Schneier blogs about this podcast:

We discuss credit card data centers getting hacked; why banks getting hacked doesn't make mainstream media; reissuing bank cards; how much he makes cashing out bank cards; how banks cover money stolen from credit cards; why companies are not cracking down on credit card crimes; how to prevent credit card theft; ATM scams; being "legit" in the criminal world; how he gets cash out gigs; getting PINs and encoding blank credit cards; how much money he can pull in a day; e-gold; his chances of getting caught; the best day to hit the ATMs; encrypting ICQ messages.

Due to bandwidth overages you can find a mirror here.

I'm sceptical about this because:

  • He says that the bank data centers store the track 2 data and the PIN. Problem is, the Acquirers never store the PIN number.
  • He says that he does "cash outs" at 40% due to his status in the scene. Problem is, the person who sells the cards to him cannot tell how much he takes out and thus cannot demand 60% of funds received.
  • Anyone who is really good would never do an interview like this. The only person who would is someone who wants the credit for things other people have done.
  • He repetitively says, "I don't know what they do" when referring to the internal banking systems. Any really good carder knows the internal banking processes cold.
  • He says that banks have the technology to prevent data theft but they don't intentionally because it would "kill the whole industry." WTF?
  • When asked what technology this is the person replies, "use the CVV2 number". This is idiocy! Online retailers already use the CVV2 and theft still happens (see: phishing)
  • He says that retailers ask for his ID when performing credit transactions. I have the words "ASK FOR ID" written across the back of my credit card and still only 1-5 people a year ask me for it.
  • He says he "finds the algorithm that associates the PIN with the card" after encoding the track 2 data. This is totally wrong because there is no such algorithm other than the CVV (not CVV2) generation key at the Issuer.
  • He says he uses eGold to send the money back to the person who sent him the card numbers. This is true but anyone that hangs out on carder boards can figure this out in a matter of seconds.
  • He says the NSA monitors his ICQ messages but that he encrypts the traffic so it's ok.  When asked about the encryption software he says he uses Secway, a legit software company based in France.  They offer a product called SimpLite for ICQ.  So at least he has that right.
Advertisements