Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,199
- Points
- 113
Anti - against. Fraud - deception.
What does PayPal Antifraud fight against? If we take the side of carders, then money laundering. Money laundering is money laundering. If the direction of the scam, then scam or deception.
I will not write here about how you can launder money in PayPal, it will take a lot of time and I will hardly describe all the methods. There are quite a lot of them and a lot has been said about them. The same about scam. The object of this article will be precisely antifraud, its general skeleton.
Antifraud can be divided into:
If there is a computer - there are its functions. You can use vulnerabilities to gain access to information. It is vulnerable.
If there is no computer, there is no function. You cannot use vulnerabilities to gain access to information. It is invulnerable. It does not exist. These are very rough inputs.
The one who owns PayPal and the higher financial institutions have one criterion for understanding any situation, it is the overall effectiveness of the ideas delegated to them. Or the general idea as a whole. For them there is no concept of "fair" or "unfair".
There are concepts of "profitable" and "unprofitable". This is part of the general features of the policy of these interactions.
The concept of "policy" has many definitions. In this article, policy means a set of actions in relation to objects that attract antifraud. Objects that attract antifraud are a set of situations that are regulated based on a general policy of actions.
It is important to understand this. Without this understanding, further reading of the article is almost meaningless and uninformative.
Above PayPal is the core. PayPal carries out the goals and objectives, instructions of a particular financial institution.
It looks something like this:
Object 1 interacts with objects AB C.
Here one of these letter objects (AB or C) is PayPal in general. And the numeric object - one (1) is a financial institution or other organization with its charter, goals and objectives and interests.
Let's assume object C is PayPal, object A is, for example, Ebay, and B is another organization engaged in activities on the Internet.
Object 1 has goals, objectives and policies (in this case, methods of interaction) in relation to the objects below.
Therefore, the entities below (PayPal) in particular pursue the interests of the organization above and act based on the goals and objectives of organization 1.
Above organization 1 there is the same system, this organization is the same screw. Somewhere above there is the US Federal Reserve System (US financial reserve system), about which we already had an article a few days ago, you can read, this organization prints paper that is called dollars.
Let's get back to PayPal. It is not an autonomous organization, but a cog in the financial system that performs its functions. The antifraud of this cog (PayPal) is aimed at reducing the amount of fraud.
Why does PayPal need this? Here the laws of different countries come into play. It is different in each country, this is worth considering.
What PayPal calls fraud in the US will not be fraud in another country. Because in the laws, it is not called fraud.
In this case, the antifraud does not see anything illegal and lets your transaction through. Under the same conditions in another country, your action attracts the attention of the antifraud and here the methods of interaction between the antifraud and you come into force.
As indicated above from the pyramid - PayPal is one of the cells of the general idea, and the general idea, which is somewhere 5-10-20 levels higher, has its own goal - efficiency. So PayPal, even losing a lot of money, let's assume that even theoretically beats the profit of the entire company - still participates in this very general idea, thereby increasing its efficiency. That is, superprofits for those who manage this idea. Therefore, this company (PayPal) cannot be in the minus in principle.
Above - with the model that fraud beats its profit, and the company cannot be in the red - this is a hypothetical model. This is certainly not true. More precisely, it could have been so at one time - but it is not so at the moment.
According to official data, PayPal has over 100 million registered users. Imagine that the PayPal from registering one CC and verification receives about $2. The fact that these bonus $2 go to PayPal can be understood without understanding the economy and the Fed's policy in particular. These $2 in 100% of cases will go to pay various commissions.
What are the fees for transferring money between PayPals? And the extortionate fees of eBay? Palka takes money for everything. For every action.
The profit of the PayPal and eBay is colossal. The super profits for the higher-level companies have already been discussed. In this case, the budget of the PP itself and part of eBay are considered.
Analysts of the PP, based on many economic factors, including the PayPal budget and the amount of fraud, draw conclusions about how much money can be allocated for fraud in order to make money from it.
How can you make money from this? Antifraud, in this case, will be a synonym for the word security. What does the PayPal write? Safe and easy.
Is webmoney safe and easy? Thousands of verifications, monstrous restrictions and a bunch of problems. No, it is doubtfully safe and easy there, except for a person who has been working in the payment systems sphere for a long time. Doubtfully safe means there is a concept of security, i.e. limitations of functions, but there is no practical effect. That is, webmoney is losing clients and fewer and fewer people want to work with it for these reasons.
In PayPal, everything is simple. Everyone is drawn to the PayPal. The PP is known all over the world, eBay is known to everyone. WebMoney is a little-known office, about which there are dark rumors that scare away customers. Here it is - the difference in approaches to security.
Now that it is clear what security is (within the framework of payments), what approaches to security there can be, what antifraud is and its goals and objectives - we come to the question of the most interesting thing for carders - how much money they will be given to tear apart.
Net or other profit for the month - $100,000,000 (100 million)
Based on many economic and other factors (if we touch on factors, then we will move on to discussing the policy of interaction between organizations, the economy, and the state) - analysts have concluded that $10,000 (10 million) per month can be allocated for fraud.
And here is the fraud limit - 10kk. Now, what is tightening the screws and how does it happen.
When 10kk is already running out or approaching some % ratio up - "monthly" begins. The PayPal literally goes berserk. Loki go everywhere and everything. Depression and screams about the PP dying begin on card. resources)
How does this depression affect holders? Since we have written Safe and easy - but it turns out Unsafe and hard - then few people like it and the growth of shitty moods begins.
And a bunch of similar sites. Analysts predict an objective decrease in efficiency and, as a consequence, a loss of profit not only for themselves, but also for the financial organizations above the PayPal - they suddenly loosen the screws and the PP starts pouring again.
This concludes the discussion of antifraud policy and more. Next will be the "nuts" that are tightened. And objects.
Third - using PayPal rules to your advantage in disputes. In this case, this is what is interesting. Examples of fraud on auctions are deliberately not considered. This is a different policy and a different field of discussion. (EBay anti-fraud policy, not PayPal).
These are the main objects that attract PayPal antifraud.
Methods of interaction. As a tool named above "tightening the screws".
There are objects. There are anti-fraud policies. One of them is the allocation of funds for fraud.
When these objects start to devour the predicted losses or the money allocated for fraud, the mechanism of tightening the screws or interaction methods are activated. Moreover, the degree of the mechanism's impact is directly related to the % of money allocated for fraud.
For example, 10,000,000 is 100%. When the fraud approaches the 60% mark or 6,000,000, a light set of modules is turned on that stop transactions, "being review by PayPal", if there is no feedback within N hours/days, the PayPal gives the money. Also, accounts are not limited, but only politely inquired about the transaction.
When the figure approaches 70%, another mechanism is activated. Limits are already falling. Transactions are held longer. All sorts of "inqury by PayPal" appear.
When approaching 90%, hell begins. I think there is no point in describing it in detail. Well, you understand what is happening.
First of all, you need to understand the anti-fraud policy, the degree of manifestation of the "anti-fraud reaction" and the severity of the "fraud search". In the 90% phase, logging into an account from another IP is an unconditional limit, and in the 50-60% phase there will be nothing. A little higher - there will be SM.
Well, now the methods for objects:
Below there will be general methods, then methods that are more applicable in % relation to the above objects.
Atypicality.
Login to the PayPal from another computer, IP. Here the PP will find out whether it is the holder's computer? by: cookies, salts, IP address, various gateways, Windows parameters, serial numbers if it can get them. In general, by the imprint that is stored on the PayPal.
Atypical behavior.
Let's say a holder logged in from his computer to the PayPal, he had never sent such amounts before, and then suddenly decided to send all the money he had + a deposit from the bank to some fresh reg with no history or another dubious person. And of course, this will attract the attention of the antifraud. Depending on the phase he is in, there will be a corresponding reaction.
Degree of trust.
There are more trusted ones, there are less trusted ones. For example, it is clear that the account of a seller with a huge history and involved in a dispute against him - the PayPal will most likely be on his side, no matter what the buyer protection policy says. It is more profitable for the PayPal that he sells, because more money comes from him. Also, the PP does not need a bad reputation, in this case the investigation can even be objective. Moreover, it should be noted that the PP does not need a bad reputation in certain regions, other regions are less important to it. These are the roots of discrimination.
The PR manager is already monitoring the "bad fame" coefficient, and he also receives instructions on the policy of interaction with the regions from the board of directors.
Analysts predict where "bad fame" will not hurt, and where (for example, in Western countries) it will cause critical damage to profits. Here the question is decided about where it flows better.
There is much to be said about trust, and many things are tied to it. But this will not be exactly anti-fraud.
Extrapolate the two above methods to objects and get the result of interaction and the output will be a tool for tightening the screws. And the policy of the organization and antifraud in particular, as a tool for influencing the tool for tightening the screws. This is only within the framework of the antifraud system. And how many interesting things can there be in advertising, politics, interaction with the state? And this is only the payment system. That's all.
There is some theme. There are similar-looking accounts, similar actions were made on them, but everything turned out differently. Although the accounts seem to be the same. And how to analyze this? What conclusions will you draw?
If you look at it from the point of view of a particular case, you will get little information. Only the most general reasons. And if you look at it from the point of view of the presumption of guilt (the thief is always in trouble), then you can say you will get nothing. If you look at statistics, it will be absurd.
This is the action of the anti-analytical anti-fraud module. So that the actions next time are difficult to predict. Even having caught the "wave" (fraud limit). This is how many topics die in the heads of carders.
So to speak, I looked at things through the eyes of an anti-fraud, then at my statistics, at the spontaneous nonsense on the resources and came to similar conclusions.
Regarding the anti-analytical module, some more specific methods of action for damaging statistics have been identified, I will not talk about them for selfish reasons, otherwise everyone who is not lazy will have a PayPal.
Regarding the policy of development of this direction in the PP - if the fraud limits are exceeded very quickly, the instrument of tightening the screws will be of little help - in the future, a number of procedures such as 3DS, mandatory Phone Confirmation, receiving a letter to the address will be introduced - conclusions based on hundreds of analyzed Risk Management Solutions. This is in a purely strategic plan.
In tactical terms - revision of fundamental parts of return policies and tightening of screws as a tool for regulating balance profit | influx of new new people - as a result of investment in future rip-off, and not now. By the way, what is described applies not only to PayPal. I hope that you will find this information useful and your income will only grow. Thank you all!
What does PayPal Antifraud fight against? If we take the side of carders, then money laundering. Money laundering is money laundering. If the direction of the scam, then scam or deception.
I will not write here about how you can launder money in PayPal, it will take a lot of time and I will hardly describe all the methods. There are quite a lot of them and a lot has been said about them. The same about scam. The object of this article will be precisely antifraud, its general skeleton.
Antifraud can be divided into:
- Anti-fraud policy
- Objects that attract antifraud
- Methods of interaction
- Fraud detection methods
- Anti-analytical antifraud module
Anti-fraud policy
Security - there is a limitation of functionality. Complete security - there is no functionality.If there is a computer - there are its functions. You can use vulnerabilities to gain access to information. It is vulnerable.
If there is no computer, there is no function. You cannot use vulnerabilities to gain access to information. It is invulnerable. It does not exist. These are very rough inputs.
The one who owns PayPal and the higher financial institutions have one criterion for understanding any situation, it is the overall effectiveness of the ideas delegated to them. Or the general idea as a whole. For them there is no concept of "fair" or "unfair".
There are concepts of "profitable" and "unprofitable". This is part of the general features of the policy of these interactions.
The concept of "policy" has many definitions. In this article, policy means a set of actions in relation to objects that attract antifraud. Objects that attract antifraud are a set of situations that are regulated based on a general policy of actions.
It is important to understand this. Without this understanding, further reading of the article is almost meaningless and uninformative.
Above PayPal is the core. PayPal carries out the goals and objectives, instructions of a particular financial institution.
It looks something like this:
Object 1 interacts with objects AB C.
Here one of these letter objects (AB or C) is PayPal in general. And the numeric object - one (1) is a financial institution or other organization with its charter, goals and objectives and interests.
Let's assume object C is PayPal, object A is, for example, Ebay, and B is another organization engaged in activities on the Internet.
Object 1 has goals, objectives and policies (in this case, methods of interaction) in relation to the objects below.
Therefore, the entities below (PayPal) in particular pursue the interests of the organization above and act based on the goals and objectives of organization 1.
Above organization 1 there is the same system, this organization is the same screw. Somewhere above there is the US Federal Reserve System (US financial reserve system), about which we already had an article a few days ago, you can read, this organization prints paper that is called dollars.
Let's get back to PayPal. It is not an autonomous organization, but a cog in the financial system that performs its functions. The antifraud of this cog (PayPal) is aimed at reducing the amount of fraud.
Why does PayPal need this? Here the laws of different countries come into play. It is different in each country, this is worth considering.
What PayPal calls fraud in the US will not be fraud in another country. Because in the laws, it is not called fraud.
In this case, the antifraud does not see anything illegal and lets your transaction through. Under the same conditions in another country, your action attracts the attention of the antifraud and here the methods of interaction between the antifraud and you come into force.
As indicated above from the pyramid - PayPal is one of the cells of the general idea, and the general idea, which is somewhere 5-10-20 levels higher, has its own goal - efficiency. So PayPal, even losing a lot of money, let's assume that even theoretically beats the profit of the entire company - still participates in this very general idea, thereby increasing its efficiency. That is, superprofits for those who manage this idea. Therefore, this company (PayPal) cannot be in the minus in principle.
Above - with the model that fraud beats its profit, and the company cannot be in the red - this is a hypothetical model. This is certainly not true. More precisely, it could have been so at one time - but it is not so at the moment.
According to official data, PayPal has over 100 million registered users. Imagine that the PayPal from registering one CC and verification receives about $2. The fact that these bonus $2 go to PayPal can be understood without understanding the economy and the Fed's policy in particular. These $2 in 100% of cases will go to pay various commissions.
What are the fees for transferring money between PayPals? And the extortionate fees of eBay? Palka takes money for everything. For every action.
The profit of the PayPal and eBay is colossal. The super profits for the higher-level companies have already been discussed. In this case, the budget of the PP itself and part of eBay are considered.
Antifraud
This is the main budget of the PayPal. Now let's move on to the interaction of this budget with one of the antifraud modules.Analysts of the PP, based on many economic factors, including the PayPal budget and the amount of fraud, draw conclusions about how much money can be allocated for fraud in order to make money from it.
How can you make money from this? Antifraud, in this case, will be a synonym for the word security. What does the PayPal write? Safe and easy.
Is webmoney safe and easy? Thousands of verifications, monstrous restrictions and a bunch of problems. No, it is doubtfully safe and easy there, except for a person who has been working in the payment systems sphere for a long time. Doubtfully safe means there is a concept of security, i.e. limitations of functions, but there is no practical effect. That is, webmoney is losing clients and fewer and fewer people want to work with it for these reasons.
In PayPal, everything is simple. Everyone is drawn to the PayPal. The PP is known all over the world, eBay is known to everyone. WebMoney is a little-known office, about which there are dark rumors that scare away customers. Here it is - the difference in approaches to security.
Now that it is clear what security is (within the framework of payments), what approaches to security there can be, what antifraud is and its goals and objectives - we come to the question of the most interesting thing for carders - how much money they will be given to tear apart.
Net or other profit for the month - $100,000,000 (100 million)
Based on many economic and other factors (if we touch on factors, then we will move on to discussing the policy of interaction between organizations, the economy, and the state) - analysts have concluded that $10,000 (10 million) per month can be allocated for fraud.
And here is the fraud limit - 10kk. Now, what is tightening the screws and how does it happen.
When 10kk is already running out or approaching some % ratio up - "monthly" begins. The PayPal literally goes berserk. Loki go everywhere and everything. Depression and screams about the PP dying begin on card. resources)
How does this depression affect holders? Since we have written Safe and easy - but it turns out Unsafe and hard - then few people like it and the growth of shitty moods begins.
And a bunch of similar sites. Analysts predict an objective decrease in efficiency and, as a consequence, a loss of profit not only for themselves, but also for the financial organizations above the PayPal - they suddenly loosen the screws and the PP starts pouring again.
This concludes the discussion of antifraud policy and more. Next will be the "nuts" that are tightened. And objects.
Objects monitored by antifraud
There are several levels of tracking here, I highlight two or three, but there may be others, including combined ones.- Unauthorized access to PayPal account.
- Unauthorized access to finances.
- PayPal abuse, deception. Scam.
Third - using PayPal rules to your advantage in disputes. In this case, this is what is interesting. Examples of fraud on auctions are deliberately not considered. This is a different policy and a different field of discussion. (EBay anti-fraud policy, not PayPal).
These are the main objects that attract PayPal antifraud.
Methods of interaction. As a tool named above "tightening the screws".
There are objects. There are anti-fraud policies. One of them is the allocation of funds for fraud.
When these objects start to devour the predicted losses or the money allocated for fraud, the mechanism of tightening the screws or interaction methods are activated. Moreover, the degree of the mechanism's impact is directly related to the % of money allocated for fraud.
For example, 10,000,000 is 100%. When the fraud approaches the 60% mark or 6,000,000, a light set of modules is turned on that stop transactions, "being review by PayPal", if there is no feedback within N hours/days, the PayPal gives the money. Also, accounts are not limited, but only politely inquired about the transaction.
When the figure approaches 70%, another mechanism is activated. Limits are already falling. Transactions are held longer. All sorts of "inqury by PayPal" appear.
When approaching 90%, hell begins. I think there is no point in describing it in detail. Well, you understand what is happening.
Fraud detection methods
There are quite a lot of methods. I can hardly describe them all, I'll just throw in the most general ones.First of all, you need to understand the anti-fraud policy, the degree of manifestation of the "anti-fraud reaction" and the severity of the "fraud search". In the 90% phase, logging into an account from another IP is an unconditional limit, and in the 50-60% phase there will be nothing. A little higher - there will be SM.
Well, now the methods for objects:
- Unauthorized access to PayPal account.
- Unauthorized access to finances.
- Abuse of PayPal rules, deception. Scam.
Below there will be general methods, then methods that are more applicable in % relation to the above objects.
Atypicality.
Login to the PayPal from another computer, IP. Here the PP will find out whether it is the holder's computer? by: cookies, salts, IP address, various gateways, Windows parameters, serial numbers if it can get them. In general, by the imprint that is stored on the PayPal.
Atypical behavior.
Let's say a holder logged in from his computer to the PayPal, he had never sent such amounts before, and then suddenly decided to send all the money he had + a deposit from the bank to some fresh reg with no history or another dubious person. And of course, this will attract the attention of the antifraud. Depending on the phase he is in, there will be a corresponding reaction.
Degree of trust.
There are more trusted ones, there are less trusted ones. For example, it is clear that the account of a seller with a huge history and involved in a dispute against him - the PayPal will most likely be on his side, no matter what the buyer protection policy says. It is more profitable for the PayPal that he sells, because more money comes from him. Also, the PP does not need a bad reputation, in this case the investigation can even be objective. Moreover, it should be noted that the PP does not need a bad reputation in certain regions, other regions are less important to it. These are the roots of discrimination.
The PR manager is already monitoring the "bad fame" coefficient, and he also receives instructions on the policy of interaction with the regions from the board of directors.
Analysts predict where "bad fame" will not hurt, and where (for example, in Western countries) it will cause critical damage to profits. Here the question is decided about where it flows better.
There is much to be said about trust, and many things are tied to it. But this will not be exactly anti-fraud.
Extrapolate the two above methods to objects and get the result of interaction and the output will be a tool for tightening the screws. And the policy of the organization and antifraud in particular, as a tool for influencing the tool for tightening the screws. This is only within the framework of the antifraud system. And how many interesting things can there be in advertising, politics, interaction with the state? And this is only the payment system. That's all.
Anti-analytical anti-fraud module
Forewarned is forearmed. Why should we warn? We'd rather give disinformation.There is some theme. There are similar-looking accounts, similar actions were made on them, but everything turned out differently. Although the accounts seem to be the same. And how to analyze this? What conclusions will you draw?
If you look at it from the point of view of a particular case, you will get little information. Only the most general reasons. And if you look at it from the point of view of the presumption of guilt (the thief is always in trouble), then you can say you will get nothing. If you look at statistics, it will be absurd.
This is the action of the anti-analytical anti-fraud module. So that the actions next time are difficult to predict. Even having caught the "wave" (fraud limit). This is how many topics die in the heads of carders.
Conclusion.
Everything that is written about the "fraud limit" and the "anti-analytical module" is my speculation based on the study of such a market sector as Risk Management, RM solutions in particular.So to speak, I looked at things through the eyes of an anti-fraud, then at my statistics, at the spontaneous nonsense on the resources and came to similar conclusions.
Regarding the anti-analytical module, some more specific methods of action for damaging statistics have been identified, I will not talk about them for selfish reasons, otherwise everyone who is not lazy will have a PayPal.
Regarding the policy of development of this direction in the PP - if the fraud limits are exceeded very quickly, the instrument of tightening the screws will be of little help - in the future, a number of procedures such as 3DS, mandatory Phone Confirmation, receiving a letter to the address will be introduced - conclusions based on hundreds of analyzed Risk Management Solutions. This is in a purely strategic plan.
In tactical terms - revision of fundamental parts of return policies and tightening of screws as a tool for regulating balance profit | influx of new new people - as a result of investment in future rip-off, and not now. By the way, what is described applies not only to PayPal. I hope that you will find this information useful and your income will only grow. Thank you all!
