GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Visa & Other CC Co. --- ending online porn?

Cerbernetic · 10-10-2001, 03:14 AM

Hmm, a slight addition to what people have had to say.

First of all, as long as there are jerkers off, there is a way

The demand "DEMANDS" the supply.

How does credit card fraud happen ? Well either people actually get the credit card details of other people, or they generate credit card numbers using valid algorithms, and make up the other details as they go along.

First assuming we're dealing with people who generate the credit card numbers. The ideal thing to do is ask the user to provide some detail which is very difficult for the hacker in question to provide. Cvv2 numbers are a step towards this. The possibility of bruteforcing these does exist though, 3 digit numbers. A possibility that strikes me would be linking an email address with a cc number. The email address linked could be changed any time by in person request by the person in question. First of all, a confirmatory mail would be sent to the email address in question on signup. Only if the person clicked on a generated link would that person be signed up - otherwise the card would be flagged as suspicious. A simple notion perhaps - well, small things count here.

Second, people who manage to get cc details. Well one cant do much about gas station fraud, where the employees copy the receipt details. However, one can find ways of plugging online fraud. Too many websites today do their own billing - store their credit card data on their own sites and thus raise the basic level of the security that they HAVE to maintain. Lose a password file and ok its bad. But lose your credit card database ? Catastrophe.

The alternative is the billing systems - put the onus of managing the security on them. So far people have hacked sites like eggheads.com etc sure, but the record of systems like ccbill/ibill remain fairly clean. And there are tons of systems to choose from. Sure, theres the headache of maintaining the system. But the benefits are amazing - risk reduction is huge.

Ultimately before we look at different solutions, like handling a different kind of verification, like for example the atm card system - why dont we examine the flaws in the existing system, the prevalent system. If we design a more elegant, simple, and security oriented system we might cut fraud down majorly.

I havent said all that I wanted to say

I might have missed out some stuff, and I might be unaware of a few facts/ideas/views. Just a few points from my personal opinion.

Oof that was long winded

10-10-2001, 03:14 AM
Cerbernetic Registered User Join Date: Sep 2001 Posts: 4	Hmm, a slight addition to what people have had to say. First of all, as long as there are jerkers off, there is a way The demand "DEMANDS" the supply. How does credit card fraud happen ? Well either people actually get the credit card details of other people, or they generate credit card numbers using valid algorithms, and make up the other details as they go along. First assuming we're dealing with people who generate the credit card numbers. The ideal thing to do is ask the user to provide some detail which is very difficult for the hacker in question to provide. Cvv2 numbers are a step towards this. The possibility of bruteforcing these does exist though, 3 digit numbers. A possibility that strikes me would be linking an email address with a cc number. The email address linked could be changed any time by in person request by the person in question. First of all, a confirmatory mail would be sent to the email address in question on signup. Only if the person clicked on a generated link would that person be signed up - otherwise the card would be flagged as suspicious. A simple notion perhaps - well, small things count here. Second, people who manage to get cc details. Well one cant do much about gas station fraud, where the employees copy the receipt details. However, one can find ways of plugging online fraud. Too many websites today do their own billing - store their credit card data on their own sites and thus raise the basic level of the security that they HAVE to maintain. Lose a password file and ok its bad. But lose your credit card database ? Catastrophe. The alternative is the billing systems - put the onus of managing the security on them. So far people have hacked sites like eggheads.com etc sure, but the record of systems like ccbill/ibill remain fairly clean. And there are tons of systems to choose from. Sure, theres the headache of maintaining the system. But the benefits are amazing - risk reduction is huge. Ultimately before we look at different solutions, like handling a different kind of verification, like for example the atm card system - why dont we examine the flaws in the existing system, the prevalent system. If we design a more elegant, simple, and security oriented system we might cut fraud down majorly. I havent said all that I wanted to say I might have missed out some stuff, and I might be unaware of a few facts/ideas/views. Just a few points from my personal opinion. Oof that was long winded