New Credit Card Scam
A criminal ring was arrested in Malaysia for credit card fraud:
They would visit the online shopping websites and purchase all their items using phony credit card details while the debugging app was activated.
The app would fetch the transaction data from the bank to the online shopping website, and trick the website into believing that the transaction was approved, when in reality, it had been declined by the bank.
The syndicates would later sell the items they had purchased illegally for a much lower price.
The problem here seems to be bad systems design. Why should the user be able to spoof the merchant’s verification protocol with the bank?
Bob Paddock • May 11, 2016 6:54 AM
‘…while the debugging app was activated. … Why should the user be able to spoof the merchant’s verification protocol with the bank?’:
“Test card details for your test transactions
Before your account can go live you must first complete a number of tests on our system. You may also want to test your own integration fully to ensure everything is working as expected before you put your account live.
Because our test accounts have no connection to the banks live card and address details will not work. Any live card details that are used with our test platform will get rejected.
In order to allow you to test your account completely we have created a range of card details, address information, and 3D Secure passwords that will allow you to complete all transactional processes and responses on your account before going live.
European Payment Types
If you have European Payment Types enabled on your Sage Pay [Randomly picked example company] account – giropay – sofort – iDEAL – EPS – you do not need any test details to process a transaction.
Any TEST transactions processed using these payment options will give you the option to select an outcome – succeeded, pending, failed (multiple options). The Sage Pay system will then simply simulate the response for you and provide the outcome in the post back to your platform.
Card Details
Because of this we have a list of card details that can be used to test your account and allow successful transactions to be processed.
Each card number will provide you with a different result when processing a transaction to ensure your website can handle all possible responses from our system.
Along with the different 3D Secure results each card type will return you are also able to test cards issued from multiple countries. …”
Appears someones debugging app has bugs…