[LINK] The truth about Internet fraud
Grant Bayley
gbayley@ausmac.net
Mon, 19 Mar 2001 15:41:13 +1100 (EST)
On Mon, 19 Mar 2001, Chirgwin, Richard wrote:
> merchant is validating in real time. If the merchant is not, then the thief
> can pick expiry date and cardholder name out of thin air; it won't matter.
>
> And this, Linkers, is the other side of 'net shopping: that many merchants
> still choose to take their chances with accepting a transaction and
> validating later.
>
> So the fraud is committed thus:
> 1) Generate faked number plus fake ID;
> 2) offer these to a "soft" merchant (ISPs, software and porn favoured);
> 3) if the card is accepted, you know the merchant is not validating in
> realtime.
Which is probably why companies like Woolworths don't generally pop up in
discussions about "online" fraud. They certainly take the order online
(and store information about the user, but that's another story), but the
payment for goods is made when the delivery is made to the customer - as
far as I am aware with a "mobile eftpos" unit similar to those that taxis
use. The only thing there is the potential for "prank" orders to slip
through the system - you probably wouldn't want a box of things appearing
on your doorstep and being asked to pay for it. It certainly cuts out the
range of fraud typically attributable to generated credit cards, fake
details and delayed authorisation.
Grant