A common method that attackers use when trying to figure out what credit card numbers
merchants will accept is to use an automated tool that generates random sets of
potentially usable credit card values. Two tools (easily obtainable on the Internet) that
generate large volumes of credit card numbers are Credit Master and Credit Wizard. The
attackers submit these generated values to retailers and others with the goal of fraudulently
obtaining services or goods. If the credit card value is accepted, the attacker knows
that this is a valid number, which they then continue to use (or sell for use) until the
activity is stopped through the standard fraud protection and notification systems that
are employed by credit card companies, retailers, and banks. Because this attack type has
worked so well in the past, many merchants now require users to enter a unique card
identifier when making online purchases. This is the three-digit number located on the
back of the card that is unique to each physical credit card (not just unique to the
account). Guessing a 16-digit credit card number is challenging enough, but factoring in
another three-digit identifier makes the task much more difficult, and next to impossible
without having the card in hand.
Pages:
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92