SERIOUS THREAD- I might have a solution to online credit card fraud

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • eddie-executive
    Confirmed User
    • Apr 2003
    • 2061

    #1

    SERIOUS THREAD- I might have a solution to online credit card fraud

    I've been working on this idea for months now thinking of every possible problem with it. I thought about how easy it is for the customer, webmaster, and credit card companies ,every aspect of it.

    It will require the credit card issuers to add one extra field to the customer database and require one extra field to be added into the checkout form on websites. Also possibly eliminating some fields in the checkout such as customers address and will completely eliminate enterning in a credit card number.

    Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online. The checkout form would not have a field for a credit card number and the extra field (i can't disclose what that is) will be needed to checkout. What you need to enter in that field would be issued by the credit card company at very minimal cost.

    No its not an extra password.

    This will help everyone even the credit card companies. Yes credit card companies protect credit card holders from unauthorized charges but that costs them money too.

    The only thing is I don't know is are there other ways hackers can hack what is entered into the field besides keystroke logging?

    In a nutshell I am eliminating using credit card numbers online.

    I have researched every method of credit card fraud protection from visa and mastercard. Visa uses a method where it tracks what you purchase and if a purchase looks suscpicous based on your buying habits they will decline the sale. Ok idea but suppose I want to buy a 50 inch plasma tv at 3 am and they decline me that would inconvenience the customer big time let alone cause a lot of embarrassment.

    All those illegal sites selling credit card numbers will be fucked because the checkout form doesn't need credit card numbers.

    FUCK YOU IF YOU GOT A PROBLEM WITH MY SPELLING TO!
    Jealousy... is a mental cancer. ~B.C. Forbes
  • woj
    <&(©¿©)&>
    • Jul 2002
    • 47882

    #2
    sell this brilliant idea to the credit card companies for a few million
    Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
    Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
    Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

    Comment

    • Matt 26z
      So Fucking Banned
      • Apr 2002
      • 18481

      #3
      Let me guess, a card swipe terminal. They've already got these, but the idea hasn't taken off.

      Comment

      • $5 submissions
        I help you SUCCEED
        • Nov 2003
        • 32195

        #4
        Does the idea dispense totally with NUMBERS? Or does it just take a DIFFERENT FORM?

        Comment

        • Evil Doer
          Confirmed User
          • Dec 2004
          • 915

          #5
          You've been working on this idea for months?

          I don't quite understand... your idea is to eliminate using a credit card number and replace it with something new?
          see sig above mine

          Comment

          • Lazonby
            Confirmed User
            • Feb 2006
            • 2262

            #6
            It's to replace the credit card number with a credit card number number.

            Comment

            • tical
              Confirmed User
              • Feb 2002
              • 6504

              #7
              like a hidden password / pin number users establish at the issuing bank?

              unrelated to cvv2... dont know why they dont do this
              112.020.756

              Comment

              • Jensen
                Confirmed User
                • Apr 2001
                • 3790

                #8
                Why aren't the billingcompanies using methods like Verified by Visa yet? I can't buy shit in Norway without my pass but haven't seen it used elsewhere... why the fuck not?

                Comment

                • Jensen
                  Confirmed User
                  • Apr 2001
                  • 3790

                  #9
                  Originally posted by tical
                  like a hidden password / pin number users establish at the issuing bank?

                  unrelated to cvv2... dont know why they dont do this
                  they do..

                  Comment

                  • hydro
                    Confirmed User
                    • Dec 2003
                    • 4216

                    #10
                    just block romania + russian +indonesia and then use a little geotracking for extra protection. The adult industry will always have a higher chargeback ratio due to pussy whipped men who are afraid of their wives and kids who find mom's credit card

                    Comment

                    • Manowar
                      jellyfish  
                      • Dec 2003
                      • 71528

                      #11
                      Originally posted by tical
                      like a hidden password / pin number users establish at the issuing bank?

                      unrelated to cvv2... dont know why they dont do this

                      Good point, they should

                      Comment

                      • tical
                        Confirmed User
                        • Feb 2002
                        • 6504

                        #12
                        Originally posted by Jensen
                        they do..
                        theres no enforced requirement for this online though, they have pins for atm / check cards... and securecode shit for visa

                        but they are just 'optional' not enforced, and not all sites even have these features available

                        an "online password / pin" would be great

                        if you want to use your card online, you must setup an online pass/pin otherwise it shouldnt work

                        that would cut down on HUGE amounts of fraud
                        112.020.756

                        Comment

                        • Antonio
                          Too lazy to set a custom title
                          • Oct 2001
                          • 14136

                          #13
                          Originally posted by eddie-executive
                          Most online credit card fraud is caused by lost credit cards

                          you don't have a clue, do you? gazillion waiters all over the World carry "parrots" in their pockets, as soon as you give them your credit card they swipe it once, and that's all they need

                          Comment

                          • Axzar
                            Random Jackass
                            • Feb 2003
                            • 1837

                            #14
                            Good Luck with that.

                            Comment

                            • Jensen
                              Confirmed User
                              • Apr 2001
                              • 3790

                              #15
                              Originally posted by tical
                              theres no enforced requirement for this online though, they have pins for atm / check cards... and securecode shit for visa

                              but they are just 'optional' not enforced, and not all sites even have these features available

                              an "online password / pin" would be great

                              if you want to use your card online, you must setup an online pass/pin otherwise it shouldnt work

                              that would cut down on HUGE amounts of fraud
                              all merchants in norway are using it and it works great.. why the heck others are waiting I have no clue about..

                              my guess is that the us is lagging so far behind with internet banking that so few customers would be able to set a pass? or?

                              Comment

                              • Chr0makey
                                Confirmed User
                                • Oct 2006
                                • 932

                                #16
                                Sounds good to me
                                DDOS ATTACK PROTECTION

                                Comment

                                • tical
                                  Confirmed User
                                  • Feb 2002
                                  • 6504

                                  #17
                                  Originally posted by Jensen
                                  all merchants in norway are using it and it works great.. why the heck others are waiting I have no clue about..

                                  my guess is that the us is lagging so far behind with internet banking that so few customers would be able to set a pass? or?
                                  ah no shit? well there you have it... i'm sure people would complain in the US about it being a hassle... fuck them though, i wouldnt mind it at all
                                  112.020.756

                                  Comment

                                  • Chio
                                    Confirmed User
                                    • Oct 2002
                                    • 8002

                                    #18
                                    Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online.
                                    YARGH! Sorry to say but this is completely false. I know quite a bit about online billing and I can tell you that nearly 100% of credit card fraud comes from bogus sites collecting credit card information, and providing a real service. They trap all the needed info on the order page and the user is given access to a site or product, everything seems legit, until a short time later when fraud charges start.

                                    There is no way to stop this type of fraud.

                                    Credit card companies could easily stop fraud using any number of suggested methods that never seem to get passed the development stages... they won't though, it's a huge amount of income to them in the form of charge back fees. A perfect example of this type of mentality is bounced checks. You would think with the technology we have it would be impossible to pass a bad check. Will banks ever do it? No. Why? Same reason. Free money.

                                    I seo'd my hair yesterday and today it's pr7!
                                    RIP Texas Dreams

                                    Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

                                    Comment

                                    • Jensen
                                      Confirmed User
                                      • Apr 2001
                                      • 3790

                                      #19
                                      Originally posted by Chio
                                      YARGH! Sorry to say but this is completely false. I know quite a bit about online billing and I can tell you that nearly 100% of credit card fraud comes from bogus sites collecting credit card information, and providing a real service. They trap all the needed info on the order page and the user is given access to a site or product, everything seems legit, until a short time later when fraud charges start.

                                      There is no way to stop this type of fraud.

                                      Credit card companies could easily stop fraud using any number of suggested methods that never seem to get passed the development stages... they won't though, it's a huge amount of income to them in the form of charge back fees. A perfect example of this type of mentality is bounced checks. You would think with the technology we have it would be impossible to pass a bad check. Will banks ever do it? No. Why? Same reason. Free money.
                                      won't verified by visa etc stop it?

                                      Comment

                                      • Chio
                                        Confirmed User
                                        • Oct 2002
                                        • 8002

                                        #20
                                        Originally posted by Jensen
                                        won't verified by visa etc stop it?
                                        The only thing that would work 100% is if *all* Merchant gateways process directly through the issuing credit card company (not just visa). So when an order is placed you get bounced to amex for example, input your card info at amex with a pin. If everything checks out you are passed back to the originating merchant site to complete the order.

                                        The infrastructure to do this is for the most part already in place, yet we still don't have it. I first saw ramblings about this in 98. It's still not done.

                                        I seo'd my hair yesterday and today it's pr7!
                                        RIP Texas Dreams

                                        Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

                                        Comment

                                        • Chio
                                          Confirmed User
                                          • Oct 2002
                                          • 8002

                                          #21
                                          In the above example carding sites would never see the info, they would only know that the order was successfully processed.

                                          This would stop online card fraud in it's tracks.

                                          It would also stop "friendly" fraud when a husband buys a porn membership, then tells his Wife he didn't and she charges back. This would be impossible with the above system in place.

                                          I seo'd my hair yesterday and today it's pr7!
                                          RIP Texas Dreams

                                          Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

                                          Comment

                                          • Jensen
                                            Confirmed User
                                            • Apr 2001
                                            • 3790

                                            #22
                                            Originally posted by Chio
                                            The only thing that would work 100% is if *all* Merchant gateways process directly through the issuing credit card company (not just visa). So when an order is placed you get bounced to amex for example, input your card info at amex with a pin. If everything checks out you are passed back to the originating merchant site to complete the order.

                                            The infrastructure to do this is for the most part already in place, yet we still don't have it. I first saw ramblings about this in 98. It's still not done.
                                            works great up here.. we get bounced to the issuing bank were we input a password and are passed back to the merchant site.. been doing this for a long time already.. (I'm only using visa/mastercard though)

                                            Comment

                                            • Chio
                                              Confirmed User
                                              • Oct 2002
                                              • 8002

                                              #23
                                              Originally posted by Jensen
                                              works great up here.. we get bounced to the issuing bank were we input a password and are passed back to the merchant site.. been doing this for a long time already.. (I'm only using visa/mastercard though)
                                              Yeah that's what I mean by *all*, only visa does it, and for whatever reasons (fees I'm guessing) they are not too keen on forcing gateways to implement it.

                                              I seo'd my hair yesterday and today it's pr7!
                                              RIP Texas Dreams

                                              Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

                                              Comment

                                              • Klen
                                                • Aug 2006
                                                • 32235

                                                #24
                                                Btw with american express blue every transaction which go with your credit card you must authorize with credit card reader which you got it with card so even if someone has completly data of you he still cannot use credit card.

                                                Comment

                                                • Cassie
                                                  Confirmed User
                                                  • Mar 2003
                                                  • 3139

                                                  #25
                                                  Originally posted by Jensen
                                                  Why aren't the billingcompanies using methods like Verified by Visa yet? I can't buy shit in Norway without my pass but haven't seen it used elsewhere... why the fuck not?

                                                  i had this discussion with cardservice the other day.

                                                  one of the main reasons verified by visa and master card security code hasn't been implemented is because it hasn't been required to be implemented by the card holder's bank or merchant banks (although humboldt and now cardservice are pushing the system a bit more to their merchants).

                                                  second reason is that the smaller banks can't necessarily afford to implement the system.

                                                  third reason is because First Data (which is like congress to the credit card association) is in negotiations to force this system to be implemented but they are taking their time doing so (various contractual negotiations, blah blah blah).

                                                  we have this system on our various retail sites through cardinal commerce and it seems to work out well with cb ratios. however, until merchant banks and cardholder banks are required to offer this system, you won't see much of it because most cannot afford to implement this system.


                                                  btw, i received this information when i discussed it with both the director of cardinal commerce and the director of cardservice NE division.
                                                  Last edited by Cassie; 10-20-2006, 04:47 AM.
                                                  ICQ: 309756847
                                                  ]

                                                  Comment

                                                  • Barefootsies
                                                    Choice is an Illusion
                                                    • Feb 2005
                                                    • 42635

                                                    #26
                                                    Um...................cvv2

                                                    Should You Email Your Members?

                                                    Link1 | Link2 | Link3

                                                    Enough Said.

                                                    "Would you rather live like a king for a year or like a prince forever?"

                                                    Comment

                                                    • DanielS
                                                      Registered User
                                                      • Apr 2003
                                                      • 569

                                                      #27
                                                      The big % of credit card fraud is because of hackers stealing big databases with ALL the information, number, cvv2, name, address, etc. Then the numbers are used not only for buying things, but to write blank real cards using bank keys and clean the account through atms.
                                                      The real solution is to have strong firewalls and secured servers.

                                                      Comment

                                                      • Jensen
                                                        Confirmed User
                                                        • Apr 2001
                                                        • 3790

                                                        #28
                                                        Originally posted by DanielS
                                                        The big % of credit card fraud is because of hackers stealing big databases with ALL the information, number, cvv2, name, address, etc. Then the numbers are used not only for buying things, but to write blank real cards using bank keys and clean the account through atms.
                                                        The real solution is to have strong firewalls and secured servers.
                                                        verified by visa password aren't stored on the same servers but are stored with the local banks...

                                                        Comment

                                                        • Aneros Josh
                                                          Confirmed User
                                                          • Aug 2005
                                                          • 2038

                                                          #29
                                                          Etrade has this pretty cool thing where when you go to login to your account, you enter your username/password then it asks you to input the code from a keychain/keyfob thing they give you when you sign up. They send a code that is good for 30 seconds to the keychain. It seems that if credit cards had this same type of system or something similar, it could be pretty useful in stopping fraud.

                                                          Comment

                                                          • TheDoc
                                                            Too lazy to set a custom title
                                                            • Jul 2001
                                                            • 13827

                                                            #30
                                                            Why not just give all credit cards a 4-6 digit pin, like debit cards, then require all online transactions to use that pin. Fraud will go down something quick when people don't know the pin codes.
                                                            ~TheDoc - ICQ7765825
                                                            It's all disambiguation

                                                            Comment

                                                            • BJ
                                                              Confirmed User
                                                              • Mar 2002
                                                              • 5590

                                                              #31
                                                              MBNA will generate a 1 time use cc# for online purchases, meaning the cc# is only good for 1 time. Good enough for me.

                                                              Comment

                                                              • Gillespie
                                                                Confirmed User
                                                                • Aug 2006
                                                                • 1391

                                                                #32
                                                                Undetected fraud = $$$
                                                                Detected and chargebacked fraud = $$$

                                                                Same thing, as far as the CC companies are concerned.
                                                                Blue Design Studios
                                                                My choice for web design.
                                                                Click this to see why.


                                                                Get a REAL host. Try JaguarPC.

                                                                294-659-259

                                                                Comment

                                                                • JimiJimi
                                                                  Confirmed User
                                                                  • Aug 2006
                                                                  • 483

                                                                  #33
                                                                  Concept and spelling APPROVED
                                                                  Call or Click http://18666WebCam.com

                                                                  Comment

                                                                  • eddie-executive
                                                                    Confirmed User
                                                                    • Apr 2003
                                                                    • 2061

                                                                    #34
                                                                    Has nothing to do with swipe terminals or anything. Its not a password, passwords can easily be hacked and easily forgotten by consumers casuing more hassle. Adding extra passwords or pins all can be hacked.
                                                                    Jealousy... is a mental cancer. ~B.C. Forbes

                                                                    Comment

                                                                    • Pimpin_J
                                                                      Confirmed User
                                                                      • Jul 2006
                                                                      • 3637

                                                                      #35
                                                                      Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online

                                                                      Sorry but this is far away from reality. Just check the news and see whats going on out there! http://www.cardcops.com/
                                                                      The guy who runs this site is an idiot, but thats not the case right now. But the fact is that one guy can steal up to 100 credit cards in a couple of minutes, by hacking some shop site for example. But no one finds hundred&#180;s of lost cards in a few minutes at the streets.

                                                                      Comment

                                                                      • Pimpin_J
                                                                        Confirmed User
                                                                        • Jul 2006
                                                                        • 3637

                                                                        #36
                                                                        This extra field on the card is crap too. The companies had nearly the same idea some years back, called CVV2 number on the cards. But thats the same useless like your idea! Once your "secret field" or the cvv2 is entered into a userdatabase from a shop/pornsite, ITS ON THE INTERNET.
                                                                        So the game starts again -> hacker hacks the site -> steals database -> has the "secret field / cvv2" and can use the card again. So its useless. Even a phone varification is easily cheatable.
                                                                        Last edited by Pimpin_J; 10-20-2006, 11:37 AM.

                                                                        Comment

                                                                        • Kimmykim
                                                                          bitchslapping zebras!!!!!
                                                                          • Jun 2001
                                                                          • 16015

                                                                          #37
                                                                          Lots of misinformation in here.

                                                                          1. CVV2 is not stored in a database, it's expressly prohibited to store the data anywhere, and the punishment for a violation is losing your merchant account.

                                                                          2. VbV/SecureCode suffer from shit marketing and the inability of smaller banks to afford implementing the system. Consumers who actually read the VbV terms and understand them realize they are relinquishing their right to charge back, and the habitual cb'ers (of which there are many) aren't going to go for that.

                                                                          3. Thinking that the issuers or acquirers, much less Interchange, would add yet another field to the database is silly. The associations are owned by the member banks (Visa still, Mastercard is doing that public thing) and while Interchange does profit from a chargeback, individual banks, either acquiring or issuing, lose money on them.

                                                                          Comment

                                                                          • TheDoc
                                                                            Too lazy to set a custom title
                                                                            • Jul 2001
                                                                            • 13827

                                                                            #38
                                                                            The pin code for debit cards is stored at the processing bank. If CC #'s get stolen they only have to change the pin code rather than issue a new card. Most stolen CC's don't come from hacks.

                                                                            The credit card # has a pattern that adds up and creates the cv2, zip, and some other bs to make sure the card is valid. So CC generators can take a valid card and off of this math generate 100’s of valid cc numbers with matching cv2 and zip codes.

                                                                            Add a pin code that gets verified at the bank level, then generated cards and found/stolen cards won't work. Even if a family member stole it, chances are they don’t know the pin.
                                                                            ~TheDoc - ICQ7765825
                                                                            It's all disambiguation

                                                                            Comment

                                                                            • flashfreak
                                                                              Confirmed User
                                                                              • Jun 2002
                                                                              • 4396

                                                                              #39
                                                                              Originally posted by hydro
                                                                              just block romania + russian +indonesia and then use a little geotracking for extra protection. The adult industry will always have a higher chargeback ratio due to pussy whipped men who are afraid of their wives and kids who find mom's credit card
                                                                              fuck off idiot... you have no clue.

                                                                              unlike you, 99% of the carders are smart enough to jump from one server to another 5-6 times... how do you know they're romanians, russians etc? idiot
                                                                              SEO Mogul | ICQ: 163671223

                                                                              Comment

                                                                              • Thee Johnclave
                                                                                The Billz Collectaz
                                                                                • Nov 2001
                                                                                • 632

                                                                                #40
                                                                                Originally posted by PureMeds
                                                                                MBNA will generate a 1 time use cc# for online purchases, meaning the cc# is only good for 1 time. Good enough for me.
                                                                                Brilliant! Let's endorse a product which would kill recurring billing; the life blood of online adult.

                                                                                KK...lots of misinformation is an understatement.



                                                                                Seeking large traffic deals.

                                                                                john at pptme dot com

                                                                                Comment

                                                                                • germ
                                                                                  ( o Y o )
                                                                                  • Oct 2002
                                                                                  • 3108

                                                                                  #41
                                                                                  Originally posted by FleshJosh
                                                                                  Etrade has this pretty cool thing where when you go to login to your account, you enter your username/password then it asks you to input the code from a keychain/keyfob thing they give you when you sign up. They send a code that is good for 30 seconds to the keychain. It seems that if credit cards had this same type of system or something similar, it could be pretty useful in stopping fraud.
                                                                                  yeah. my aol account has this. im not sure why my bank account/visa doesnt.

                                                                                  Comment

                                                                                  • cams2chat
                                                                                    Confirmed User
                                                                                    • Oct 2005
                                                                                    • 288

                                                                                    #42
                                                                                    Originally posted by Evil Doer
                                                                                    You've been working on this idea for months?

                                                                                    I don't quite understand... your idea is to eliminate using a credit card number and replace it with something new?
                                                                                    Sign Language?

                                                                                    Comment

                                                                                    • marketsmart
                                                                                      HOMICIDAL TROLL KILLER
                                                                                      • Dec 2004
                                                                                      • 20419

                                                                                      #43
                                                                                      you know...there is...verified by visa...

                                                                                      Comment

                                                                                      • polish_aristocrat
                                                                                        Too lazy to set a custom title
                                                                                        • Jul 2002
                                                                                        • 40377

                                                                                        #44
                                                                                        Originally posted by eddie-executive

                                                                                        In a nutshell I am eliminating using credit card numbers online.
                                                                                        cool idea

                                                                                        the girl who jerks you off in your car for 80 bucks because she needs to pay her cell phone bill, would be impressed
                                                                                        I don't use ICQ anymore.

                                                                                        Comment

                                                                                        • collegeboobies
                                                                                          So Fucking Banned
                                                                                          • Jul 2004
                                                                                          • 3644

                                                                                          #45
                                                                                          Whatever it is... can be social engineered or hacked somehow.
                                                                                          Any info that someone types in or knows can easily be gotten on phishing pages by the thousands.`

                                                                                          Comment

                                                                                          • Aquarius
                                                                                            Confirmed User
                                                                                            • May 2004
                                                                                            • 4754

                                                                                            #46
                                                                                            In theory it sounds ok.

                                                                                            Comment

                                                                                            • TheAmericanCannibal
                                                                                              Confirmed User
                                                                                              • Dec 2006
                                                                                              • 3087

                                                                                              #47
                                                                                              I have the solution and have for over a YEAR no

                                                                                              it's called

                                                                                              http://www.purevanilla.com

                                                                                              Comment

                                                                                              • rowan
                                                                                                Too lazy to set a custom title
                                                                                                • Mar 2002
                                                                                                • 17393

                                                                                                #48
                                                                                                Originally posted by Kimmykim
                                                                                                Lots of misinformation in here.

                                                                                                1. CVV2 is not stored in a database, it's expressly prohibited to store the data anywhere, and the punishment for a violation is losing your merchant account.
                                                                                                This is how I understood it as well, but the interesting thing is that when informing several companies of my new CC number, two of them asked for the CVV2. These are for regular monthly payments which may not necessarily be the same amount each time. Is there some sort of pre-verification where they can pass the details once-off to say "customer has authorised future charges without CVV2" or is it likely they're storing it?

                                                                                                edit: just realised it's an old thread... still, interested to hear what anyone in the know has to say about the above.

                                                                                                Comment

                                                                                                • BusterBunny
                                                                                                  perverted justice decoy
                                                                                                  • Aug 2005
                                                                                                  • 19291

                                                                                                  #49
                                                                                                  50 solutions to online credit card fraud
                                                                                                  my sig caught gonoherpasyphilaids and died

                                                                                                  Comment

                                                                                                  • Klen
                                                                                                    • Aug 2006
                                                                                                    • 32235

                                                                                                    #50
                                                                                                    American express blue card require card reader otherwise credit card wont work.It's also called "safe credit card for internet"Toobad it's not easy avaible.

                                                                                                    Comment

                                                                                                    Working...