Full Disclosure mailing list archives

Re: NiX API

From: adam <adam () papsy net>
Date: Thu, 9 Jun 2011 11:51:55 -0500

"You're a legit user --> Why in earth you would like to use a proxy or or
anonymizer to do the purchase?"

Because you're out of state and PayPal has been *notorious *for locking
accounts accessed from *unusual* locations. That's just one example, there
are plenty more.

On Thu, Jun 9, 2011 at 11:49 AM, <nix () myproxylists com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2011 16:05, nix () myproxylists com wrote:

Primarily this is an advertisement.


I would guess that it is some anti-hack system for webmasters who
haven't
a clue, a kind of auto-generating block list.
I'm a noob and I am just guessing.

It does provide great protection also to those webmasters who got a
clue.

We had fraudulent purchase almost every second day, paypal let every
fraudulent purchase through and the ** next day ** their automation
reversed the payment. ..

Needless to say how much we got frustrated and pissed while filing
their
forms regarding unauthorized claims. We were also charged by paypal for
a
certain percentage of each fraudulent payment!

This is where NiX API comes in:

In most cases, the malicious user is denied access even before a
fraudulent purchase is made!

Since implementation of NiX API with it's current featuers: 0
fraudulent
purchases in last 2-3 weeks period. It definitely does something.


I don't see how it is possible to tell a fraudulent paypal payment from a
legitimate one, unless the IP address used to make the purchase is all
ready known as a source of fraudulent transactions.


You don't see it because you have no experience. Let me enlight you a bit.

You're a legit user --> Why in earth you would like to use a proxy or or
anonymizer to do the purchase?

Why I would do so and purchase unless I have something to hide? You have
the option block or allow hosting provider ranges, of course.

You are a fraudulent user --> Of course you want to use any IP that is not
yours and not a surprise; A majority of fraudulent purchases originates
from proxies, anonyminity networks, VPN's (commonly hosted by hosting
providers due to fast speeds) and so on.

After careful verification, we have accurately 'blacklisted' this data
beforehand and this way our API will block the user real-time, not after
the damage has happened unlike the others.


Obviously if "John Smith" made a payment from an IP address originating
from China, Japan or other non-English/American IP address range then
something is suspect, but this is still not definitive.


This is one method how a majority of payment gateway protections add a
'fraud score' to the final decision whether or not to prevent the
transaction.

According to experience from my own sites, it has been 85% of times
definitive.


How could this system stop a fraudulent payment from a source with an IP
address the system has never seen before originating from a corporate
address block or respected ISP, or unlikely but not impossible an IP
address that has previously made a valid transaction?

Any smart fraudster would use a device purchased with cash using a

spoofed

MAC address from a wifi hotspot out of sight of CCTV.

Please enlighten me, or would that let the cat out of the bag?

regards
mx

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTfDu6bIvn8UFHWSmAQLG1gf9Gv9cpFERJWbxzY05U4Wd6vYxLQb2N4Oy
eb8HWYsVALjDO2M3Od9FdXRFCtkF7VHx4hsL67fe69UAqRq3+7yUJEpj+vPMGhow
lrb9Nn93R5r14i/dCYJTKQkzQ8zdvkYv3uyvu9A7MP+ME4mukBUTFUyCN2oekr6R
fHa7YcjUkB43+IocUjr0EqnVZLtGMbJsFzGXoUNTVpIwPrj5kvTOo4rK8upwaE9g
1V3TRUM815v2hq7IH9IUdu2mAKB9UDNEp8K6Vi6RL0ZMGNWXsf9BL8kmDD/dcOlf
9e2MSN6QQOYeAMYNaZSgOPOjX0sVqhd/fVKEeBMs+OZaOJOfG1Chow==
=ytkT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: NiX API, (continued)
- - Re: NiX API mrx (Jun 08)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API James Rankin (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Rove Monteux (Jun 10)
    - Re: NiX API Valdis . Kletnieks (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API David Ford (Jun 09)
    - Re: NiX API mrx (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API adam (Jun 09)
    - Re: NiX API jabea (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Message not available
    - Message not available
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API Thor (Hammer of God) (Jun 09)
    - Re: NiX API Haxxor Security (Jun 10)