Presentation is loading. Please wait.

Presentation is loading. Please wait.

Credit Card Networks Revisited: Penetration in Real-Time By Robert Imhoff-Dousharm.

Published byMakayla Mowry Modified over 10 years ago

Similar presentations

Presentation on theme: "Credit Card Networks Revisited: Penetration in Real-Time By Robert Imhoff-Dousharm."— Presentation transcript:

1 Credit Card Networks Revisited: Penetration in Real-Time By Robert Imhoff-Dousharm

2 About the Presentation This interacitve demonstration will give first hand experience in understanding and searching out credit card traffic on TCP/IP networks. It will also demonstrate how to deconstruct, rebuild and transmit rouge credit card packets. As an added bonus, prizes will be handed out to those who can craft and transmit rouge packets by end of speech. My incentives and guidance will illustrate how vulnerable credit card data is on merchant networks.

3 Background Information History of the Credit Card 1961 – Diners Club 1971 Bankamericard 1971 Master Card 1987 Discover Card

4 History (cont) F.E.P Bankamericacards's problem The first F.E.P. - VisaNet Methods of connections Current F.E.P's role Industry Leaders

5 History (cont) Credit Card Networks General Flow of Credit Card Traffic Connection Methods Discriminating Traffic

6 Credit Card Network Topology Simple Network Design Flows Seamlessly Easy to Troubleshoot Point of Sale (POS) Onsite Credit Card Software Front End Processor

7 Definitions F.E.P – Front End Processor LuhnMod – Credit Card Checksum Algorythm Back End – Merchant Aquirerer's Network Issuer – Merchant Clients Bank Authorization Code – 6 digit code ; pre- authorization confirmation number Merchant ID – Unique ID issued to any merchant that accepts credit cards Terminal ID – Unique ID issued to merchant for each terminal in use at site

8 Credit Card Packets Offset Based Packet Type Indicators Field Separators STX/ETX/LRC Credit Card Data

9 Finding Packets What's required: Packet Sniffer (ethereal, libpcap, etc) Wi-Fi Card that supports sniffing Programing language (we will use php)

10 Rules of Engagement Connecting to our AP We reserve the right to capture and save YOUR traffic No network flooding Prizes Grand Prize - $50 Bar Tab (TBD location), Credit Card Network T-Shirt Runner up's – Credit Card Network T-Shirts, bumper stickers

11 Finding Packets (cont) 1)Activating AP's 2)Turning On Authorization Host 3)Turning on Packet Generator 4)Turning on Accounting Software

12 Initial Packet Analysis Reviewing Packets Writing program to hunt though packets for unique data (like exp dates and credit cards) Q/A on current packets seen in capture

13 Generating Rouge Packet Q/A for people not attacking network Assistance for attcking group (helpers will walk around to assist any of your questions about network and credit card traffic)

14 Credit Card Newbies Guide How do we look for a packet What's in a packet How do we craft a rouge packet What do we send it this packet Understanding fundamentals of packets Writing code to disect packets

15 Hints and Tips Hints on trapping and understanding credit card packets Hints on crafting a packet at the programming level (using array's and string buffers) Hints (and example PHP code) on transmitting packets from programming code across TCP/IP network

16 Logical Packet Analysis Theory – If you are looking for credit card data in a packet, you should parse and search the packet for a credit card number and expiration date. Application – Use common logic and standard utilities to find static data in packet: merchant id, card number, expiration date, dollar amount Example Application – If an expiration date is in fixed range – 4 digits, two digit month, two digit year – look for numbers only in packet where they extend into 4 offsets of string. Use basic logic. If a expiration date will always begain with 01 through 12 (numeric month values), the first two digits you are looking for should be in this range. Next, expiration dates year is usually NOT BEFORE the current year, nor past 10 years from now.

17 PHP Example – Expiration Date <?php $range = array(01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12); $string = data; $count = strlen($string); for($i=0; $i<$count; $i++) { foreach($range as $month) { if(substr(string, $i, 2)==$month) { foreach($range as $year) { if(substr($string, $i+2, 2)==$year) { echo Possible Exp date:.substr($string, $i, 2)./. substr($string, $i+2, 2); } ?>

18 Credit Card Packet Analysis Questions and Answers

19 Conclusion Inseption of credit cards Initial shortfalls of F.E.P's New problems with inseption of credit card networks What the future hold for the industry

Download ppt "Credit Card Networks Revisited: Penetration in Real-Time By Robert Imhoff-Dousharm."

Similar presentations

Copyright © 2008 Affiniscape. All rights reserved. RECONCILIATION ROUND UP How to rope in credit cards for your association.

Copyright © 2008 Affiniscape. All rights reserved. RECONCILIATION ROUND UP How to rope in credit cards for your association.
Credit Card Processing 101

Credit Card Processing 101
Four ways to give electronically 1. Making it easy for givers to give! 2.

Four ways to give electronically 1. Making it easy for givers to give! 2.
Scan Checks Remotely Electronically Deposit and Clear YOU GET YOUR MONEY FASTER Your Location Bank.

Scan Checks Remotely Electronically Deposit and Clear YOU GET YOUR MONEY FASTER Your Location Bank.
© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.
The Loyalty Card Program

The Loyalty Card Program
[FI Name]s Merchant Services Program Employee Training Presentation.

[FI Name]s Merchant Services Program Employee Training Presentation.
Reservations PowerPoint Presentation Prepared by NFS Please follow the instructions at the top of each slide. Click anywhere to begin.

Reservations PowerPoint Presentation Prepared by NFS Please follow the instructions at the top of each slide. Click anywhere to begin.
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.

Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
3 EASY STEPS TO LAUNCH YOUR PROGRAM The Bank announces the Rewards Program on their Website and through cardholder Online Banking. Step 1 We publish Your.

3 EASY STEPS TO LAUNCH YOUR PROGRAM The Bank announces the Rewards Program on their Website and through cardholder Online Banking. Step 1 We publish Your.
Recruitment Booster.

Recruitment Booster.
“Find out what you don’t know…”. Agenda Introduction To disclose or not to disclose What is Defcon Defcon 12 Presentations The Future Questions.

“Find out what you don’t know…”. Agenda Introduction To disclose or not to disclose What is Defcon Defcon 12 Presentations The Future Questions.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
AcqENGIN Functional Review © 2010 M2. All rights reserved.

AcqENGIN Functional Review © 2010 M2. All rights reserved.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
NextGen Trustee Reports This class will review NextGen Trustee reports and how to run them. We will cover which reports are best suited for various needs.

NextGen Trustee Reports This class will review NextGen Trustee reports and how to run them. We will cover which reports are best suited for various needs.
Biller Direct Getting Started

Biller Direct Getting Started
MAKE LOAN REPAYMENTS ON A CLIENT LOAN ACCOUNT. 2 1.

MAKE LOAN REPAYMENTS ON A CLIENT LOAN ACCOUNT. 2 1.
ATM TEXT INTEGRATION INTORDUCTION. CurrentSolutionCurrentSolution Method of textintegration textintegration Schedule ATM TEXT INTEGRAION is a very popular.

ATM TEXT INTEGRATION INTORDUCTION. CurrentSolutionCurrentSolution Method of textintegration textintegration Schedule ATM TEXT INTEGRAION is a very popular.

Similar presentations

Ads by Google