[93230] in North American Network Operators' Group
Re: advise on network security report
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Nov 1 16:18:48 2006
To: Mike Callahan <mcallahan@bullseyetelecom.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 01 Nov 2006 15:09:59 EST."
<3375168AAA513E439D00CC657751291F02228DC3@EXCH-VS1.bullseyetelecom.com>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 01 Nov 2006 16:17:49 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1162415869_3434P
Content-Type: text/plain; charset=us-ascii
On Wed, 01 Nov 2006 15:09:59 EST, Mike Callahan said:
> Perhaps a better start on impacting this would be for the credit card
> companies to pursue the people that abuse their cards/systems instead of
> just writing fraudulent purchases off as a loss and not pursuing them
> any further.
Let's take a hypothetical $300 fraudulent charge. If the card company spends
more than $300 pursuing it, it's losing money on it and is better off just
swallowing it. Now what does $300 get you? If you're lucky, that gets you 5
hours of a tech's time to chase logs, make phone calls, and get all the
evidence together, and 1 hour of a lawyer's time to get the ball rolling if you
pursue it as a civil matter.
How much pursuit can you get done in 5 hours?
The credit card companies are *acutely* aware of *exactly* how much it
costs to swallow any given fraud, and how much it costs to chase a particular
miscreant down. And barring some major economic/political/legal changes
that alter the price/performance ratio, they're unlikely to change the way
they do things.
(Hint - $50B sounds like a lot, but what percent of the total Visa/MasterCard
business per year is that, really? Not much compared against the $1,325B
done by the top 4 card networks in 2004:
http://www.fdic.gov/bank/analytical/banking/2005nov/Art2table1.html
The whole article is here:
http://www.fdic.gov/bank/analytical/banking/2005nov/article2.html
and discusses in fair amount of detail what the credit card companies
*really* worry about, and why....
--==_Exmh_1162415869_3434P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFFSQ79cC3lWbTT17ARAmFuAJ959QuFyaqKq23oiEUzMjlTYwuYkwCfQVKx
6AjMHJqe5hpTqbrYALsfvkM=
=tDJv
-----END PGP SIGNATURE-----
--==_Exmh_1162415869_3434P--
