Full Disclosure mailing list archives
Re: Chargebacks and credit card frauds
From: Andrew Haninger <ahaning () mindspring com>
Date: Tue, 22 Sep 2009 01:29:01 -0400
On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders <anderstev () gmail com> wrote:
I am now tasked with improving our backend checks to make sure we don't have any more fraudulent order, and would appreciate any pointer or insights into this matter. Any theories, insights, or information would be very useful.
I have three ideas. Two are quite complicated and the other a little simpler. None are fraud-proof. Some may be impractical if your work is being done "after the fact". 1) Have a robot call or text the customer a CAPTCHA-type string to enter into a website. Workaround: Register a cell phone or VoIP number in the victim's area code and take the call. You could possibly require a hard-wire landline, but those are becoming so uncommon that it would create trouble for many of your customers. And then there are those darned dialup users. Perhaps do this only after a first "offense". Though, I'm guessing fraudsters only use the accounts once and then avoid them. 2) Have a Flash or Java applet check for common remote desktop servers running on the ordering PC. Workaround: Disguise the server software as something harmless, if it isn't already. 3) Check to see if the order was placed outside normal waking hours or during normal working hours. Workaround: Not hard to work around, but might hassle the criminals. Andy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Chargebacks and credit card frauds Steven Anders (Sep 21)
- Re: Chargebacks and credit card frauds BMF (Sep 21)
- Re: Chargebacks and credit card frauds Andrew Haninger (Sep 21)
- Re: Chargebacks and credit card frauds Steven Anders (Sep 22)
- Re: Chargebacks and credit card frauds T Biehn (Sep 22)
- Re: Chargebacks and credit card frauds Steven Anders (Sep 22)
- Re: Chargebacks and credit card frauds Iadnah (Sep 22)
- Re: Chargebacks and credit card frauds mrx (Sep 22)
- Re: Chargebacks and credit card frauds Anıl Kurmuş (Sep 23)
- Re: Chargebacks and credit card frauds T Biehn (Sep 23)