[ic] Fraudulent credit card activity

Mike Heins mike at perusion.com
Wed Feb 13 14:00:39 UTC 2013

Quoting Stefan Hornburg (Racke) (racke at linuxia.de):
> On 02/13/2013 01:47 PM, DB wrote:
> > For the past few days I've had a guy trying to place small orders using
> > credit cards. Most charges are denied, but a few go through. I think he
> > is testing which cards are valid and which are not.
> > 
> > Using fail2ban has helped some, but I've noticed he is using the same IC
> > session from more than one IP. I plan to do something like Steve
> > mentioned here:
> > 
> > http://www.icdevgroup.org/pipermail/interchange-users/2013-February/053928.html
> > 
> > Would it make sense to somehow disallow the same session being used from
> > multiple IPs?
> > 
> > Until now I have not required CVV2. Adding the requirement is very
> > simple, but it also adds a step to the checkout process, and the
> > attacker may have the CVV2 codes.
> > 
> > I'm curious what others think about this situation.
> > 
> CVV2 helps you if he got just a list of credit card numbers, but of course
> not if he has the physical CC.
> I think today it's pretty much standard to ask for CVV2.

Once you've identified such a guy, don't kill his session. That
just makes him change proxies and come back.

Just keep accepting his stuff, but don't really send it to Authorize.net.
Just reject every card, every time. Forever.

Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.253.4194  <mike at perusion.com>

Life isn't fair, but it's good. -- Regina Brett

More information about the interchange-users mailing list