[ic] Fraudulent credit card activity
Stefan Hornburg (Racke)
racke at linuxia.de
Wed Feb 13 12:56:56 UTC 2013
On 02/13/2013 01:47 PM, DB wrote:
> For the past few days I've had a guy trying to place small orders using
> credit cards. Most charges are denied, but a few go through. I think he
> is testing which cards are valid and which are not.
>
> Using fail2ban has helped some, but I've noticed he is using the same IC
> session from more than one IP. I plan to do something like Steve
> mentioned here:
>
> http://www.icdevgroup.org/pipermail/interchange-users/2013-February/053928.html
>
> Would it make sense to somehow disallow the same session being used from
> multiple IPs?
>
> Until now I have not required CVV2. Adding the requirement is very
> simple, but it also adds a step to the checkout process, and the
> attacker may have the CVV2 codes.
>
> I'm curious what others think about this situation.
>
CVV2 helps you if he got just a list of credit card numbers, but of course
not if he has the physical CC.
I think today it's pretty much standard to ask for CVV2.
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
More information about the interchange-users
mailing list