DNSO Archives: [registrars]

ICANN/DNSO DNSO Mailling lists archives

[registrars]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [registrars] Re: Credit Card Proposal

To: "Rick Wesson" <wessorh@ar.com>, "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net>
Subject: Re: [registrars] Re: Credit Card Proposal
From: "Joyce Lin" <joyce@007names.com>
Date: Tue, 25 Feb 2003 10:18:21 -0500
Cc: "'Registrar Constituency'" <registrars@dnso.org>, <brunner@nic-naa.net>
References: <200302250340.h1P3extY045996@nic-naa.net>
Sender: owner-registrars@dnso.org

When there are more fraudulent transactions coming from a particular area or
country I figure I probably would not lose much by blocking the whole class
C or B address from accessing our network. There were a couple of times an
individual IP log with the cooperation of the local ISP had stopped the
criminals from coming back again. It is tough and there is no one good fix
and we just have to employ every possible mean available.


Joyce

----- Original Message -----
From: "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net>
To: "Rick Wesson" <wessorh@ar.com>
Cc: "Joyce Lin" <joyce@007names.com>; "'Registrar Constituency'"
<registrars@dnso.org>; <brunner@nic-naa.net>
Sent: Monday, February 24, 2003 10:40 PM
Subject: Re: [registrars] Re: Credit Card Proposal


> > ipaddress, domain, and hash(credit card)
>
> You'll want to know if the ip addr originates from a dhcp lease pool.
> If so, it isn't likely to have a persistent association with any one
> computer. That said, given an addr and a date-stamp, the dial-up endpoint
> (originating phone number), or the ethernet or cable modem MAC address,
> and the subscriber information, can be determined.
>
> You'll want to think about if the set of possible data values is small
> enough that all possible hashed values can be generated and compared with
> the value that someone is attempting to reverse. I don't know if the pool
> of credit card identifiers associated with charge-backs have this
property.
> If they do, then a one-way cryptographic hash would not be considered
> non-reversible, and I don't know what the consequences of that are. Maybe
> none.
>
> As I mentioned via phone, domains isn't hard, and it should make transfer
> from charge-back impossible, except for those registrars that choose not
> to check. The mechanism can be a) unstructured list, someone suggested yet
> another constituency listserv (YACLS), b) an ultra-lightweight registry,
> c) in the DNS A records, d) in a stop-list similar to the Sunrise
> mechanisms of the .info/.biz roll-outs.
>
> What ever it is, it needs to cost no more than current wastage, and not
> be conditional upon the conduct of 3rd parties (registries and CC shops),
> and cause cost and benefit that meet LOB criteria sufficient to make the
> thing attractive, more attractive than the alternatives.
>
> > If anyone would like to collaborate on building such a project I'd be
> > happy to lend a hand. just contact me off list.
>
> Ditto.
>
> Eric
>

Follow-Ups:
- Re: [registrars] Re: Credit Card Proposal
  - From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>

References:
- Re: [registrars] Re: Credit Card Proposal
  - From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>

<<< Chronological Index >>> <<< Thread Index >>>