All Your Cards Are Belong To Us: Understanding Online Carding Forums

Underground online forums are platforms that enable trades of illicit services and stolen goods. Carding forums, in particular, are known for being focused on trading financial information. However, little evidence exists about the sellers that are present on carding forums, the precise types of products they advertise, and the prices buyers pay. Existing literature mainly focuses on the organisation and structure of the forums. Furthermore, studies on carding forums are usually based on literature review, expert interviews, or data from forums that have already been shut down. This paper provides first-of-its-kind empirical evidence on active forums where stolen financial data is traded. We monitored 5 out of 25 discovered forums, collected posts from the forums over a three-month period, and analysed them quantitatively and qualitatively. We focused our analyses on products, prices, seller prolificacy, seller specialisation, and seller reputation

The power of credit card numbers and enhanced CVVs

O roubo de informação respeitante a cartões de crédito é uma ameaça ao comércio electrónico. Os sistemas de pagamento introduziram o conceito do CVV2 como forma de mitigar o risco baseado no princípio de que estes valores não deveriam ser armazenados uma vez completa a transação. Sistemas, comunicações e bases de dados comprometidos resultam na captura ilícita desta credencial de autenticação frustrando assim o seu propósito inicial. Este estudo propõe a criação de CVVs dinâmicos (enhanced CVVs) como forma de contrariar estes ataques. Desta forma, o compromisso de todos os elementos presentes numa ou mais transações não são suficientes para garantir o sucesso na autenticação de transações subsequentes. É essencial que qualquer novo método de pagamento tome em conta os factores determinantes para que seja aceite por todas entidades participantes. Este estudo propõe dois métodos de CVVs dinâmicos: Matriz de CVVs e CVVs Longos. Os métodos propostos baseiam-se na infraestrutura atual de pagamentos baseados em cartões, com o objectivo de mitigar as maiores ameaças atuais, tendo o cuidado de manter o delicado equilíbrio dos factores determinantes para todos os participantes. Ambos os métodos são analisados na vertente da segurança de forma a avaliar, e comparar, o nível de resistência perante situações de compromisso de transações. Questões relativas à implementação e à migração são igualmente analisadas de forma a determinar os impactos respeitantes à adoção dos métodos propostos.Theft of credit card information is an increasing threat to e-commerce. Payment systems introduced CVV2 as a method to mitigate the threat based on the principle that these values would not be stored once the transaction has completed. Compromised systems, communications and databases result in the unlawful capture of this authentication credential and therefore thwart its initial purpose. This study proposes the creation of dynamic CVVs (enhanced CVV2s) in order to counter these attacks. Thus a compromise of all the elements in one or more transactions will not be sufficient to guarantee successful authentication of subsequent payments. It is essential for success, that any new payment scheme take into account the key factors determinant for the acceptance of each of the participating parties. Two implementation schemes of enhanced CVVs are proposed: Matrix CVVs and Long CVVs. The proposed methods build upon the current card based e-payment infrastructure with the objective of mitigating present day threats whilst maintaining the delicate equilibrium of key factors for all participating parties. Both schemes are analysed at a security level so as to evaluate, and compare, the level of resistance function of the number of previously compromised transactions. Implementation and migration issues are equally analysed so as to determine the impacts of adoption of the proposed schemes

NASA Tech Briefs, June 1989

Topics include: New Product Ideas; NASA TU Services; Electronic Components and Circuits; Electronic Systems; Physical Sciences; Materials; Computer Programs; Mechanics; Machinery; Fabrication Technology; Mathematics and Information Sciences; Life Sciences

Mirror - Vol. 36, No. 08 - October 27, 2010

The Mirror (sometimes called the Fairfield Mirror) is the official student newspaper of Fairfield University, and is published weekly during the academic year (September - May). It runs from 1977 - the present; current issues are available online.https://digitalcommons.fairfield.edu/archives-mirror/1800/thumbnail.jp

Cost Allocation Alternatives for the Senegal River Development Program

The primary purpose of the study reported herein is to present methods for using estimated project benefits as the basis for distributing the capital, oeprating, maintenance, and replacement costs associated with the proposed Senegal River development program. The problem is complicated because the Senegal River is an international stream, so that it is necessary to consider not only the various economic use sectors involved with the program, but also the three separate countries of Mali, Mauritania, and Senegal. In attempting to meet the primary objective stated above, the report proposes an economic model which estimates economic benefits of the development program for each of various use sectors. These benefits then are distributed to each of the three participating countries. In order to demonstrate the use and capabilities of the model, the results of several computer runs are included in the report. Each run is based on specific assumptions concerning such parameters as commodity prices and rate of project development. The model is based on sound economic priniciples, but at present there are many unknown factors and conditions associated with the proposed river development program. Thus, the model results contained in the report are of necessity based on many assumptions. For example, the project configuration itself was assumed. however, at the present time the model is capable of providing some indications of the relative sensitivities of the conomic system to various input parameters and system variables. Four commonly accepted cost allocation methods are examined and of these, one method, the adjusted separable cost-remaining benefits method, is recommended for adoption in future cost allocation analysis pertaining to the proposed Senegal River development program. In this connection, as project configuration, costs of production, and other input quantities become more clearly defined, cost allocations suggested by the model will become more accurate and realistic. However, it is emphasized that the relative benefit streams from the proposed development program to each of the participating countries will be continuously changing in terms of the constantly shifting pictures of (1) world prices and (2) the rate of development for project utilization within each of the countries involved

Hardware and User Profiling for Multi-factor Authentication

Most software applications rely on the use of user-name and passwords to authenticate end users. This form of authentication, although used ubiquitously, is widely considered unreliable due to the users inability to keep them secret; passwords being prone to dictionary or rainbow-table attacks; as well as the ease with which social engineering techniques can obtain passwords. This can be mitigated by combining a variety of diferent authentication mechanisms, for example biometric authentication such as fingerprint recognition or physical tokens such as smart cards. The resulting multifactor authentication is typically stronger than any of the techniques used individually. However, it may still be expensive or prohibited to implement and more dificult to deploy due to additional accessories cost, e.g, finger print reader. Multi-modal biometric systems are those which utilise or are capable of utilising, more than one physiological or behavioural characteristic for enrolment, verification, or identification. So, in this research we present a multi-factor authentication scheme that is based on the user's own hardware environment, e.g. laptop with fingerprint reader, thus avoiding the need of deploying tokens and readily available biometrics, e.g., user keystrokes. The aim is to improve the reliability of the authentication using a multi-factor approach without incurring additional cost or making the deployment of the solution overly complex. The presented approach in this research uses unique sequential hardware information available from the user's environment to profile user behaviour. This approach improves upon password mechanisms by introducing a novel Hardware Authentication and User Profiling (HAUP) in form of Multi-Factor Authentication MFA that can be easily integrated into the traditional authentication methods. In addition, this approach observes the advantage of the correlation between user behaviour and hardware environment as an implicit veri_cation identity procedure to discriminate username and password usage, in particular hardware environment by specific pattern. So, the proposed approach uses hardware information to profile the user's environment when user-name and password are typed as part of the log-in process. These Hardware Manufacture Serial Part Numbers (HMSPNs) profiles are then correlated with the users behaviour, e.g., key-stroke behaviour that allows the system to profile user's behaviour dependent on their environment. As a result of this approach, the access control system can determine a particular level of trust for each user and base access control decisions on it in order to reduce potential identity fraud

The InfoSec Handbook

Computer scienc