nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Defeating DoS Attacks Through Accountability

From: Marshall Eubanks <tme () 21rst-century com>
Date: Sun, 12 Nov 2000 12:44:45 -0500

Joe Abley wrote:


On Sat, Nov 11, 2000 at 10:41:13PM -0800, Sean Donelan wrote:

How would you propose to handle the case where a person has a credit
card number, and then you receive a request from a third party with
no evidence of any authorization from the registered card owner to
charge stuff on that card number?


The card gets charged regardless; if that turns out to be an unauthorised
transaction it gets challenged later (assuming it is noticed at all).

That's what happens today, as far as I can see. Uncanny resemblance :)


Actually, if you are the merchant and want to handle credit cards :

1.) You get a discout if you run a address check (even if you then ignore
a failure) and

2.) If the transaction is successfully challenged or is bogus YOU have
to pay (and
the CC bank may actually hold back some of your CC income to make
sure that you do) AND

3.) If the failed transaction rate (i.e., bogus + successfully challenged
transactions) is consistently > about 5% you will be TERMINATED AND
BLACK HOLED !!!
(i.e., you will find it very hard to do any more credit card
transactions with
anyone...)

It seems to me that the credit card industry is a little more serious
about this...

                                   Regards
                                   Marshall Eubanks

 
   Multicast Technologies, Inc.
   10301 Democracy Lane, Suite 201
   Fairfax, Virginia 22030
   Phone : 703-293-9624          Fax     : 703-293-9609     
   e-mail : tme () on-the-i com     http://www.on-the-i.com
Previous By Date Next
Previous By Thread Next

Current thread: