[Asterisk-biz] CC Fraud

David Pollak dpp-asterisk at projectsinmotion.com
Sun Jun 19 10:32:36 MST 2005 

Well...

You could have a shared DB of MD5 hashed CC #'s (never store the actual 
CC #) along with the first 4 numbers and last 4 numbers of the card.  
You could count the number of merchants in the network the CC # has been 
used with over a certain period of time, the IP address that the CC # 
was used from, etc.  One could then run some statistics on the CC #'s.  
If there was too much traffic on a single card or on card sequences, 
etc. you could alert the merchants and they could void the charges or 
issue refunds.

This would also be a good "single point of contact" for enhanced 
verification techniques:
- Debiting or crediting the account with a few pennies and getting to 
user to enter the amount in another web site
- Calling the user on the phone and getting them to answer a simple math 
problem (what's 3 + 4) and recording their voice authorizing the charge
- Maybe more

It could be an interesting project.  Any thoughts on how many different 
folks on this group would be willing to join a merchants group to build 
something like this?

snacktime wrote:

>>Like SPEWS.org, maybe it's time for a CC blacklist for the iMerchant
>>community.
>>
>>Anyone would be able to query the blacklist--a negative response would
>>indicate a merchant had chargebacks (or other trouble) on the CC#.
>>
>>Anyone would be able to enter a CC# into the database.  A legit. CC
>>holder would get off the list simply by changing his CC# with his bank.
>>
>>The trouble with this is the vast community of underemployed lawyers.
>>    
>>
>
>There aren't any legal issues with this as long as you have specific
>defined critieria.  You can't just put someone in a negative database
>because you *think* they are fishy or you don't like them.   negative
>databases in the bankcard industry are common practice.
>
>The problem is that negative databases don't make sense for stolen
>cards.  If a card is stolen get the bank to cancel it or investigate
>it.  Negative databases are usually for legitimate cardholders that
>simply have a habit of charging back.
>
>Chris
>_______________________________________________
>Asterisk-Biz mailing list
>Asterisk-Biz at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-biz
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20050619/6e6adea3/attachment.htm

More information about the asterisk-biz mailing list