[153641] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (Barry Shein)
Sat Jun 9 14:50:44 2012
From: Barry Shein <bzs@world.std.com>
Date: Sat, 9 Jun 2012 14:49:09 -0400
To: Hal Murray <hmurray@megapathdsl.net>
In-Reply-To: <20120609044259.9BF6880003B@ip-64-139-1-69.sjc.megapath.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
A friend would print in block letters in the sig area of his credit
cards "ASK FOR PHOTO ID". He said that almost always cashiers et al
would give a cursory glance like they were checking his signature and
say thank you and hand him back his card.
Maybe someone mentioned this but merchant card contracts generally
(always?) require that you NOT store CVVs when the transaction is
over.
It's just some double-check remotely that you physically have the
card, or did once in the past, etc. and doesn't imprint.
Credit card security is about percentages not absolutes, about the
cost-benefit analysis.
Many years ago I interviewed at a company which was building a big
honking multi-processor.
They had $150M in pre-orders from BIG CREDIT CARD COMPANY dependent on
the machine being able to run a bunch of anti-fraud algorithms they
knew were good (run against historical data) but couldn't run in
real-time, no iron was fast enough at the time.
BIG CREDIT CARD COMPANY estimated, as I remember, that if they could
run those algorithms it would catch about $50,000/hour in fraud, so
the $150M was a good investment from their point of view.
I didn't take the job and they never finished the system.
--
-Barry Shein
The World | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
