[113810] in cryptography@c2.net mail archive
Lack of fraud reporting paths considered harmful.
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jan 22 22:56:57 2008
To: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 22 Jan 2008 22:56:30 -0500
This evening, a friend of mine who shall remain nameless who works for
a large company that regularly processes customer credit card payments
informed me of an interesting fact.
His firm routinely discovers attempted credit card fraud. However,
since there is no way for them to report attempted fraud to the credit
card network (the protocol literally does not allow for it), all they
can do is refuse the transaction -- they literally have no mechanism
to let the issuing bank know that the card number was likely stolen.
This seems profoundly bad. I hope that someone on the list has the
right contacts to get the right people to do something about this.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
