RE: [registrars] Credit Card Update

["Tim Ruiz" <tim@godaddy.com>]

Rick,

I'm not sure what the guys in DC are after really relates to the kind of
fraud we're talking about here. Our experience has been that local law
enforcement isn't really prepared to handle these kinds of issues. And most
Merchant Account providers deal with it by slapping you with huge penalties,
as an incentive I guess. Not much help there either.

Tim

-----Original Message-----
From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org]On
Behalf Of Michael D. Palage
Sent: Thursday, September 26, 2002 2:13 PM
To: Rick Wesson
Cc: registrars@dnso.org
Subject: RE: [registrars] Credit Card Update


Rick,

I sort of disagree with your accessment that law enforcement doesn't care,
in fact based upon our meeting last week they seem to have a genuine
interest in getting the bad guys. I agree that IP address retention
regarding transactions is a good thing, and something our law enforcement
friends were asking about last week. As we discussed in DC and in Amsterdam,
the objective is to make this a win-win situation, reduce fraud, increase
data accuracy, and prevent data mining.

Mike



-----Original Message-----
From: Rick Wesson [mailto:wessorh@ar.com]
Sent: Thursday, September 26, 2002 12:32 PM
To: Michael D. Palage
Cc: registrars@dnso.org
Subject: Re: [registrars] Credit Card Update



mike,

rather than share credit card information which IMHO will do us little
good and could be a sources of liability, we should share registrant
information, ip address, email address would be the most effective.

I'm not sure a speaker from the credit card industry is going to help so
much because what we need is to evaluate folks not on their credit card
number but on other elements of their registration data.

for those interested in new schemes that go beyond CCV2 check out the
following beta program with link point.
http://www.linkpoint.com/news/news_index.html

as for reporting this activity to the credit card companies or law
enforcement... neither are interested. furthermore the address information
used on fraudulent registrations is most often inaccurate, and local law
enforcement is not interested in your $210 loss to someone in Istanbul,
Turkey; with a phone number in Rome, that doesn't work.

besides, banks and law-enforcement just don't care, its up to the merchants
to care -- as you herd on register.com's call regarding their position
their card processor is about to cut them off and has already raised their
rates.

Good business practices saves real dollars/yen/lira, no matter what
industry you are in.

best,

-rick

On Thu, 26 Sep 2002, Michael D. Palage wrote:

> I am glad that we are having a more open dialog with regard to credit card
> fraud. I think this is another positive sign of the maturity of our
> industry. I am trying to line up a credit card industry expert to speak
with
> us in China. It appears that we may have the funds for a telephone bridge
> there as well :-)
>
> As I mentioned yesterday, I foresaw potential pitfalls in setting up a
> database of alleged fraudulent cards. Navigating this minefield in the
> United States begins with the Fair Credit Reporting Act, 15 USC 1681 et
seq.
> to determine whether this would be a covered activity. If any other non-US
> registrars could point out similar statutory provisions I would greatly
> appreciate it. In the short term, I believe that a more prudent course of
> action would be reporting these potential fraudulent actions to the credit
> card companies and the appropriate law enforcement agencies.
>
> Best regards,
>
> Michael D. Palage
>
>
>
>