[32139] in North American Network Operators' Group
Re: Defeating DoS Attacks Through Accountability
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Sun Nov 12 12:48:15 2000
Message-ID: <3A0ED70C.A5645746@21rst-century.com>
Date: Sun, 12 Nov 2000 12:44:45 -0500
From: Marshall Eubanks <tme@21rst-century.com>
Reply-To: tme@21rst-century.com
MIME-Version: 1.0
To: Joe Abley <jabley@automagic.org>
Cc: Sean Donelan <sean@donelan.com>, mrp@connect.com.au,
nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Joe Abley wrote:
>
> On Sat, Nov 11, 2000 at 10:41:13PM -0800, Sean Donelan wrote:
> > How would you propose to handle the case where a person has a credit
> > card number, and then you receive a request from a third party with
> > no evidence of any authorization from the registered card owner to
> > charge stuff on that card number?
>
> The card gets charged regardless; if that turns out to be an unauthorised
> transaction it gets challenged later (assuming it is noticed at all).
>
> That's what happens today, as far as I can see. Uncanny resemblance :)
Actually, if you are the merchant and want to handle credit cards :
1.) You get a discout if you run a address check (even if you then ignore
a failure) and
2.) If the transaction is successfully challenged or is bogus YOU have
to pay (and
the CC bank may actually hold back some of your CC income to make
sure that you do) AND
3.) If the failed transaction rate (i.e., bogus + successfully challenged
transactions) is consistently > about 5% you will be TERMINATED AND
BLACK HOLED !!!
(i.e., you will find it very hard to do any more credit card
transactions with
anyone...)
It seems to me that the credit card industry is a little more serious
about this...
Regards
Marshall Eubanks
Multicast Technologies, Inc.
10301 Democracy Lane, Suite 201
Fairfax, Virginia 22030
Phone : 703-293-9624 Fax : 703-293-9609
e-mail : tme@on-the-i.com http://www.on-the-i.com
