|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
When the FBI is Your Friend
Members of the ISP-Webhosting list discuss an increasingly worrying problem for webhosts in particular and ISPs in general, too: credit card fraud. The Internet is global, and so is crime.
| [August 29, 2001] |
|
On the ISP-Webhosting list in August, JM queried,
"Last night, somebody placed an order on our website for a managed server. As I always do, I emailed the person to ask if they had any questions before I sent them a contract to sign. I also did a Google search for the phone number entered. It showed up, along with credit card info, on a Russian hacker site.
I called the phone number (in Pennsylvania) and talked to a guy who said several merchants had contacted him in the past week to confirm large orders, and he hadn't made any. Tonight, the orderer replied to my email, saying yes, he wants the server. His English is poor, and his IP is French. Any suggestions on how to handle this?"
A number of respondents shared similar experiences, suggesting there's not much that can be done:
[WW noted] "One of the colocation facilities I consult with has this issue frequently. The exact same circumstances, but a lot of theirs originate from Malaysia. So far, they've just been ignoring them for the most part. I'd love to know who to report this kind of thing to, and with what documentation."
[MS agreed] "Those guys used to tick me off so much. Last year I went on a short crusade to bring one of them to justice, and only had people laughing in my face-including the credit card security team, the ISP in Indonesia where the person was getting online, and probably even the hacker himself. I hate to sound so cynical, but protect yourself and let others fend for themselves. Until a few thousand of us decide to join hands and try to do something about it, it's just got to be factored in as the cost of doing business."
Others offered some ways to take action:
[MR advised] "Contact your local FBI office and ask for the Computer Crime or Computer Fraud division. Give them all of the information, including the email with complete headers, and whatever logs you have relative to this fraud. Make sure the guy in Pennsylvania is made aware that he can expect to hear from the FBI. He should gather his notes on all the merchants who contacted him, as they will be asked to provide their records of the fraudulent purchases as well. Interpol gets involved. I'm sure the FBI knows about the Russian site. It's one thing to post that information; it's something totally different to actually use it."
[BR agreed] "I imagine that your local FBI office would be very interested in this, as would the credit card company: I would contact your merchant account fraud line, too."
[JS added] "We had the same problem. Contact your local Secret Service field office. Credit card fraud falls under their jurisdiction, as they are the protectors of the US Treasury. We were getting hit with fraud from all over Europe and Asia. We contacted the Secret Service and met with some of their field officers and computer specialists. It's very difficult for them to pursue overseas credit card fraud, but they will if the amount totals $5,000 or more. Make sure, though, that you stamp your signups with the user's IP address, date, and time. Without this information, the Secret Service won't be able to do much."
Still others suggested some preventive measures to take:
[WC suggested] "One thing to do is build some code into your order forms so that if the order comes from country 'x,' you return the same exact message as you would for a credit card decline. This way, it just looks to them like the credit card didn't work, and they move on. Never say 'we don't accept orders from x'—they'll just make up a new country to get around it. A decline, on the other hand, is expected eventually with a stolen credit card, and they'll just give up. For the few real orders you may turn away, you will come out ahead in savings by declining the masses of fraud orders that would come in."
[JN added] "Just don't ever accept any foreign credit cards: you have no recourse on any of them.
If you have a foreign customer, tell them to pay you with an American Express traveler's check or a cashier's check dawn on a US Bank—and wait at least three weeks before you assume that the funds are good.
Never give your bank routing numbers to someone who is going to wire you money; they will wire money out of your account. If you want to accept wires from overseas, open a zero-balance account and have the money swept out by the bank every night.
Make sure you get the extra three digit number from the signature panel of the credit card, and get set up with your processor to use that; they must have the card in order to have those digits. Get the billing address of the credit card and verify it; and if you are shipping something, ship it only to the billing address.
Never take a credit card from anyone other than the card holder, even the spouse.
And if anything doesn't feel right about the transaction, just call it off."
— End
| Related articles: | |||
| [Jun. 25, 2001] | Call the FBI and Get a Restraining Order | ||
| [Jan. 31, 2001] | FTC Consumer Fraud Update | ||
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
