Credit Card fraud on the Internet在互联网上信用卡诈骗(-41)

CreditCardfraud

ontheInternet“Butwealreadysolvedthis〞Theengineer,thephysicistandthecomputersecurityguruCCFraudThemythTherealityWhogetshurt?ThemythWilyhackersstalkcyberspace,sniffingpacketsandassemblingthemtogetyourcreditcardnumbersotheycanstealfromyouraccountThecustomerlosesmoneyTherealityInadequatenarrativeKidsmakingupnumbersRepudiationThemerchantlosesmoneyTheCCsystemDesignedforretailAdaptedforMailOrderAdaptedforPhoneOrderAdaptedforNetOrderAbridgetoofarInadequatenarrativeIboughtsomestufffromStarshipIgotaCCbill(noinvoice)Twomonthslater,IgotanotherbillFromAmericanComputerProductsWhoarethey???AdequatenarrativeMerchantsshouldbegiven120charactersfornarrativeCarriedthroughtothestatementSothecustomerknowswhatit’sforKidsmaking

upnumbersTobuysoftwareTobuyaccessTobuymusicCDRoms(MP3)Tobuyothervirtualgoods/servicesMakingupnumbersSixdigitbinnumberAnyninedigitsLuhncheck(mod10)Whyisitsoeasy?Becausethebanksdon’tseetheccnumberasapassword,theyseeitasausername(accountnumber)Creditmaster400013AT&TUniversal4013…BaltimoreBank5100…SouthwesternStates5172…FirstBankCardCenter541987etcCreditmasterIphonedupthe4013bankToldthemaboutitGavethemadozenexamplesTheydon’tseemtoseeitastheirproblemTheydon’tcareChargebacksMerchantshavenodefenceImagineyousoldanewspaperfor£1Twoweekslater,thecustomercomesbackTakes£1outofyourtillYouwatch,andwonderwhythisisallowedChargebacksOrninemonthslater...ChargebacksMerchantsneednon-repudiabletransactionsTechnicallyeasyWhoeverdoesitfirst,willbecomethecurrencyoftheinternetNon-repudiability

-theNR-cardLimitliabilityupto£50Ifyouloseyourmoney,toughluckJustlikelosing£50inyourwalletMerchantswillofferdealsthatpersuadecustomerstousetheNR-cardNon-repudiability

-theNR-cardMerchantswillpreferthem-nochargebacks!“NR-price,25%off!〞“FreegiftifyoubuywithNR〞SocustomerswillpreferthemtooNon-repudiability

-theNR-cardNR-cardcomeswithaCDRom.CDRomhasdualkeycryptosystemandyourtwokeysTheCDRombecomesyourdigitalsignatureforthatcardIdon’tneedtotellyoufolkswhat’sonthatCDRom!Butthat’sthefutureWhataboutnow?We’restuckwithaCCsystemdesignedforretail.WehavetodothebestwecanwithwhatwehaveRiskmanagementGetalotofdetailfromthecustomerName,address,postcode,etcNameofissuingbankCustomersupportnumberRiskmanagementCheckthecountryhe’sfrom,againsttheIPaddressChecktheZipcodeagainstthestateCheckthephonenumberagainstthelocationCheckforcreditmasternumbersRiskmanagementCheckthebanknameCheckthebanksupportnumberBuythe$5000listofbanknames/binnumbersOrmakeyourownRiskmanagementOfferahigh-priceoptionthatno-oneshouldeverwant……exceptsomeonewhodoesn’tcarehowmuchhe’sspendingRiskmanagementWhenyougetafraud,don’tgivearefusaltothecustomerSay“Hello,MrCustomer,here’swhatyouordered…〞…“…theremightbeaslightdelay…〞“…pleasebepatient…〞“…you’llgetitwithin48hours…〞Riskmanagement“…we’redoingthebestwecan…〞“…duetoacomputercrash,therewillbeaslightdelay…〞“…therecentproblemsinNewOrleanshasmeant…〞“…wevalueyourcustomandthankyouforbeingpatient…〞“…yourbusinessisimportanttous〞RiskmanagementIcallthisthe“inefficientbumbler〞ThegrammaticalmistakesaretomakeitlookmoreauthenticManycompaniesdothisanyway,sohewon’trealisehe’sgettingarun-aroundRiskmanagementWhy?Well,ifyousay“Thatcardwasnogood,pleasetryagain…〞Whatdoyousupposehe’lldo?RiskmanagementIfyoucan,givehimsomethingabitlikewhatheorderedButwhichdoesn’tworkverywell(slow,orlessfunctionality)Sinceyouwon’tbebillinghiscard,youaren’tdefraudinghimHe’llstoptryingtodefraudyouAuthorisationWhatmostpeoplethinkis“Itdoesn’tguaranteepayment,itonlychecksthattheresufficientfundsintheaccount〞Thisisn’tquitecorrectAuthorisationInfact,ifit’soutsidetheUK,authsgothroughVisa-netIftheamountissmall,Visa-netcanjustcheckthefirstsixdigits(binnumber)andthemoduloWhoopee.AuthorisationSo,authingdoesn’tgivethemerchanttheriskreductionhethoughtitdidButitcanleadtohighercosts,viareferralsHere’showAuthorisationAuthorisationeq“Goahead,bill〞Declineeq“Noway,Jose〞Referraleq“Maybe.Phoneusupandwe’lltalkaboutit.〞Thistakes5to10minutes,andrequirestwopeopleThisisthe“ModernElectronicCreditCardSystem〞ReferralsOne-in-N;bankschooseoneinthreeoronein20anddoareferralIfyouhavealotofcustomers,thenyou’llgetalotofreferralsEachreferralis5-10minutes,twopeopleReferralsWhywasn’tthisaproblembefore?BecausemerchantshadfloorlimitsBelowthefloorlimit,noneedtoauthWiththe“ModernElectronicCreditCardSystem〞allbillingsmustbeauthed.Even$1.00Eventhoughauthingdoesn’tensurethatthecardevenexists!ReferralsWhentheamountis$10,thebankgets$0.40.Cantheyhirepeoplefor£1.50perhour?ThecurrentsystemforinternetcommerceintheUKisabouttobreakdownChargebacksVisaisabouttointroducepena