Re: How do you stop outgoing spam?

["Stephen J. Wilcox" <steve () opaltelecom co uk>]

On Wed, 11 Sep 2002, David Charlap wrote:

> Brad Knowles wrote:
> > > B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get
> > > a credit card or verify the phone number and other info (e.g., call
> > > them back, insist on calling them back.)
> >
> >     Do you know how many credit cards are out there?  Do you know how 
> > many of them are fake or stolen?  You can't even get a decent charge 
> > that you can reliably apply to them, because the bank at the other end 
> > will refuse payment from a non-existent or closed account.
>
> Then do what hotels do to avoid this problem.
>
> When you are given the card number and info, you contact the bank and 
> put a hold on the account for the expecte amount of the bill.  When the 
> bill actually comes due, you put the charge through.  You know that the 
> charge will succeed because the bank is already holding that amount.
>
> If the card is stolen, bogus, overdrawn, etc., then you won't be able to 
> place the hold.  In which case, you reject the application.

This actually uses the standard mechanism for credit card transactions, if
forget the proper terms but basically what happens is that you apply the charges
at point of sale but then the settlement is actually authorised later on in the
day, or in the case of not needing payment the charge is revoked. You dont
normally notice this in day to day shopping..

The problems are that you need to put an amount through and that will be taken
off the card holders credit limit so how much do you want to take? Too little
and you've not really secured any cash, too much and you could reduce their
available balance too greatly and cause them issues (they overspend!)

But ok, your real point is that if the card isnt valid you will get a rejection
there and then. But theres a catch to this also in that a lot of credit card
fraud these days is done on valid numbers. This occurs quite simply as a result
of going in a shop, giving someone your card and they either keep a copy of the
number or where they dont get access to the systems can use hand held copiers to
read the info off and upload later. These people then pass these perfectly
legitimate numbers on..

Steve

> >     CyberCafe's can't use (B), even if it did work.  That would violate 
> > their basic premise.
>
> What basic premise?  Free anonymous access?  That's new to me.  Every 
> one I've seen charges for access.  They can easily require charge cards 
> in advance, and place holds on them, in order to identify stolen cards 
> and criminal users.  And once a known-valid card is in hand, it can be 
> used to directly impose penalty charges on those that violate the cafe's 
> AUP (which should exist and have no-spamming/no-hacking clauses.)
>
> If customers don't want to use charge cards, they can require a large 
> cash deposit up-front, just like the video rental stores do if you try 
> to get a membership without a charge card.
>
> -- David