WHAT IS CARD ENROLLMENT
METHOD
Card "enrollment" is a type of carding operation in which cybercriminals register stolen cards (primary enroll) into online banking or reset access to online banking (re-rolling) using the real name and personal information of a cardholder.
Unlike other types of fraudulent activities, in which carders leverage stolen financial information or credentials to register an entire fake, card enrollment is centered only over access to online banking leading to more criminal revenues from financial account takeover (ATO) as opposed to the other forms of fraud without online account access.
Enroll significantly assists carders in their activities. The main use of enrolling comes from the benefits provided with online banking access.
Allows carders to change billing address and phone number associated with a stolen card, therefore, the holder will not get any updates or alerts
Enables to pass mini-deposit verification
Helps bypass secure authentication protocols such as Verified-by-Visa (VBV)
Helps prepare an e-commerce merchant for important larger fraudulent transactions
Card enrollment becomes a service offered across the underground community. Cybercriminals open shops which either sell access to online banking directly or enroll cards provided to them by their carder customers.
Purpose of Card Rolling
Based on the observation of articles, training manuals, forum discussions, and chat- services channels, AdvIntel identified three main reasons for card enrollment:
Access to online banking allows processing mini-deposits
Mini-deposits are a verification procedure in which online service (for instance, PayPal or e-commerce platform) verifies a card through micro-transactions (typically of $1 or $2 USD). The transaction will be issued to the card, and the cardholder will need to input the exact number confirming that they have full access. Other similar verification procedures may require to enter exact card balance with will also require access to online banking.
Access to online banking helps to bypass authentication 3D secure protocols
3D secure protocols are an additional checking measure applied by certain banks. Usually, this includes either a VBV (Verified by Visa) or an MCSC (MasterCard Secure Code) protocol. For example, the merchant may ask to provide a VBV code during an online purchase, which will be listed in the online banking account. By having the VBV code, carders will be able to bypass a VBV verification which will greatly increase the chances of their purchase to pass through. Moreover, some merchants can be only accessed with cards that have VBV enabled.
Access to online banking helps prepare an e-commerce merchant for important larger fraudulent transactions
With high-end card fraud, transactions that involve expensive credit cards and purchase over several thousand USD, having online banking access becomes crucial since it provides a fraudster with intelligence regarding victim’s purchase patterns. If a high-end transaction will significantly differ from a victim’s spending pattern, anti-fraud will block it. Therefore, through re-enrolling an already used card, and resetting access to online banking, carders will receive access to the previous history of transactions and investigate it to mimic the victim behavior.
Typically, the initial information includes card information:
Card number
Expiration date
CVV
Personal information (card holder's first and last name, address)
Knowing this information, a card enroll service may use third-party services such as peoplefinders.com to obtain personal information. However, according to training manuals, comprehensive personal information should be obtained through underground checking services, often charging $6-7 USD per check. This information typically includes social security number, date of birth, and the up-to-date home address.
After receiving this information, the service leverages remote desktop servers (RDP) and secure shell (SSH) tunnels to create a consistent fingerprint which will correlate with cardholder's address and other information. With this digital camouflage, they access the website of the bank in which the card has been issued. If the card was not enrolled previously, they use all the obtained information to register a new online banking account, if it was, the information will be used to reset (re-enroll) the card. After this, access to online banking will be sold to an underground carding customer.
METHODCard "enrollment" is a type of carding operation in which cybercriminals register stolen cards (primary enroll) into online banking or reset access to online banking (re-rolling) using the real name and personal information of a cardholder.
Unlike other types of fraudulent activities, in which carders leverage stolen financial information or credentials to register an entire fake, card enrollment is centered only over access to online banking leading to more criminal revenues from financial account takeover (ATO) as opposed to the other forms of fraud without online account access.
Enroll significantly assists carders in their activities. The main use of enrolling comes from the benefits provided with online banking access.
Allows carders to change billing address and phone number associated with a stolen card, therefore, the holder will not get any updates or alertsEnables to pass mini-deposit verificationHelps bypass secure authentication protocols such as Verified-by-Visa (VBV)Helps prepare an e-commerce merchant for important larger fraudulent transactionsCard enrollment becomes a service offered across the underground community. Cybercriminals open shops which either sell access to online banking directly or enroll cards provided to them by their carder customers.
Purpose of Card Rolling
Based on the observation of articles, training manuals, forum discussions, and chat- services channels, AdvIntel identified three main reasons for card enrollment:
Access to online banking allows processing mini-deposits
Mini-deposits are a verification procedure in which online service (for instance, PayPal or e-commerce platform) verifies a card through micro-transactions (typically of $1 or $2 USD). The transaction will be issued to the card, and the cardholder will need to input the exact number confirming that they have full access. Other similar verification procedures may require to enter exact card balance with will also require access to online banking.
Access to online banking helps to bypass authentication 3D secure protocols
3D secure protocols are an additional checking measure applied by certain banks. Usually, this includes either a VBV (Verified by Visa) or an MCSC (MasterCard Secure Code) protocol. For example, the merchant may ask to provide a VBV code during an online purchase, which will be listed in the online banking account. By having the VBV code, carders will be able to bypass a VBV verification which will greatly increase the chances of their purchase to pass through. Moreover, some merchants can be only accessed with cards that have VBV enabled.
Access to online banking helps prepare an e-commerce merchant for important larger fraudulent transactions
With high-end card fraud, transactions that involve expensive credit cards and purchase over several thousand USD, having online banking access becomes crucial since it provides a fraudster with intelligence regarding victim’s purchase patterns. If a high-end transaction will significantly differ from a victim’s spending pattern, anti-fraud will block it. Therefore, through re-enrolling an already used card, and resetting access to online banking, carders will receive access to the previous history of transactions and investigate it to mimic the victim behavior.
Typically, the initial information includes card information:
Card numberExpiration dateCVVPersonal information (card holder's first and last name, address)Knowing this information, a card enroll service may use third-party services such as peoplefinders.com to obtain personal information. However, according to training manuals, comprehensive personal information should be obtained through underground checking services, often charging $6-7 USD per check. This information typically includes social security number, date of birth, and the up-to-date home address.
After receiving this information, the service leverages remote desktop servers (RDP) and secure shell (SSH) tunnels to create a consistent fingerprint which will correlate with cardholder's address and other information. With this digital camouflage, they access the website of the bank in which the card has been issued. If the card was not enrolled previously, they use all the obtained information to register a new online banking account, if it was, the information will be used to reset (re-enroll) the card. After this, access to online banking will be sold to an underground carding customer.
