RE: [registrars] Credit Card Update

[Paul Goldstone <paulg@domainit.com>]

I totally agree, and wonder what it'd take to get something like that
changed?  Not to say that further fraud prevention isn't important, but it
seems only fair to make allowances for fraudulent transactions.  We'd delete
the domain and submit a fraud credit request.  The registry would still get
the first year's payment covering any costs and we wouldn't be out as much
from the deadbeats that slip through the cracks.

~Paul

At 01:56 PM 9/26/2002 -0400, Rob Hall wrote:
>The easiest way I can think of, is for the Registry to simply refund any
>unused years when a domain is deleted.
>
>Additionally, as a safeguard, the Registry could be given the right to ask
>for documentation from the Registrar if there was ever an issue (much like
>the losing registrar can do with transfers).
>
>Rob.
>
>-----Original Message-----
>From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org]On
>Behalf Of Paul Goldstone
>Sent: Thursday, September 26, 2002 1:19 PM
>To: Donny Simonton
>Cc: 'Michael D. Palage'; registrars@dnso.org
>Subject: RE: [registrars] Credit Card Update
>
>
>Donny,
>
>That's pretty important information we weren't informed of when signing up
>for CVV2.  Until a better method comes along, I guess unconfirmed CVV2 codes
>will have to go into manual processing and telephone confirmation.
>
>AVS is another issue, especially when the majority of credit card frauds we
>deal with are with cards issued by US banks, regardless of where the
>registrant is from.  To Rick's point, IP and Email address seem to be the
>best fields to monitor.
>
>As mentioned earlier, the registry should at least consider refunding all
>years but the first year on these fraudulent transactions.  I understand
>that there may be concerns about using that fairly but we've all been
>through extensive background checks and we're all in the family circle of
>trust ;)
>
>How would something like that be put into effect?
>
>~Paul
>
>
>At 11:53 AM 9/26/2002 -0500, Donny Simonton wrote:
> >One thing you must remember is that not all credit cards will return a
> >Y/N on CVV2.  Sometimes they will return a not supported by the credit
> >card company.  This is where your problem will come in.  For example
> >almost all of the foreign credit card companies return a not supported
> >on CVV2.  But some US credit cards also return a not supported, like
> >PayPal's credit card, which is through First USA/Bank One.  But a First
> >USA/Bank One credit card will return a valid CVV2 number.
> >
> >So you can't ban everybody or anybody who returns a not supported on
> >CVV2.
> >
> >This also goes for AVS, since AVS only works for credit cards issued in
> >the US.  Visa does have something called IAVS, but good luck finding
> >somebody who offers it.
> >
> >So AVS and CVV2 can help you some, but by no means will it stop credit
> >card fraud.
> >
> >Donny
> >
> > > -----Original Message-----
> > > From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org] On
> > > Behalf Of Paul Goldstone
> > > Sent: Thursday, September 26, 2002 11:03 AM
> > > To: Michael D. Palage
> > > Cc: registrars@dnso.org
> > > Subject: Re: [registrars] Credit Card Update
> > >
> > > Michael,
> > >
> > > While reporting stolen card numbers to the CC companies and law
> > > enforcement
> > > agencies would certainly be an honorable thing to do (for the sake of
> >the
> > > actual cardholders), I'm not sure if it would deter the people we're
> >all
> > > dealing with.
> > >
> > > Although the Email address often remains the same, the credit card
> >number
> > > rarely does.  In fact, many fraudulent regs are proceeded by several
> > > attempts with several credit cards (another sign we could probably
> >look
> > > for)
> > >
> > > We're about to implement the 4 digit code from the back of cards, and
> > > based
> > > on other responses on this board so far, it sounds like that'll make a
> > > huge
> > > difference.  Thanks to everyone for their input!
> > >
> > > ~Paul
> > >
> > > At 09:20 AM 9/26/2002 -0400, Michael D. Palage wrote:
> > > >I am glad that we are having a more open dialog with regard to credit
> > > card
> > > >fraud. I think this is another positive sign of the maturity of our
> > > >industry. I am trying to line up a credit card industry expert to
> >speak
> > > with
> > > >us in China. It appears that we may have the funds for a telephone
> >bridge
> > > >there as well :-)
> > > >
> > > >As I mentioned yesterday, I foresaw potential pitfalls in setting up
> >a
> > > >database of alleged fraudulent cards. Navigating this minefield in
> >the
> > > >United States begins with the Fair Credit Reporting Act, 15 USC 1681
> >et
> > > seq.
> > > >to determine whether this would be a covered activity. If any other
> >non-
> > > US
> > > >registrars could point out similar statutory provisions I would
> >greatly
> > > >appreciate it. In the short term, I believe that a more prudent
> >course of
> > > >action would be reporting these potential fraudulent actions to the
> > > credit
> > > >card companies and the appropriate law enforcement agencies.
> > > >
> > > >Best regards,
> > > >
> > > >Michael D. Palage
> > >
> > >