[ic] Fraudulent credit card activity
DB
db at m-and-d.com
Wed Feb 13 12:47:18 UTC 2013
For the past few days I've had a guy trying to place small orders using
credit cards. Most charges are denied, but a few go through. I think he
is testing which cards are valid and which are not.
Using fail2ban has helped some, but I've noticed he is using the same IC
session from more than one IP. I plan to do something like Steve
mentioned here:
http://www.icdevgroup.org/pipermail/interchange-users/2013-February/053928.html
Would it make sense to somehow disallow the same session being used from
multiple IPs?
Until now I have not required CVV2. Adding the requirement is very
simple, but it also adds a step to the checkout process, and the
attacker may have the CVV2 codes.
I'm curious what others think about this situation.
DB
More information about the interchange-users
mailing list