OWASP Automated Threats Explained - Carding, Card Cracking and Cashing Out
In order to protect your website, you need to know how you’re being attacked. Carding, Card Cracking and Cashing Out are three ways bots are exploiting your website and committing online fraud. Carding is a filtering process to determine which credit cards are valid. A hacker does this using bots that send payment authorization attempts with small, test purchases or donations, through a website or app that is not sufficiently protected. These bots blend in with human web traffic, and slip through traditional defenses like web application firewalls. If the transaction doesn’t go through, the card is added to a list of invalid cards. If the hacker has incomplete credit card information they use bots to begin a process called Card Cracking, which uses ‘Brute Force’ to identify the missing start and expiration dates and security codes, so the card can be used to commit online credit card fraud. If the transaction does go through, the card is added to a list of known valid cards. Validated cards are used for more fraudulent purchases, called Cashing Out, which is buying goods or obtaining cash using stolen payment card data. Ready for the good news? Distil Networks blocks every OWASP Automated threat.