[Dshield] Anti-Phishing

Glenn Jarvis gaj at uppergroove.ca
Sat Mar 11 13:59:00 GMT 2006


Laura wrote:

> When I worked for an online credit card processing company, it amazed 
> me how little information you need to successfully run a credit card 
> transaction.  All you need is the credit card number and any date in 
> the future to use as the expiration date (it does not have to be the 
> real expiration date).  All of the other information is there as a 
> verification, and the merchant gets charged a higher rate if they pass 
> a transaction without it, but the transactions can go through without 
> any personally identifiable information.  It's a little scary.  The 
> personal information is needed if they want to steal your identity and 
> get more credit cards in your name.
>
> The clearing house and cc processor will return special codes if 
> information doesn't match, but they won't deny the transaction without 
> it.  It's up to the Merchant to deny the transaction at that point to 
> prevent the increased transaction fees.  Most legitimate businesses 
> follow the standard and deny the transaction, but in this instance 
> we're talking about people that don't care. 

True.... so true. One of the companies we used for ecommerce processing 
allowed a credit card sale through and released the product and 
activation information. When a copy of the receipt arrived here, it 
looked a little odd. So, I checked the information and it was definately 
bogus. The card number and the persons name was correct, but everything 
else was false. After some checking, I contacted the real person and it 
turn out their computer was the source of the problem... seems someone 
stole all their information right out of their computer ( spyware, no 
firewall, who knows). I contacted the ecommerce company and advised them 
that the purchase was a fraud. They seemed a little irritated by my call 
and my account was given a chargeback fee. Their fraud measures just 
were not solid enough. I shifted my back up ecommerce company into the 
primary position after that. Their fraud measures have always been 
excellent, but I also made some changes to protect myself.... I issue 
temporary information now that expires after a certain amount of time. 
Gives me time to know whether or not the purchase was a fraud or not. 
I'm sure everyone here has heard of these stories, so, I'll be quiet now 
before I bore everyone to death :)

Regards,
Glenn



More information about the list mailing list