Let's stop the bullshit. We're starting a new series called "Antifraud in Focus". We're going to break down the best antifraud systems piece by piece. Why? Because knowledge is power, and if you're going to try to outsmart these systems, you better understand how they work.
Every anti-fraud provider has its own damn territory. Forter sniffs out something in luxury retail, Riskified has its claws in travel, and today we’re putting SEON under the microscope – a name that makes online gambling and cryptocurrency exchange operators shit their pants. Knowing your territory is crucial; it’s like knowing the layout of a bank before you rob it.
What is SEON?
SEON emerged from the crypto chaos cooked up by some guys who were tired of being scammed on their own exchange. These guys don’t just check if your card is hot; they’re all about data enrichment. They’re the digital equivalent of a stalker digging through your email, phone IP, and device to create what they call a “trust score.”
How Seon Works:
1. Data Enrichment and Transaction Evaluation: SEON is that creepy ex who knows your entire life story. They conduct a full-scale investigation into your digital identity, focusing on:
2. Scoring system: Each transaction receives a fraud score from 0 to 100. This score determines your fate:
SEON’s logic is simple: Honest people leave a digital trail over time. They have old social media accounts, use the same devices, and surf the web as usual. Fraudsters? They use new emails, burner phones, and try to cover their tracks. SEON notices these discrepancies. A real person leaves a trail of digital breadcrumbs. A fraudster is a ghost, appearing out of nowhere with a fake identity. SEON’s job is to separate the ghosts from the real people.
Beat the system
If you're targeting a site protected by SEON, you need a multi-pronged attack. You're not just trying to conduct a transaction; you're creating a believable digital identity. Here's the scenario:
1. Email Preparation
2. Device setup
3. Select IP
Understanding SEON Rules
SEON isn’t some static piece of software. It uses three types of rules:
1. Default Rules: These are pre-configured rules based on known fraud patterns. Think of them as the basics, like detecting throwaway emails and known proxy IPs.
2. Custom Rules: These are customized by merchants. They are specific to each site and their unique fraud problems.
3. Machine Learning Rules: This is SEON’s artificial intelligence. These rules adapt in real time as they learn from new data. Even if you crack the default and custom rules, the machine learning rules are a moving target.
SEON’s machine learning models are retrained multiple times a day. A tactic that works today may be flagged tomorrow. You need to constantly adapt, monitor your success rates, analyze outliers, and adjust your game plan. It’s a heck of a game of cat and mouse.
A Quick Look at the Real SEON Dashboard
Let’s talk about the SEON dashboard, where all the juicy data is displayed. This thing is a fucking goldmine of information for anyone trying to understand how SEON works. Here's a quick overview of what you can find in the screenshots from yours truly:
Transaction Details
Actual images:
Customer Relations
Activity
Raw log
Notifications
Cases
Manual search
Scoring system
Conclusion
The power of SEON lies in verifying digital legitimacy. It’s not just about a valid card; it’s about a believable digital identity. Focus on creating trustworthy digital profiles. A card with a high balance and a new email address is more likely to scam you. A small transaction with an established digital ID has a much better chance.
To increase the credibility of your email, create various social media accounts associated with it. Think of it as giving your email a fake ID that actually works. Make it look like a real person is using it, not some throwaway account. This helps create a credible online presence, like a digital disguise.
SEON plays the long game, studying historical patterns and digital footprints. Your success depends on creating and maintaining legitimate-looking digital profiles. It’s a battle of digital attrition, and only the most persistent will survive.
Stay tuned for the next part, where we'll take on another major player in the fight against fraud. Each system has its quirks and weaknesses, and we'll continue to explore them. Stay tuned.
(c) Telegram: d0ctrine
Every anti-fraud provider has its own damn territory. Forter sniffs out something in luxury retail, Riskified has its claws in travel, and today we’re putting SEON under the microscope – a name that makes online gambling and cryptocurrency exchange operators shit their pants. Knowing your territory is crucial; it’s like knowing the layout of a bank before you rob it.
What is SEON?
SEON emerged from the crypto chaos cooked up by some guys who were tired of being scammed on their own exchange. These guys don’t just check if your card is hot; they’re all about data enrichment. They’re the digital equivalent of a stalker digging through your email, phone IP, and device to create what they call a “trust score.”
How Seon Works:
1. Data Enrichment and Transaction Evaluation: SEON is that creepy ex who knows your entire life story. They conduct a full-scale investigation into your digital identity, focusing on:
- Email History and Social Accounts: How old is your email address? Does it have a Facebook or Instagram profile attached to it? A brand new email address with no social links is a surefire way to raise those risk scores. SEON loves old email addresses with a history of legitimate use. Lots of active social profiles associated with the email address? Makes you look more legitimate. Been in a leak? Believe it or not, that’s a good thing. It means your email isn’t fresh out of the oven. Gmail or Outlook? Good. Some temporary email service? Bad.
- Phone Number and Linked Profiles: Is your number real? Can it be traced back to online accounts? A burner phone with no history is a red flag.
- IP quality and hosting type: Are you using a clean residential IP or some bad data center proxy? SEON checks the reputation of your IP and whether it is associated with shady activity. Data center IPs are a surprise. Clean residential IPs are your best friend. Trying to hide your real IP? SEON can detect it. IP in one country, billing address in another? That's a red flag. IPs with a history of fraud are flagged.
- Device fingerprinting: How is your device configured? Trying to hide something? SEON analyzes your browser OS and hardware. Strange configurations or attempts at camouflage raise red flags. Consistent normal setup fits in well. Regular consistent settings are good. Consistent characteristics across sessions build trust. Frequent changes or spoofing? Red flag. SEON uses Canvas/WebGL fingerprinting to track devices. This will make you look suspicious. VPN proxies etc. can raise red flags. These are often used to hide your true location and identity.
2. Scoring system: Each transaction receives a fraud score from 0 to 100. This score determines your fate:
- APPROVE (low risk): You're safe. Legacy email, consistent device, clean IP - you look like a regular Joe.
- REVIEW (manual check): Something suspicious. Maybe a new email address or a slightly suspicious IP. A human will take a closer look.
- DECLINE (high risk): You're screwed. Brand new email address, suspicious IP, and a device that screams "scammer". SEON has your number.
SEON’s logic is simple: Honest people leave a digital trail over time. They have old social media accounts, use the same devices, and surf the web as usual. Fraudsters? They use new emails, burner phones, and try to cover their tracks. SEON notices these discrepancies. A real person leaves a trail of digital breadcrumbs. A fraudster is a ghost, appearing out of nowhere with a fake identity. SEON’s job is to separate the ghosts from the real people.
Beat the system
If you're targeting a site protected by SEON, you need a multi-pronged attack. You're not just trying to conduct a transaction; you're creating a believable digital identity. Here's the scenario:
1. Email Preparation
- Use old email accounts: the older, a few months, the better.
- Connect multiple social media accounts: Active and diverse profiles. For heaven's sake, make them look real.
- Ensure authenticity of activity history: sent/received emails - make them look like a real mailbox.
- Avoid free/disposable email providers: use Gmail, Outlook or Yahoo.
2. Device setup
- Avoid privacy tools and VPNs: Use a clean setup.
- Use common browser configurations: don't abuse fakes. Blend in with the sheep.
- Don't change Canvas/WebGL fingerprints: keep them consistent and natural.
- Keep device profiles consistent: Don't change devices or configurations like you change your underwear.
3. Select IP
- Use clean residential IP addresses: less likely to be flagged.
- Make sure the IP address location matches the one listed on your billing statement - discrepancies are a major red flag.
- Avoid IP addresses of known proxy services: SEON has a list and they double check it.
- Maintain a constant IP address throughout the session: Do not change IP addresses during a transaction.
Understanding SEON Rules
SEON isn’t some static piece of software. It uses three types of rules:
1. Default Rules: These are pre-configured rules based on known fraud patterns. Think of them as the basics, like detecting throwaway emails and known proxy IPs.
2. Custom Rules: These are customized by merchants. They are specific to each site and their unique fraud problems.
3. Machine Learning Rules: This is SEON’s artificial intelligence. These rules adapt in real time as they learn from new data. Even if you crack the default and custom rules, the machine learning rules are a moving target.
SEON’s machine learning models are retrained multiple times a day. A tactic that works today may be flagged tomorrow. You need to constantly adapt, monitor your success rates, analyze outliers, and adjust your game plan. It’s a heck of a game of cat and mouse.
A Quick Look at the Real SEON Dashboard
Let’s talk about the SEON dashboard, where all the juicy data is displayed. This thing is a fucking goldmine of information for anyone trying to understand how SEON works. Here's a quick overview of what you can find in the screenshots from yours truly:
Transaction Details
- Transaction Summary: Gives you a summary of each transaction, including ID score, user ID, amount, date, and status. Actual images:
- Fraud Score Breakdown: Shows individual scores for IP phones and email devices, as well as the overall fraud score.
- Identification: User information including registration account, full name, username, email address, password hash, registration date, and merchant ID.
- Addresses: user address and IP geolocation.
- Devices and OS: Information about the device used in the transaction, including device hash, browser hash, browser OS, and device type.
- Phone information: Information about the phone number, including the country of the operator and social media profiles associated with the number.
- Email information: Email address data, including domain data breach information and social media profiles associated with the email.
- IP Information: IP address details including location type, ISP, and whether it is a proxy or VPN.
- User Income: Tracks users' deposits, withdrawals and income.
Actual images:
Customer Relations
- Shows connections between users based on IP address, phone number, user address, password hash, browser hash, device hash, cookie hash, and email address.
Activity
- Provides a timeline of user activities such as account logins, with details such as score, activity type, amount, IP address, and device hash.
Raw log
- Displays the raw JSON data sent to SEON for each transaction.
Notifications
- Lists alerts caused by suspicious activity, such as multiple users with the same IP address within a day.
Cases
- Provides a summary of fraud cases including case ID, analyst assigned priority, creation date, amount affected, associated transactions, associated customers, and alert triggers.
Manual search
- Allows you to manually search for email addresses, phone numbers, IP addresses, card BINs and anti-money laundering information.
Scoring system
- Displays statistics on applied rules, including rule IDs, trigger times, and approval/view/rejection percentages.
- Shows a confusion matrix with the results of SEON decisions (review approval, review rejection).
- Lists default rules, custom rules, and machine learning rules.
Conclusion
The power of SEON lies in verifying digital legitimacy. It’s not just about a valid card; it’s about a believable digital identity. Focus on creating trustworthy digital profiles. A card with a high balance and a new email address is more likely to scam you. A small transaction with an established digital ID has a much better chance.
To increase the credibility of your email, create various social media accounts associated with it. Think of it as giving your email a fake ID that actually works. Make it look like a real person is using it, not some throwaway account. This helps create a credible online presence, like a digital disguise.
SEON plays the long game, studying historical patterns and digital footprints. Your success depends on creating and maintaining legitimate-looking digital profiles. It’s a battle of digital attrition, and only the most persistent will survive.
Stay tuned for the next part, where we'll take on another major player in the fight against fraud. Each system has its quirks and weaknesses, and we'll continue to explore them. Stay tuned.
(c) Telegram: d0ctrine
Last edited: