DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [registrars] FYI - Fraud Update


I have not been a part of any company conversations in this regard.  All I
can say is this: if there are plans to use Whois data in this way, I am not
aware of them.


-----Original Message-----
From: Jim Archer [mailto:jarcher@registrationtek.com]
Sent: Friday, June 20, 2003 2:08 AM
To: Cute, Brian; 'Michael D. Palage'; registrars@dnso.org;
Subject: RE: [registrars] FYI - Fraud Update

Hi Brian...

There is a direct connection to the whois.  A service such as this needs 
data.  As much data as possible.  Whois is a great source of data for such 
a system and if this quote from Mr. Stratton is accurate, it would seem 
Verisign does plan to use whois data in this service.

Here is a quote from an Information Week article about this service:

   VeriSign chairman and CEO Stratton Sclavos said
   Wednesday the company will combine geographical information culled
   from its domain registry service with other data from its credit-card
   clearinghouse service to thwart potential online fraudsters.

The article further said:

   Online crooks often set up a cell-phone
   account and a domain-name address when they're planning to commit
   fraud. "They want a place you can call and E-mail them," she says.

see Information Week, June 19, 2003:

Of course, attempting to use whois data from any purpose other than that 
for which the customer disclosed it may be problematic.  When we collect 
data from a customer we make certain promises on how it will be used.

Brian and Chuck, can either of you find out for sure if Verisign plans to 
use whois data to implement this service?  If so, will they be using whois 
data just from NSI or from all registrars?

Brian, as a nominee to the whois privacy committee, what is your position 
on Verisign or any other company using whois data to implement a non-domain 
industry service?  Do you feel it is appropriate for a company to acquire 
the whois data via port 43 interface and use it for any purpose they 
desire?  If so, should the registrars from who the data was extracted be 
compensated in any way?


--On Thursday, June 19, 2003 1:15 PM -0400 "Cute, Brian" 
<bcute@networksolutions.com> wrote:

> Thanks for the heads up Mike.  No, I am not familiar with the features of
> the service yet but will review it with interest.  However, I am not sure
> I see the direct connection to the WHOIS issue?
> Regards,
> Brian
> -----Original Message-----
> From: Michael D. Palage [mailto:michael@palage.com]
> Sent: Thursday, June 19, 2003 12:37 PM
> To: registrars@dnso.org
> Subject: [registrars] FYI - Fraud Update
> Hello All:
> I read this interesting article
> (http://news.com.com/2100-1011_3-1018711.html) today about a new Fraud
> Protection Service VeriSign is offering to combat online fraud in which
> credit card numbers, the names of cardholders, and the Net address of
> buyers are compared to spot frauds. I applaud this and other related
> service as I believe combating online fraud is critical to the future
> health of ecommerce, a common goal I am sure we all share.
> It is on a similar basis that I believe there is a need for law
> enforcement and intellectual property owners to have access to Whois
> information to combat cybersquatting and other online fraud. I was
> wondering if Brian Cute would be able elaborate on the features of this
> new service if he has any knowledge of it. I would be particularly
> interested to know if there are any potential EU data privacy concerns
> raised by this service that would be helpful in resolving the Whois
> problems.
> I would also be interested to hear if credit card fraud continued to be a
> growing problem for registrars. I have heard from a number of registrars
> that have implemented the CVV2 that it has helped minimize credit card
> charge backs. Credit card fraud is a topic that I always like to take the
> periodic pulse of the constituency on.
> Best regards,
> Mike

<<< Chronological Index >>>    <<< Thread Index >>>