RE: [registrars] FYI - Fraud Update
I have not been a part of any company conversations in this regard. All I
can say is this: if there are plans to use Whois data in this way, I am not
aware of them.
From: Jim Archer [mailto:firstname.lastname@example.org]
Sent: Friday, June 20, 2003 2:08 AM
To: Cute, Brian; 'Michael D. Palage'; email@example.com;
Subject: RE: [registrars] FYI - Fraud Update
There is a direct connection to the whois. A service such as this needs
data. As much data as possible. Whois is a great source of data for such
a system and if this quote from Mr. Stratton is accurate, it would seem
Verisign does plan to use whois data in this service.
Here is a quote from an Information Week article about this service:
VeriSign chairman and CEO Stratton Sclavos said
Wednesday the company will combine geographical information culled
from its domain registry service with other data from its credit-card
clearinghouse service to thwart potential online fraudsters.
The article further said:
Online crooks often set up a cell-phone
account and a domain-name address when they're planning to commit
fraud. "They want a place you can call and E-mail them," she says.
see Information Week, June 19, 2003:
Of course, attempting to use whois data from any purpose other than that
for which the customer disclosed it may be problematic. When we collect
data from a customer we make certain promises on how it will be used.
Brian and Chuck, can either of you find out for sure if Verisign plans to
use whois data to implement this service? If so, will they be using whois
data just from NSI or from all registrars?
Brian, as a nominee to the whois privacy committee, what is your position
on Verisign or any other company using whois data to implement a non-domain
industry service? Do you feel it is appropriate for a company to acquire
the whois data via port 43 interface and use it for any purpose they
desire? If so, should the registrars from who the data was extracted be
compensated in any way?
--On Thursday, June 19, 2003 1:15 PM -0400 "Cute, Brian"
> Thanks for the heads up Mike. No, I am not familiar with the features of
> the service yet but will review it with interest. However, I am not sure
> I see the direct connection to the WHOIS issue?
> -----Original Message-----
> From: Michael D. Palage [mailto:firstname.lastname@example.org]
> Sent: Thursday, June 19, 2003 12:37 PM
> To: email@example.com
> Subject: [registrars] FYI - Fraud Update
> Hello All:
> I read this interesting article
> (http://news.com.com/2100-1011_3-1018711.html) today about a new Fraud
> Protection Service VeriSign is offering to combat online fraud in which
> credit card numbers, the names of cardholders, and the Net address of
> buyers are compared to spot frauds. I applaud this and other related
> service as I believe combating online fraud is critical to the future
> health of ecommerce, a common goal I am sure we all share.
> It is on a similar basis that I believe there is a need for law
> enforcement and intellectual property owners to have access to Whois
> information to combat cybersquatting and other online fraud. I was
> wondering if Brian Cute would be able elaborate on the features of this
> new service if he has any knowledge of it. I would be particularly
> interested to know if there are any potential EU data privacy concerns
> raised by this service that would be helpful in resolving the Whois
> I would also be interested to hear if credit card fraud continued to be a
> growing problem for registrars. I have heard from a number of registrars
> that have implemented the CVV2 that it has helped minimize credit card
> charge backs. Credit card fraud is a topic that I always like to take the
> periodic pulse of the constituency on.
> Best regards,