Re: Lack of fraud reporting paths considered harmful.

2008-01-28 Thread James A. Donald
Perry E. Metzger wrote: The call-the-customer-and-reissue mechanism is a mediocre solution to the fraud problem, but it is the one we have these days. Why is it a mediocre solution? The credit card number is a widely shared secret. It has been known for centuries that widely shared secrets

Re: Lack of fraud reporting paths considered harmful.

2008-01-28 Thread Perry E. Metzger
James A. Donald [EMAIL PROTECTED] writes: Perry E. Metzger wrote: The call-the-customer-and-reissue mechanism is a mediocre solution to the fraud problem, but it is the one we have these days. Why is it a mediocre solution? The credit card number is a widely shared secret. It has been

Re: Lack of fraud reporting paths considered harmful.

2008-01-27 Thread Ian G
John Ioannidis wrote: Perry E. Metzger wrote: That's not practical. If you're a large online merchant, and your automated systems are picking up lots of fraud, you want an automated system for reporting it. Having a team of people on the phone 24x7 talking to your acquirer and reading them

Re: Lack of fraud reporting paths considered harmful.

2008-01-27 Thread Anne Lynn Wheeler
Perry E. Metzger wrote: This evening, a friend of mine who shall remain nameless who works for a large company that regularly processes customer credit card payments informed me of an interesting fact. His firm routinely discovers attempted credit card fraud. However, since there is no way for

Re: Lack of fraud reporting paths considered harmful.

2008-01-27 Thread Perry E. Metzger
Ian G [EMAIL PROTECTED] writes: There is a philosophical problem with suggesting an automated protocol method for reporting fraud, in that one might be better off ... fixing the underlying fraud. Lets say you're a big company like Amazon or someone similar. You're pretty sure someone is

Re: Lack of fraud reporting paths considered harmful.

2008-01-26 Thread John Ioannidis
Perry E. Metzger wrote: That's not practical. If you're a large online merchant, and your automated systems are picking up lots of fraud, you want an automated system for reporting it. Having a team of people on the phone 24x7 talking to your acquirer and reading them credit card numbers over

Re: Lack of fraud reporting paths considered harmful.

2008-01-26 Thread mark seiden-via mac
yes, the reputation of/quality of reporters needs to be measured, and the reported information needs to be enough to accomplish an auth or a card purchase. the card issuer can then use a credible report as a hint to increase the level of attention to the reported cards. it's in a

Re: Lack of fraud reporting paths considered harmful.

2008-01-25 Thread Perry E. Metzger
[EMAIL PROTECTED] writes: His firm routinely discovers attempted credit card fraud. However, since there is no way for them to report attempted fraud to the credit card network (the protocol literally does not allow for it), all they can do is refuse the transaction -- they literally have no

Re: Lack of fraud reporting paths considered harmful.

2008-01-25 Thread lists
Perry wrote: His firm routinely discovers attempted credit card fraud. However, since there is no way for them to report attempted fraud to the credit card network (the protocol literally does not allow for it), all they can do is refuse the transaction -- they literally have no mechanism to