[Asterisk-biz] RE: VISA - MC - Fraud

Mike asterisk.forum at teliax.com
Mon Jun 20 10:13:50 MST 2005 

Email based transactions kill the purpose of realtime..

i prefer an API of some sort with vendor user/pass on https or something.

soap xml anything like versign does

email is taking a step back  and i mean way back..

but good ideas coming in ..



Customer Business Customization
Teliax Inc

Téléphone - Internationnal / Phone - Worldwide: +1-303-629-8304
Sans frais - Canada & É.-U./ Toll Free -.Canada &  USA: +1-888-270-3688
Visitez-nous sur internet à/ Visit us on the Web:  www.teliax.com

> Danny Froberg wrote:
>> Well maybe time to create such an entity, since none thats
>> international / global exists, and it's definitely not cost efficient to
>> signup with every local credit information system on the planet ;)
>>
>> Heck if I know, we need some way to protect ourselves.
>>
>> And the system wouldn't contain any credit information, only blacklists
>> (or similar).
>>
>> Shoot some suggestions, regulatory considerations can be overcome in a
>> wide variety of nations.
>>
>> Some kind of joint effort seems to be needed however. And a system like
>> this would only work if quite a few companies joined in to provide data.
>>
>> I for one am quite willing to host the systems while it's being built, I
>> can even foot the bill. Later if successful (working) we can figure
>> something out if it turns into a high traffic/resource hog.
>>
>> Let me know if *anyone* would be interested...
>>
> Very interested.
>
> The poster's comment about using the MD5 sum of the CC# is very good.
> What credit card number, officer?
>
> The way I would design it would be:
>
> The vendor, while opening a new account, would send an email to
> query at blacklist.cc.  The email would contain:
>
> . MD5 sum of the CC#
> . the first <n> digits of the CC# (unencrypted), enough to identify the
> bank and country
> . IP address
> . callback telephone number
> . name on card (?)
> . billing address
> . city/country.
>
> The name on the card might be useful in the case of a lost/stolen
> wallet.  The name loosely ties together all the cards in the wallet.
> The billing address would also tie together the cards.
>
> The email reply would contain the country code of the CC and whether any
> chargebacks had been received for that CC# or that IP.  Also the country
> of the IP.  It would also contain the number of queries from other
> vendors in the past <n> hours.
>
> When a chargeback was received, the vendor would send an email to
> chargeback at blacklist.cc with the CC# MD5 sum as the subject.  The system
> would register the complaint and then send an email to all those who had
> queried on that CC#.  An email would also be sent to all vendors who had
> queried on the offenders IP.
>
> But this could go a lot further.  "Friends and Family" is what it would
> be called :-)  When a chargeback is received, the offenders complete
> Asterisk cdr would be emailed to cdr at blacklist.cc.  The system would
> construct a graph (the calling tree) of the offender's calling and
> called numbers (ranked by frequency of use) and reply to the vendor.
> Whenever one of those numbers was called in the future, or whenever a
> caller's CallerID matched, the vendor could have the account flagged for
> investigation.
>
> The system could also build a combined (global) calling tree using all
> submitted cdrs.  Overlapping calling trees would give good insight.
>
> Another thought is having a bot monitor the IRC channels where CC# are
> traded.  When a bot identified a CC#, it would be entered into the
> database.
>
> A legit user who was denied would simply have his bank reissue his
> credit card (this would happen anyway after he rejects a charge).
>
> I would be very interested in doing this, and I have the bandwidth to
> support a reasonable number of transactions.  To stay under the lawyer's
> radar, I'm thinking this would be a subscription only (not public)
> service.  I don't think a vendor would be obliged to inform the perp why
> service was being denied.
>
> Know thine enemy.
>
> Comments?
>
>
>
>
> _______________________________________________
> Asterisk-Biz mailing list
> Asterisk-Biz at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>

More information about the asterisk-biz mailing list