RE: [registrars] Credit Card Update

[Rick Wesson <wessorh@ar.com>]

I've had real success with identifing a proxy, tracking and blocking them.
We all have diferent exprences and success, I agree there a millions games
that get played, its just identifing the ones we can mitigate and the ones
we can't like dynamic ip.

-rick


On Fri, 27 Sep 2002, Bhavin Turakhia wrote:

> Any decent fraudester typically goes thru proxies. Most ISPs typically
> have dynamic ip address allocation.
>
> I have SELDOM found an ip address to be useful in detecting patterns
> over a long duration. An ip address has value only within hours of a
> transaction.
>
> ..... A search on google.com for free proxies yeilds endless lists. None
> of these guys stick to a single one
>
> bhavin
>
> > -----Original Message-----
> > From: owner-registrars@dnso.org
> > [mailto:owner-registrars@dnso.org] On Behalf Of Michael D. Palage
> > Sent: Friday, September 27, 2002 12:43 AM
> > To: Rick Wesson
> > Cc: registrars@dnso.org
> > Subject: RE: [registrars] Credit Card Update
> >
> >
> > Rick,
> >
> > I sort of disagree with your accessment that law enforcement
> > doesn't care, in fact based upon our meeting last week they
> > seem to have a genuine interest in getting the bad guys. I
> > agree that IP address retention regarding transactions is a
> > good thing, and something our law enforcement friends were
> > asking about last week. As we discussed in DC and in
> > Amsterdam, the objective is to make this a win-win situation,
> > reduce fraud, increase data accuracy, and prevent data mining.
> >
> > Mike
> >
> >
> >
> > -----Original Message-----
> > From: Rick Wesson [mailto:wessorh@ar.com]
> > Sent: Thursday, September 26, 2002 12:32 PM
> > To: Michael D. Palage
> > Cc: registrars@dnso.org
> > Subject: Re: [registrars] Credit Card Update
> >
> >
> >
> > mike,
> >
> > rather than share credit card information which IMHO will do
> > us little good and could be a sources of liability, we should
> > share registrant information, ip address, email address would
> > be the most effective.
> >
> > I'm not sure a speaker from the credit card industry is going
> > to help so much because what we need is to evaluate folks not
> > on their credit card number but on other elements of their
> > registration data.
> >
> > for those interested in new schemes that go beyond CCV2 check
> > out the following beta program with link point.
> > http://www.linkpoint.com/news/news_index.html
> >
> > as for reporting this activity to the credit card companies
> > or law enforcement... neither are interested. furthermore the
> > address information used on fraudulent registrations is most
> > often inaccurate, and local law enforcement is not interested
> > in your $210 loss to someone in Istanbul, Turkey; with a
> > phone number in Rome, that doesn't work.
> >
> > besides, banks and law-enforcement just don't care, its up to
> > the merchants to care -- as you herd on register.com's call
> > regarding their position their card processor is about to cut
> > them off and has already raised their rates.
> >
> > Good business practices saves real dollars/yen/lira, no
> > matter what industry you are in.
> >
> > best,
> >
> > -rick
> >
> > On Thu, 26 Sep 2002, Michael D. Palage wrote:
> >
> > > I am glad that we are having a more open dialog with regard
> > to credit
> > > card fraud. I think this is another positive sign of the
> > maturity of
> > > our industry. I am trying to line up a credit card industry
> > expert to
> > > speak
> > with
> > > us in China. It appears that we may have the funds for a telephone
> > > bridge there as well :-)
> > >
> > > As I mentioned yesterday, I foresaw potential pitfalls in
> > setting up a
> > > database of alleged fraudulent cards. Navigating this
> > minefield in the
> > > United States begins with the Fair Credit Reporting Act, 15
> > USC 1681
> > > et
> > seq.
> > > to determine whether this would be a covered activity. If any other
> > > non-US registrars could point out similar statutory
> > provisions I would
> > > greatly appreciate it. In the short term, I believe that a more
> > > prudent course of action would be reporting these potential
> > fraudulent
> > > actions to the credit card companies and the appropriate law
> > > enforcement agencies.
> > >
> > > Best regards,
> > >
> > > Michael D. Palage
> > >
> > >
> > >
> > >
> >
> >
> >
>