RE: [registrars] Credit Card Update

["Donny Simonton" <donny@intercosmos.com>]

One thing you must remember is that not all credit cards will return a
Y/N on CVV2.  Sometimes they will return a not supported by the credit
card company.  This is where your problem will come in.  For example
almost all of the foreign credit card companies return a not supported
on CVV2.  But some US credit cards also return a not supported, like
PayPal's credit card, which is through First USA/Bank One.  But a First
USA/Bank One credit card will return a valid CVV2 number.

So you can't ban everybody or anybody who returns a not supported on
CVV2.

This also goes for AVS, since AVS only works for credit cards issued in
the US.  Visa does have something called IAVS, but good luck finding
somebody who offers it.

So AVS and CVV2 can help you some, but by no means will it stop credit
card fraud.  

Donny

> -----Original Message-----
> From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org] On
> Behalf Of Paul Goldstone
> Sent: Thursday, September 26, 2002 11:03 AM
> To: Michael D. Palage
> Cc: registrars@dnso.org
> Subject: Re: [registrars] Credit Card Update
> 
> Michael,
> 
> While reporting stolen card numbers to the CC companies and law
> enforcement
> agencies would certainly be an honorable thing to do (for the sake of
the
> actual cardholders), I'm not sure if it would deter the people we're
all
> dealing with.
> 
> Although the Email address often remains the same, the credit card
number
> rarely does.  In fact, many fraudulent regs are proceeded by several
> attempts with several credit cards (another sign we could probably
look
> for)
> 
> We're about to implement the 4 digit code from the back of cards, and
> based
> on other responses on this board so far, it sounds like that'll make a
> huge
> difference.  Thanks to everyone for their input!
> 
> ~Paul
> 
> At 09:20 AM 9/26/2002 -0400, Michael D. Palage wrote:
> >I am glad that we are having a more open dialog with regard to credit
> card
> >fraud. I think this is another positive sign of the maturity of our
> >industry. I am trying to line up a credit card industry expert to
speak
> with
> >us in China. It appears that we may have the funds for a telephone
bridge
> >there as well :-)
> >
> >As I mentioned yesterday, I foresaw potential pitfalls in setting up
a
> >database of alleged fraudulent cards. Navigating this minefield in
the
> >United States begins with the Fair Credit Reporting Act, 15 USC 1681
et
> seq.
> >to determine whether this would be a covered activity. If any other
non-
> US
> >registrars could point out similar statutory provisions I would
greatly
> >appreciate it. In the short term, I believe that a more prudent
course of
> >action would be reporting these potential fraudulent actions to the
> credit
> >card companies and the appropriate law enforcement agencies.
> >
> >Best regards,
> >
> >Michael D. Palage
> 
>