[114037] in cryptography@c2.net mail archive
Re: Lack of fraud reporting paths considered harmful.
daemon@ATHENA.MIT.EDU (lists@notatla.org.uk)
Fri Jan 25 17:58:13 2008
Date: Fri, 25 Jan 2008 22:12:03 +0000
To: cryptography@metzdowd.com
In-Reply-To: <87r6g9fb4h.fsf@snark.cb.piermont.com>
From: lists@notatla.org.uk
Perry wrote:
> His firm routinely discovers attempted credit card fraud. However,
> since there is no way for them to report attempted fraud to the credit
> card network (the protocol literally does not allow for it), all they
> can do is refuse the transaction -- they literally have no mechanism
> to let the issuing bank know that the card number was likely stolen.
A former boss has become "Head of Fraud Technology" (I asked him who
was "Head of Anti-Fraud Technology") and he answers like this.
I am not really a cards man but I would have said the good
old telephone, a call to the acquirer, would be the way. The
acquirer would then pass that on to the issuer. Granted the
merchant may not know for certain that had happened, but he
has done his duty at that point.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
