more on Hacked Speedpass, Hotel mag cards

[David Farber <dave () farber net>]

Begin forwarded message:

From: corbet () killermarmot com (Jonathan Corbet)
Date: September 22, 2005 10:00:20 AM EDT
To: dave () farber net
Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cards


Tom Gray wrote:


> There is a common fraud in which unethical companies
> will generate possible credit card numbers that pass
> the simple validity checks performed by the banks.
> They then attempt to bill these numbers until they
> find hits. They then charge small amounts ($25 or so)
> to the cards in hope that the charges will not be
> noticed.

Running a subscription web service teaches you a lot about the credit
card system.  Based on that experience, I'm not quite sure if I believe
this scenario.

First of all, the credit card networks do watch transactions, and they
have software which will start screaming whenever it sees something it
views as suspicious.  Certainly large numbers of attempts to bill bogus
credit card numbers would be an easy thing to detect.  Honestly, I would
expect this sort of operation to get shut down quickly.

Bear in mind also that it costs $0.25 to $0.50 just to run the
authorization phase of the transaction - whether it succeeds or not.
And that's at normal rates; I gather the porn folks pay more.  To make
money with this sort of scheme, you would have to create a fairly high
hit rate in a sparse number space.

Given the number of known episodes where credit card numbers have been
disclosed in vast numbers (and the certain existence of others we don't
know about), I would assume that people running this sort of scheme are
just buying numbers from somebody.

jon


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/