Identify missing start/expiry dates and security codes for stolen payment card data by trying different values.
What is Card Cracking?
Brute force attack against application payment card processes to identify the missing values for start date, expiry date and/or card security code (CSC), also referred to in many ways, including card validation number 2 (CVN2), card validation code (CVC), card verification value (CV2) and card identification number (CID).
When these values are known as well as the Primary Account Number (PAN), OAT-001 Carding
is used to validate the details, and OAT-012 Cashing Out
to obtain goods or cash.
Card Cracking is also known by terms such as brute forcing credit card information, card brute forcing, credit card cracking and distributed guessing attack.
The symptoms of Card Cracking
Elevated basket abandonment
Higher proportion of failed payment authorizations
Disproportionate use of the payment step
Reduced average basket price
Sectors targeted by Card Cracking
Can InfiSecure prevent Card Cracking?
InfiSecure automated threat protection system put a limiting the number of failed card authorization attempts per session/user / IP address/device/ fingerprint. InfiSecure uses the most advanced fingerprinting technology to identify and restrict automated usage by fingerprinting the user agent for its unique characteristics among many other attack vectors.