[prev in list] [next in list] [prev in thread] [next in thread]
List: interchange-users
Subject: Re: [ic] Fraudulent credit card activity
From: Grant <emailgrant () gmail ! com>
Date: 2013-02-13 17:59:34
Message-ID: CAN0CFw1y6P9A-6dZ427-pQ74Chs4AO3jcoD-DvtqPNHDTFQsUg () mail ! gmail ! com
[Download RAW message or body]
> For the past few days I've had a guy trying to place small orders using
> credit cards. Most charges are denied, but a few go through. I think he
> is testing which cards are valid and which are not.
>
> Using fail2ban has helped some, but I've noticed he is using the same IC
> session from more than one IP. I plan to do something like Steve
> mentioned here:
>
> http://www.icdevgroup.org/pipermail/interchange-users/2013-February/053928.html
>
> Would it make sense to somehow disallow the same session being used from
> multiple IPs?
>
> Until now I have not required CVV2. Adding the requirement is very
> simple, but it also adds a step to the checkout process, and the
> attacker may have the CVV2 codes.
>
> I'm curious what others think about this situation.
This may not appeal to you, but you could accept all orders regardless
of response code and later email the customer automatically if the
card was declined. I don't know of a perfect solution to this
problem.
- Grant
_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic