[ic] Fraudulent credit card activity

DB db at m-and-d.com
Wed Feb 13 12:47:18 UTC 2013

For the past few days I've had a guy trying to place small orders using
credit cards. Most charges are denied, but a few go through. I think he
is testing which cards are valid and which are not.

Using fail2ban has helped some, but I've noticed he is using the same IC
session from more than one IP. I plan to do something like Steve
mentioned here:


Would it make sense to somehow disallow the same session being used from
multiple IPs?

Until now I have not required CVV2. Adding the requirement is very
simple, but it also adds a step to the checkout process, and the
attacker may have the CVV2 codes.

I'm curious what others think about this situation.


More information about the interchange-users mailing list