RE: [registrars] Credit Card Update

[Rick Wesson <wessorh@ar.com>]

Mike,

Law enforcement may be concerned however there is no way for them to act
on these fraud issues. If you have a contact for sending the misleading
data used on fraudlent registrations I'd love to talk to them.

My local law enforcement says tell you merchant/card processor about it
and when I spoke with the merchant/card processor (card service intl) they
didn't even want a copy of the fradulent data.

As far as your read on the meeting in DC, I was not invited and we have
seen no notes/minutes from the meeting. Maybe you could post a detailed
report of what was discussed in DC -- only those in attendance know what
realy happened there.

best,

-rick


On Thu, 26 Sep 2002, Michael D. Palage wrote:

> Rick,
>
> I sort of disagree with your accessment that law enforcement doesn't care,
> in fact based upon our meeting last week they seem to have a genuine
> interest in getting the bad guys. I agree that IP address retention
> regarding transactions is a good thing, and something our law enforcement
> friends were asking about last week. As we discussed in DC and in Amsterdam,
> the objective is to make this a win-win situation, reduce fraud, increase
> data accuracy, and prevent data mining.
>
> Mike
>
>
>
> -----Original Message-----
> From: Rick Wesson [mailto:wessorh@ar.com]
> Sent: Thursday, September 26, 2002 12:32 PM
> To: Michael D. Palage
> Cc: registrars@dnso.org
> Subject: Re: [registrars] Credit Card Update
>
>
>
> mike,
>
> rather than share credit card information which IMHO will do us little
> good and could be a sources of liability, we should share registrant
> information, ip address, email address would be the most effective.
>
> I'm not sure a speaker from the credit card industry is going to help so
> much because what we need is to evaluate folks not on their credit card
> number but on other elements of their registration data.
>
> for those interested in new schemes that go beyond CCV2 check out the
> following beta program with link point.
> http://www.linkpoint.com/news/news_index.html
>
> as for reporting this activity to the credit card companies or law
> enforcement... neither are interested. furthermore the address information
> used on fraudulent registrations is most often inaccurate, and local law
> enforcement is not interested in your $210 loss to someone in Istanbul,
> Turkey; with a phone number in Rome, that doesn't work.
>
> besides, banks and law-enforcement just don't care, its up to the merchants
> to care -- as you herd on register.com's call regarding their position
> their card processor is about to cut them off and has already raised their
> rates.
>
> Good business practices saves real dollars/yen/lira, no matter what
> industry you are in.
>
> best,
>
> -rick
>
> On Thu, 26 Sep 2002, Michael D. Palage wrote:
>
> > I am glad that we are having a more open dialog with regard to credit card
> > fraud. I think this is another positive sign of the maturity of our
> > industry. I am trying to line up a credit card industry expert to speak
> with
> > us in China. It appears that we may have the funds for a telephone bridge
> > there as well :-)
> >
> > As I mentioned yesterday, I foresaw potential pitfalls in setting up a
> > database of alleged fraudulent cards. Navigating this minefield in the
> > United States begins with the Fair Credit Reporting Act, 15 USC 1681 et
> seq.
> > to determine whether this would be a covered activity. If any other non-US
> > registrars could point out similar statutory provisions I would greatly
> > appreciate it. In the short term, I believe that a more prudent course of
> > action would be reporting these potential fraudulent actions to the credit
> > card companies and the appropriate law enforcement agencies.
> >
> > Best regards,
> >
> > Michael D. Palage
> >
> >
> >
> >
>