Re: [registrars] Re: Credit Card Proposal

["Ross Wm. Rader" <ross@tucows.com>]

> If registrars could communicate to other registrars domains, ip and credit
> card hashes, through a secure mechanism, when they have a chargeback I
> think this industries risk could be greatly reduced.

Wouldn't a credit/domain/ip hash be broken if the source was using
pseudo-random domains to pump cc#s (ie - alkjfaskjad.com) for validity? It
strikes me that a credit/exp/ip/ccv2 or similar be more useful?

I betcha we could each drop some keyed up version of this into an RSS 2.0
credit card "fraud" feed in an afternoon and publish it at
http://www.nameofregistrarsiteaccordingtoicann.tld/cc/ff.rdf - heck where it
lives isn't even that much of a concern as long as we talked the IANA into
managing the locations of each feed...I heard that they do a pretty good job
of that type of thing...

In the meantime lets not forget that this is only half of the equation -
without registries stepping up the plate with some refunds, we're not
getting full satisfaction.


                     -rwr




Got Blog? http://www.byte.org

"People demand freedom of speech as a compensation for the freedom of
thought which they seldom use."
 - Soren Kierkegaard



----- Original Message -----
From: "Rick Wesson" <wessorh@ar.com>
To: "Joyce Lin" <joyce@007names.com>
Cc: "'Registrar Constituency'" <registrars@dnso.org>
Sent: Monday, February 24, 2003 9:53 PM
Subject: Re: [registrars] Re: Credit Card Proposal


>
> Joyce,
>
> Are you sure it was me thet convinced you? I do believe that if we had the
> ipaddress, domain, and hash(credit card) that registrars would be capable
> of determining if a registration needed additional checking.
>
> remember what we are proposing here has been done in other industries as
> was presented on Wed at the FTC. We are'nt saing that a domain shouldn't
> be registered just that a domain has had a chargeback on it.
>
> If registrars could communicate to other registrars domains, ip and credit
> card hashes, through a secure mechanism, when they have a chargeback I
> think this industries risk could be greatly reduced.
>
> If anyone would like to collaborate on building such a project I'd be
> happy to lend a hand. just contact me off list.
>
> -rick
>
>
>
>
>
>
> On Mon, 24 Feb 2003, Joyce Lin wrote:
>
> > Mike,
> >
> > I was originally thinking about posting the IPs those criminals came
from
> > and some other related information if proven valid about them. Rick
> > convinced me that domain alone can do the job.  I wonder what kind of
law
> > the "black list"  would violate if we only use it as a reference.
> >
> > Joyce
> >
> >
> > ----- Original Message -----
> > From: "Michael D. Palage" <michael@palage.com>
> > To: "Joyce Lin" <joyce@007names.com>; "Michael Brody"
> > <mbrody@tldsystems.com>
> > Cc: <ross@tucows.com>; "'Robert F. Connelly'" <rconnell@psi-japan.com>;
> > "'Registrar Constituency'" <registrars@dnso.org>
> > Sent: Monday, February 24, 2003 4:21 PM
> > Subject: RE: [registrars] Re: Credit Card Proposal
> >
> >
> > > Lynn,
> > >
> > > We must be very careful about how we share this information. There are
> > legal
> > > pitfalls (statutes) that I have been told about which I do not fully
> > > appreciate just yet. Hopefully we could get the FTC to work with us in
> > > combating fraud by collecting this information.
> > >
> > > Mike
> > >
> > > > -----Original Message-----
> > > > From: Joyce Lin [mailto:joyce@007names.com]
> > > > Sent: Monday, February 24, 2003 4:11 PM
> > > > To: Michael Brody; Michael D. Palage
> > > > Cc: ross@tucows.com; 'Robert F. Connelly'; 'Registrar Constituency'
> > > > Subject: Re: [registrars] Re: Credit Card Proposal
> > > >
> > > >
> > > > We should have a web page where we registrars can login to post
> > > > and view all
> > > > the domain names registered with stolen cards and may be with the
> > > > first and
> > > > last four digits of the card being used.  Once we have the list,
> > > > we will be
> > > > alerted if the name shows up again for registration or transfer.
Good
> > > > thinking, Rick.
> > > >
> > > > Joyce
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Michael Brody" <mbrody@tldsystems.com>
> > > > To: "Michael D. Palage" <michael@palage.com>
> > > > Cc: <ross@tucows.com>; "'Robert F. Connelly'"
<rconnell@psi-japan.com>;
> > > > "'Registrar Constituency'" <registrars@dnso.org>
> > > > Sent: Monday, February 24, 2003 3:47 PM
> > > > Subject: [registrars] Re: Credit Card Proposal
> > > >
> > > >
> > > > > I hate to muddy the issue here but there is an aspect of cc
> > > > fraud that we
> > > > > might be able to address within ourselves.
> > > > >
> > > > > The people who commit credit card frud have become more
> > > > sophisticated.  We
> > > > > have had instances where a domain was registered with a fradulent
> > card.
> > > > > Aproximately 45 days after the registration we get notice from
> > > > the credit.
> > > > > When we confirm that this is indeed a legitmate chargeback and
> > > > not an end
> > > > > user error we then attempt to place the domain on hold.
> > > > >
> > > > > At that time we find out that the domain has been transferred to
> > another
> > > > > registrar.  Calls to the 'gaining' registrar have been met with
> > > > little to
> > > > no
> > > > > support.
> > > > >
> > > > > If we were to put a system in place to work together on issues
such as
> > > > these
> > > > > we might be able to at least partially address the credit card
fraud
> > > > problem
> > > > > for issues of this nature.
> > > > >
> > > > > Michael
> > > > >
> > > >
> > >
> > >
> >
>
>
>