home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersguides-&-software
/
ac-pro.zip
/
CREDP1.DOC
< prev
next >
Wrap
Text File
|
1994-02-18
|
11KB
|
221 lines
<-><-><-><-><-><-><-><-><-><-><-><->
<-> <->
<-> David Lightman <->
<-> <->
<-> and <->
<-> <->
<-> -=The Administration=- <->
<-> <->
<-> <->
<-> Present: <->
<-> <->
<-><-><-><-><-><-><-><-><-><-><-><->
<-> <->
<-> Credit Carding <->
<-> Part I <->
<-> The Card <->
<-> <->
<-><-><-><-><-><-><-><-><-><-><-><->
<-> <->
<-> This article will reveal <->
<-> a few hidden facts about <->
<-> credit cards. Parts I I <->
<-> and I I I will explain a <->
<-> few new techniques about <->
<-> getting and abusing some <->
<-> of your own found cards. <->
<-> <->
<-><-><-><-><-><-><-><-><-><-><-><->
There are at least three types of security devices on credit cards that
you aren't supposed to know about. These are the account number, he signature
panel, and the magnetic strip.
The Account Number
------------------
A Social Security card has nine digits. So do two-part Zip codes. A
domestic phone number, including area code, has ten digits. Yet a complete
MasterCard number has twenty digits. Why so many?
It is not mathematically necessary for any credit-card account number to
have more than eight digits. Each cardholder must, of course, have a unique
number. Visa and MasterCard are estimated to have about sixty-five million
cardholders each. Thus their numbering system must have at least sixty-five
million available numbers.
There are one hundred million possible combinations of eight digits ---
00000000, 00000001, 00000002, 00000003, all the way up to 99999999.o eight
digits would be enough. To allow for future growth, an issuer the size of
Visa or MasterCard could not opt for nine digits-- enough for a billion
different numbers.
In fact, a Visa card has thirteen digits and sometimes more. An American
Express card has fifteen digits. Diners Club cards have fourteen. Carte
Blanche has ten. Obviously, the card issuers are projecting that they billions
and billions of cardholders and need those digits to ensure a different number
for each. The extra digits are a security device.
Say you Visa number is 4211 503 417 268. Each purchase must be entered
into a computer from a sales slip. The account number tags the purchase to
your account. The persons who enter account numbers into computers get bored
and sometimes make mistakes. They might enter 4211 503 471 268 or
4211 703 417 268 instead.
The advantage of this thirteen-digit numbering system is that it is
unlikely any Visa cardholder has 4211 503 471 268 or 4211 703 417 268 for
an account number. There are 10 trillion possible thirteen-digit Visa
numbers (0000 000 000 000; 0000 000 000 001........9999 999 999 999). Only
about sixty-five million of those numbers are numbers of actual, active
accounts. The odds that an incorrectly entered number would correspond to a
real number are something like about 1 in 150,000.
Other card-numbering systems are even more secure. Of the quadrillion
possible fifteen-digit American Express card numbers, only about 11
million are assigned. The chance of a random number happening to correspond
to an existing account number is about 1 in 90,000,000. Taking all twenty
digits on a MasterCard, there are one hundred quintillion (100,000,000,000,
000,000,000) possible numbers for sixty-five million cardholders. The
chance of a random string of digits matching a real MasterCard number is
about one in one and a half trillion.
Among other things, this makes possible those television ads inviting
holders of credit cards to phone to order merchandise. The operstators
who take the calls never see the callers' credit cards nor their signatures.
How can they be sure the callers even have credit cards?
They base their confidence on the security of the credit card numbering
systems. If someone calls in and makes up a credit card number, the number
surely won't be an existing credit card number. The deception can be spotted
instantly by plugging into the credit-card company's computer. For all
practical purposes, the only way to come up with a genuine credit-card number
is to read it off a credit card. The number, not a piece of plastic is enough.
Signature Panel
---------------
You're not supposed to erase the signature panel if you steal a card! You
might be thinking that you could just write the cardholder's name on the panel. You're thinking that this
would be great if you were going to withdraw some cash from the bank, for they
make you sign a slip and it must match up to the signature on the card. If you
or anyone else does this, you will soon find the card completely worthless
(at least it can not be shown).
Some credit cards have background design that rubs off if anyone tries to
erase the signature. There's the "fingerprint" design on the American Express
panel, repeated Visa or MasterCard logos on some bank cards, and the "Safesig"
design on others. The principle is the same as with the security paper, the
wavy-line pattern erases, leaving a white area. This makes it obvious that the
signature has been altered.
There is a more elaborate gimmick in credit-card panels. It is said that
if you erase the panel, a secret word, "VOID", appears to prevent use of the
card. The Administration has taken 15 common credit cards and sacrificed them
to test this theory.
The odinary pen eraser will erase credit-card signature panels, if slowly.
The panels are removed pretty easy with a cloth and Energine. This method
disolves the panels cleanly. Of the 15 cards tested, 6 had nothing under the
panel (other than a contiuation of the cards back design where there was one).
Nine cards had the words "VOID" under the panel. In all cases, the VOID's were
printed small and repeated many times under the panel.
<-><-><-><-><-><-><-><-><-><-><-><-><->
<-><-> This is How They Ranked <-><->
<-><-><-><-><-><-><-><-><-><-><-><-><->
Cards with VOID Devices
-----------------------
Bloomingdale's
Bonwit Teller
Bullock's
Chase Convenience Banking
Card
First Interstate Bank Card
I. Magnin
Joseph Magnin
Montgomer Ward
Visa (Chase Manhattan)
Cards without VOID Devices
--------------------------
American Express Gold Card
Broadway
MasterCard (Citibank)
Neiman-Marcus
Robinson's
Saks Fifth Avenue
When held to a strong light, the VOIDs were visible through the
Bloomingdale's even without removing the panel.
The Way Around this Security!
-----------------------------
There is but one way we could think of getting around this feature...
painting over the panel! This would work only if the card didn't have a design
on the panel. Cards that have a difficult color to match would be near
immpossible also (Saks' panel is greenish-tan khaki color).
The Magnetic Strip
------------------
One of the last security devices is on the back, the brown magnetic strip.
You probably think that there are sun-dry personal details about the cardholder
stored in the strip. The strip is really no more information capacity than a
similar snippet of recording tape. For their part, banks are reticent about
the strip.
The strip need not contain any information other than the account number
or similer identification. Any further information needed to complete and
automatic-teller transaction --such as the current account balances-- can be
called up from bank computers and need not be encoded in the strip.
Evidently, the card expiration date is in the strip. Expirated cards can
be "eaten" by automatic-teller machines even when the expired card has the same
account number and name as its valid replacement card. Credit limit, address,
phone number, employer, ect., must not be indicated in the strip, for banks
do not issue new cards just because this information changes.
It is not clear if the personal indentification number is in the strip or
called up from the bank computer. Many automatic teller machines have a secret
limit of three attempts for providing the correct personal identification
number. After three wrong attempts, the "customer" is assumed to be a crook
with a stolen credit card and the card is "eaten".
It is possible to scramble the information in the strip by rubbing a
magnet over it. Worker's in hospitals or research facilities with large
Electromagnets sometimes find their cards no longer work in automatic-teller
machines.
The Bloomingdale's Color Code
-----------------------------
Only in a few cases does the color of the credit card mean anything. There
are the American Express, Visa, and MasterCard gold cards for preferred
customers. The Air Travel Card comes in red and green, of which green is
better The most elaborate color scheme, and a source of some confusion to
status-consious queues, is that of Bloomingdale's credit cards. The five
colors of Bloomingdale's cards do not signify credit limits per se, but they do
tip off the sales staff as to what type of customer you are. According to
Bloomingdale's credit deptpartment, here is how it works: Low color in pecking
order is blue, issued to Bloomingdale's employees as a perk in their
compensation packages. The basic Bloomie's card is yellow. Like most
department store cards, it can be used to spread payments over several months
with the payment of a finance charge. The red card gives holders three months'
free interest and is issued to customers who regularly make large purchases.
The silver card is good for unlimited, but as with a travel and entertainment
card, all charges must be paid within thirty days. The gold card offers the
same payment options as the yellow card, but is reserved for the store's
biggest customers.
<-><-><-><-><-><-><-=> David Lightman