service provider (ISP) are also taken into account. Accuracy is high at the country level (95–99%), but decreases at the city level (50–75%). This is not pure GPS, but rather network analysis that is integrated into fraud detection systems at banks, payment processors (e.g., Visa, Stripe), and merchants.

In the context of carding, geolocation helps distinguish legitimate transactions from fraudulent ones, focusing on anomalies such as sudden location changes or use from high-risk regions.

Principles of Geolocation Analysis in Fraud Detection​

The basic principle is to compare the current transaction location with the user's historical profile. Systems collect data in real time and apply rules or algorithms to assess risk.

• Data collection: When a transaction occurs, the IP address is recorded and queried in databases (e.g., MaxMind, GeoComply). This provides geodata, including the ASN (autonomous system number), indicating the network type.
• Discrepancy Analysis: If the location does not match the billing address, shipping address, or history (e.g., a US card is used in Russia), the transaction is flagged.
• Reputation analysis: The IP address is checked for connections to known fraudulent networks, proxies, or VPNs. If the IP address is "bad" (associated with previous fraud), the transaction is blocked.
• Geo-blocking: Transactions from countries with high fraud rates (such as certain regions of Africa or Eastern Europe) are automatically rejected if the merchant does not service them.

The process is automated and occurs in milliseconds, minimizing delays for users.

Geolocation data sources​

Data comes from multiple sources, providing multi-level accuracy:

• IP address: The primary source provided by the ISP. Databases such as WHOIS match IP addresses to locations.
• Wi-Fi and mobile networks: For mobile devices, data from Wi-Fi hotspots or cell towers.
• GPS and device: In apps (like banking apps), GPS confirms position, as in the Visa system since 2015, where the phone's location is compared with the transaction.
• Crowdsourcing and historical data: Databases are updated based on user data and fraud reports.
• Additional: ASN, Domains: Help identify the type of network or connections between domains to detect fraudulent networks.

Paid databases offer higher accuracy than free ones.

Integration with other technologies​

Geolocation is rarely used in isolation; it is part of a multi-layered system:

• Machine learning (ML) and AI: ML analyzes geodata along with behavior patterns to predict fraud. For example, in Stripe Radar, AI models assess risk based on location and history.
• Other tools: AVS (address verification), CVV, tokenization (replacing data with tokens), encryption, device fingerprinting (identification by device characteristics), behavioral analysis and multi-factor authentication (MFA).
• Protocols: Integration with 3-D Secure 2.0, where geolocation is one of the factors for dynamic risk scoring.
• Real-time monitoring: Systems like Sift or DataVisor combine geo with velocity checks (transaction frequency) and limits.

This reduces false positives and increases efficiency to 80–90%.

Examples of detecting unauthorized transactions in carding​

• Location Mismatch: A New York card is used to make a purchase in Nigeria – the system blocks and requires MFA.
• VPN/Proxy Use: VPN transaction from a high-risk country is flagged by IP reputation.
• Card testing: A series of small payments from different locations in a short period of time indicates bots.
• Abnormal network type: Purchasing corporate equipment with home DSL is suspicious.
• Travel: If the user has notified the bank about a trip, the geolocation is adapted; otherwise, a flag is displayed.

Benefits of Geolocation Analysis​

• Fast response: Blocks fraud in real time, reducing losses.
• Improved Profiling: Creates accurate user profiles while minimizing false bounces.
• Risk Mitigation: Geo-blocking restricts access from risky regions.
• Integration: Increases the overall accuracy of anti-fraud systems.

Restrictions and how scammers circumvent them​

• Limitations: Low micro-level accuracy, false positives (e.g., when traveling), privacy risks.
• Bypass: Scammers use VPNs, proxies, GPS spoofing, emulators, and app tampering. They also purchase "clean" IP addresses or use bots to simulate normal behavior.

To overcome this, banks recommend travel notifications and a combination with biometrics.

Conclusion​

Geolocation analysis is a powerful educational example of how location data is integrated into cybersecurity to protect against carding. It demonstrates the balance between technology, risk, and ethics. For businesses, it's crucial to implement multilayered strategies, while for users, it's crucial to monitor transactions and use MFA. With the development of AI, this technology will become even more effective, but it will always evolve alongside fraudsters' methods.