Cipher Soul
Junior Contributor
Regular Member
- Joined
- Mar 6, 2023
- Threads
- 11
- Post Replies
- 52
- Status
- away
- Last seen
In my last post, "Deep Dive" we reviewed VBV/Non-VBV Cards. With that concluded, the next step is to only dig into payment processors, gateways, and bank processing. I am delving into that information and its inner workings to the best of MY understanding. I'm always open to discussions, research points, or corrections. (I firmly believe I learn best by peer review and teaching)
This entire series is in honor of a GOAT Ginseng. That's why I'm providing generalized working information that is UP-TO-DATE for free.
Let's start a tad loose by explaining the primary differences between Payment processors, gateways, and how banks act between them.
Payment processors, gateways, and banks play different roles in the payment process. Payment processors are third-party services that process payments on behalf of merchants. They handle the transaction between the customer's and merchant's banks, ensuring that the funds are transferred securely. On the other hand, payment gateways are the software that connects merchants' websites (or other sales channels) to payment processors. They securely transmit payment data from the customer to the payment processor for processing.
Banks play a crucial role in the payment process as well. They act as intermediaries between the payment processor and the merchant's bank. When a payment is made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate.
Overall, payment processors and gateways are necessary for merchants to accept customer payments, while banks facilitate the transfer of funds between them.
As we build a strong foundation of knowledge on the fundamentals of banking and online purchases, we can gradually explore these topics and gain a more in-depth understanding of them.
Payment Gateways:
Payment gateways play a vital role in the payment process by securely transmitting payment data from the customer to the payment processor for processing. They act as a bridge between the merchant's website and the payment processor. Payment gateways collect sensitive payment information such as credit card details and personal details like customer name, address, email address, and phone number. They then encrypt this information and transmit it securely to the payment processor for further processing. Payment gateways work to prevent fraudulent transactions by using several security measures, such as AVS (Address Verification Service), CVV (Card Verification Value), and 3-D Secure.
Payment Processors:
Payment processors are third-party services that handle transactions between customers and merchant banks, ensuring that funds are transferred securely. Payment processors collect transaction data from payment gateways and transmit it to the customer's bank. They also handle refunds, chargebacks, and other payment-related issues. Payment processors typically gather/rely on information such as customer name, email address, phone number, billing address, and payment details. Payment processors use advanced fraud detection tools such as machine learning algorithms, velocity checks, and behavioral analysis to prevent fraud.
Banks: Banks act as intermediaries between the payment processor and the merchant's bank. When payments are made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate. Banks gather and verify information such as the customer's name, account number, routing number, and transaction details. They use anti-fraud measures such as two-factor authentication, biometric verification, and transaction monitoring to prevent fraudulent transactions.
In summary, payment gateways, processors, and banks all play crucial roles in the payment process. They gather and transmit different types of information and use different anti-fraud measures to protect customers and merchants from fraudulent transactions. Working together, they ensure that payment transactions are secure, efficient, and convenient for everyone involved.
You may be feeling confused at this point. However, the information I am sharing with you is commonly available online and is known as "Clear net" information. The good news is that all of these security measures, except for their exact inner workings, are publicly available for further research. To save everyone's time and provide accurate information, I will list the primary factors that Payment Gateways, Processors, and Banks consider. You will notice that many of these factors are checked repeatedly in different ways throughout the process, which is why the fraud rates for credit cards have decreased more than ever in the last four years.
Below is a list of information that payment gateways gather and send to banks and payment processors ranked from most to least important in determining fraud:
1. Card Verification Value (CVV): A three or four-digit security code on the back of a credit or debit card that verifies the card's authenticity and helps prevent fraudulent transactions.
2. Address Verification Service (AVS): This is a system that compares the billing/shipping address provided by the customer with the billing/shipping address on file with the issuing bank for the credit or debit card. The two addresses may indicate a fraudulent transaction if they do not match.
3. Cardholder Name: The name of the person who owns the credit or debit card and is making the transaction. Payment gateways verify this information for accuracy.
4. Card Number: The 16-digit number on the front of a credit or debit card. Payment gateways send this information to payment processors and banks to ensure the card is valid and not stolen.
5. Expiration Date: Payment gateways verify the expiration date of the credit or debit card to ensure that it is still valid.
6. Billing Address: The address where the credit or debit card statement is sent. Payment gateways verify this information for accuracy.
7. Email Address: Payment gateways collect and send the customer's email address to payment processors and banks for communication and transaction verification.
8. Phone Number: Payment gateways collect and send the customer's phone number to payment processors and banks to assist with communication and transaction verification.
9. Payment Amount: The amount charged to the customer's credit or debit card. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
10. Merchant Name: The name of the business accepting the payment. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
While all of the above information is important in determining the accuracy of a transaction, the CVV and AVS are the most crucial in identifying potential fraudulent transactions. Payment gateways use various methods to verify this information, including machine learning algorithms, velocity checks, and behavioral analysis, to prevent fraudulent transactions and protect customers and merchants.
Below is a list of additional information that payment gateways collect and send, ranked from most to least important in determining fraud:
1. Unusual or Large Transactions
2. Card Tagging
3. Copy & Paste Credentials
4. Address Verification (Hand & Hand with IP Address)
5. IP Address
6. Shipping Address/Billing Address
7. System Clock and Time Zone
8. Connection Speed
9. Browser Fingerprinting
10. User-Agent
11. Cookies and Caches
12. HTTP Headers
13. Email Domain Authenticity and Age
14. Residential/Data-center/Spam RDP/Socks (Hand & Hand with IP)
15. Screen Size and Zoom
16. System Fonts
[List not perfectly ranked. Based on personal experiences and research. Very processor and bank dependent]
Here's a breakdown of each for more details.
1. Card Tagging: Payment gateways check whether the card has been tagged as fraudulent by the issuing bank or other payment processors.
2. IP Address: Payment gateways collect and send the IP address of the customer's device to payment processors and banks to verify the location of the transaction.
3. Unusual or Large Transactions: Payment gateways flag transactions significantly larger or different from the customer's usual spending patterns.
4. Browser Fingerprinting: Payment gateways collect and send data that identifies the unique characteristics of the customer's browser, including its type, version, and installed plugins.
5. HTTP Headers: Payment gateways collect and send HTTP headers that contain additional information about the customer's device and browser.
6. Operating System: Payment gateways collect and send the operating system of the customer's device.
7. User-Agent: Payment gateways collect and send the user-agent string of the customer's browser.
8. Cookies and Caches: Payment gateways collect and send data stored in cookies and caches on the customer's device.
9. System Clock and Time Zone: Payment gateways collect and send data that identifies the time and time zone of the customer's device.
10. Connection Speed: Payment gateways check the connection speed of the customer's device, which can indicate the use of a proxy.
11. Address Verification: Payment gateways verify the customer's name, date of birth, social security number, and address with the issuing bank to ensure the transaction is legitimate.
12. Copy & Paste Credentials: Payment gateways flag transactions where the customer has copied and pasted their credentials, which may indicate fraudulent activity.
13. Screen Size and Zoom: Payment gateways collect and send data that identifies the screen size and zoom of the customer's device.
14. System Fonts: Payment gateways collect and send data identifying the system fonts used on the customer's device.
15. Email Domain Authenticity and Age: Payment gateways verify the authenticity and age of the customer's email domain. .edu domains are considered more trustworthy.
16. Residential/Data-center/Spam RDP/Socks: Payment gateways check the type of IP address used in the transaction to determine if it is residential, data-center, spam RDP, or socks.
17. Shipping Address/Billing Address: Payment gateways verify customers' shipping and billing addresses to ensure they match and are legitimate. By gathering and sending the above information, they help payment processors and banks identify and prevent fraudulent transactions, protecting customers and merchants.
As you can understand from the above, something as simple as card tagging could quite quickly cause an issue and increase the Fraud Score by a large fraction. Speaking of fraud scores, we'll dive into that next.
[Recap]
1. Differences in Payment gateways, processors, and banks
2. Anti-fraud systems used in each
3. What data is collected and sent between
Now, we'll look into the NEXT segment of this: counterintelligence, spoofing, and fooling these measures and systems, along with the tools I've commonly used/seen.
I'm delighted to provide an informative read that has (hopefully) motivated you to explore further. You should conduct your research and gather more information. Please do not hesitate to ask for references for your search.
Next topics.
Counterintelligence, Spoofing, and Fooling Anti-Fraud
Stripe Radar Deep Dive (STILL RESEARCHING)
Eventually, I'd like to begin including images & videos on some of these to detail outflow patterns and such for how systems work. Perhaps in the future.
As always, if this post helped improve your knowledge or taught yourself something new. Spread it around and drop a +1 Score for more.
This entire series is in honor of a GOAT Ginseng. That's why I'm providing generalized working information that is UP-TO-DATE for free.
Let's start a tad loose by explaining the primary differences between Payment processors, gateways, and how banks act between them.
Payment processors, gateways, and banks play different roles in the payment process. Payment processors are third-party services that process payments on behalf of merchants. They handle the transaction between the customer's and merchant's banks, ensuring that the funds are transferred securely. On the other hand, payment gateways are the software that connects merchants' websites (or other sales channels) to payment processors. They securely transmit payment data from the customer to the payment processor for processing.
Banks play a crucial role in the payment process as well. They act as intermediaries between the payment processor and the merchant's bank. When a payment is made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate.
Overall, payment processors and gateways are necessary for merchants to accept customer payments, while banks facilitate the transfer of funds between them.
As we build a strong foundation of knowledge on the fundamentals of banking and online purchases, we can gradually explore these topics and gain a more in-depth understanding of them.
Payment Gateways:
Payment gateways play a vital role in the payment process by securely transmitting payment data from the customer to the payment processor for processing. They act as a bridge between the merchant's website and the payment processor. Payment gateways collect sensitive payment information such as credit card details and personal details like customer name, address, email address, and phone number. They then encrypt this information and transmit it securely to the payment processor for further processing. Payment gateways work to prevent fraudulent transactions by using several security measures, such as AVS (Address Verification Service), CVV (Card Verification Value), and 3-D Secure.
Payment Processors:
Payment processors are third-party services that handle transactions between customers and merchant banks, ensuring that funds are transferred securely. Payment processors collect transaction data from payment gateways and transmit it to the customer's bank. They also handle refunds, chargebacks, and other payment-related issues. Payment processors typically gather/rely on information such as customer name, email address, phone number, billing address, and payment details. Payment processors use advanced fraud detection tools such as machine learning algorithms, velocity checks, and behavioral analysis to prevent fraud.
Banks: Banks act as intermediaries between the payment processor and the merchant's bank. When payments are made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate. Banks gather and verify information such as the customer's name, account number, routing number, and transaction details. They use anti-fraud measures such as two-factor authentication, biometric verification, and transaction monitoring to prevent fraudulent transactions.
In summary, payment gateways, processors, and banks all play crucial roles in the payment process. They gather and transmit different types of information and use different anti-fraud measures to protect customers and merchants from fraudulent transactions. Working together, they ensure that payment transactions are secure, efficient, and convenient for everyone involved.
You may be feeling confused at this point. However, the information I am sharing with you is commonly available online and is known as "Clear net" information. The good news is that all of these security measures, except for their exact inner workings, are publicly available for further research. To save everyone's time and provide accurate information, I will list the primary factors that Payment Gateways, Processors, and Banks consider. You will notice that many of these factors are checked repeatedly in different ways throughout the process, which is why the fraud rates for credit cards have decreased more than ever in the last four years.
Below is a list of information that payment gateways gather and send to banks and payment processors ranked from most to least important in determining fraud:
1. Card Verification Value (CVV): A three or four-digit security code on the back of a credit or debit card that verifies the card's authenticity and helps prevent fraudulent transactions.
2. Address Verification Service (AVS): This is a system that compares the billing/shipping address provided by the customer with the billing/shipping address on file with the issuing bank for the credit or debit card. The two addresses may indicate a fraudulent transaction if they do not match.
3. Cardholder Name: The name of the person who owns the credit or debit card and is making the transaction. Payment gateways verify this information for accuracy.
4. Card Number: The 16-digit number on the front of a credit or debit card. Payment gateways send this information to payment processors and banks to ensure the card is valid and not stolen.
5. Expiration Date: Payment gateways verify the expiration date of the credit or debit card to ensure that it is still valid.
6. Billing Address: The address where the credit or debit card statement is sent. Payment gateways verify this information for accuracy.
7. Email Address: Payment gateways collect and send the customer's email address to payment processors and banks for communication and transaction verification.
8. Phone Number: Payment gateways collect and send the customer's phone number to payment processors and banks to assist with communication and transaction verification.
9. Payment Amount: The amount charged to the customer's credit or debit card. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
10. Merchant Name: The name of the business accepting the payment. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
While all of the above information is important in determining the accuracy of a transaction, the CVV and AVS are the most crucial in identifying potential fraudulent transactions. Payment gateways use various methods to verify this information, including machine learning algorithms, velocity checks, and behavioral analysis, to prevent fraudulent transactions and protect customers and merchants.
Below is a list of additional information that payment gateways collect and send, ranked from most to least important in determining fraud:
1. Unusual or Large Transactions
2. Card Tagging
3. Copy & Paste Credentials
4. Address Verification (Hand & Hand with IP Address)
5. IP Address
6. Shipping Address/Billing Address
7. System Clock and Time Zone
8. Connection Speed
9. Browser Fingerprinting
10. User-Agent
11. Cookies and Caches
12. HTTP Headers
13. Email Domain Authenticity and Age
14. Residential/Data-center/Spam RDP/Socks (Hand & Hand with IP)
15. Screen Size and Zoom
16. System Fonts
[List not perfectly ranked. Based on personal experiences and research. Very processor and bank dependent]
Here's a breakdown of each for more details.
1. Card Tagging: Payment gateways check whether the card has been tagged as fraudulent by the issuing bank or other payment processors.
2. IP Address: Payment gateways collect and send the IP address of the customer's device to payment processors and banks to verify the location of the transaction.
3. Unusual or Large Transactions: Payment gateways flag transactions significantly larger or different from the customer's usual spending patterns.
4. Browser Fingerprinting: Payment gateways collect and send data that identifies the unique characteristics of the customer's browser, including its type, version, and installed plugins.
5. HTTP Headers: Payment gateways collect and send HTTP headers that contain additional information about the customer's device and browser.
6. Operating System: Payment gateways collect and send the operating system of the customer's device.
7. User-Agent: Payment gateways collect and send the user-agent string of the customer's browser.
8. Cookies and Caches: Payment gateways collect and send data stored in cookies and caches on the customer's device.
9. System Clock and Time Zone: Payment gateways collect and send data that identifies the time and time zone of the customer's device.
10. Connection Speed: Payment gateways check the connection speed of the customer's device, which can indicate the use of a proxy.
11. Address Verification: Payment gateways verify the customer's name, date of birth, social security number, and address with the issuing bank to ensure the transaction is legitimate.
12. Copy & Paste Credentials: Payment gateways flag transactions where the customer has copied and pasted their credentials, which may indicate fraudulent activity.
13. Screen Size and Zoom: Payment gateways collect and send data that identifies the screen size and zoom of the customer's device.
14. System Fonts: Payment gateways collect and send data identifying the system fonts used on the customer's device.
15. Email Domain Authenticity and Age: Payment gateways verify the authenticity and age of the customer's email domain. .edu domains are considered more trustworthy.
16. Residential/Data-center/Spam RDP/Socks: Payment gateways check the type of IP address used in the transaction to determine if it is residential, data-center, spam RDP, or socks.
17. Shipping Address/Billing Address: Payment gateways verify customers' shipping and billing addresses to ensure they match and are legitimate. By gathering and sending the above information, they help payment processors and banks identify and prevent fraudulent transactions, protecting customers and merchants.
As you can understand from the above, something as simple as card tagging could quite quickly cause an issue and increase the Fraud Score by a large fraction. Speaking of fraud scores, we'll dive into that next.
[Recap]
1. Differences in Payment gateways, processors, and banks
2. Anti-fraud systems used in each
3. What data is collected and sent between
Now, we'll look into the NEXT segment of this: counterintelligence, spoofing, and fooling these measures and systems, along with the tools I've commonly used/seen.
I'm delighted to provide an informative read that has (hopefully) motivated you to explore further. You should conduct your research and gather more information. Please do not hesitate to ask for references for your search.
Next topics.
Counterintelligence, Spoofing, and Fooling Anti-Fraud
Stripe Radar Deep Dive (STILL RESEARCHING)
Eventually, I'd like to begin including images & videos on some of these to detail outflow patterns and such for how systems work. Perhaps in the future.
As always, if this post helped improve your knowledge or taught yourself something new. Spread it around and drop a +1 Score for more.