SERIOUS THREAD- I might have a solution to online credit card fraud

[eddie-executive]

I've been working on this idea for months now thinking of every possible problem with it. I thought about how easy it is for the customer, webmaster, and credit card companies ,every aspect of it.

It will require the credit card issuers to add one extra field to the customer database and require one extra field to be added into the checkout form on websites. Also possibly eliminating some fields in the checkout such as customers address and will completely eliminate enterning in a credit card number.

Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online. The checkout form would not have a field for a credit card number and the extra field (i can't disclose what that is) will be needed to checkout. What you need to enter in that field would be issued by the credit card company at very minimal cost.

No its not an extra password.

This will help everyone even the credit card companies. Yes credit card companies protect credit card holders from unauthorized charges but that costs them money too.

The only thing is I don't know is are there other ways hackers can hack what is entered into the field besides keystroke logging?

In a nutshell I am eliminating using credit card numbers online.

I have researched every method of credit card fraud protection from visa and mastercard. Visa uses a method where it tracks what you purchase and if a purchase looks suscpicous based on your buying habits they will decline the sale. Ok idea but suppose I want to buy a 50 inch plasma tv at 3 am and they decline me that would inconvenience the customer big time let alone cause a lot of embarrassment.

All those illegal sites selling credit card numbers will be fucked because the checkout form doesn't need credit card numbers.

FUCK YOU IF YOU GOT A PROBLEM WITH MY SPELLING TO!

[woj]

sell this brilliant idea to the credit card companies for a few million

[Matt 26z]

Let me guess, a card swipe terminal. They've already got these, but the idea hasn't taken off.

[$5 submissions]

Does the idea dispense totally with NUMBERS? Or does it just take a DIFFERENT FORM?

[Evil Doer]

You've been working on this idea for months?

I don't quite understand... your idea is to eliminate using a credit card number and replace it with something new?

[Lazonby]

It's to replace the credit card number with a credit card number number.

[tical]

like a hidden password / pin number users establish at the issuing bank?

unrelated to cvv2... dont know why they dont do this

[Jensen]

Why aren't the billingcompanies using methods like Verified by Visa yet? I can't buy shit in Norway without my pass but haven't seen it used elsewhere... why the fuck not?

[Jensen]

Quote:

Originally Posted by tical

like a hidden password / pin number users establish at the issuing bank?

unrelated to cvv2... dont know why they dont do this

they do..

[hydro]

just block romania + russian +indonesia and then use a little geotracking for extra protection. The adult industry will always have a higher chargeback ratio due to pussy whipped men who are afraid of their wives and kids who find mom's credit card

[Manowar]

Quote:

Originally Posted by tical

like a hidden password / pin number users establish at the issuing bank?

unrelated to cvv2... dont know why they dont do this

Good point, they should

[tical]

Quote:

Originally Posted by Jensen

they do..

theres no enforced requirement for this online though, they have pins for atm / check cards... and securecode shit for visa

but they are just 'optional' not enforced, and not all sites even have these features available

an "online password / pin" would be great

if you want to use your card online, you must setup an online pass/pin otherwise it shouldnt work

that would cut down on HUGE amounts of fraud

[Antonio]

Quote:

Originally Posted by eddie-executive

Most online credit card fraud is caused by lost credit cards

you don't have a clue, do you? gazillion waiters all over the World carry "parrots" in their pockets, as soon as you give them your credit card they swipe it once, and that's all they need

[Axzar]

Good Luck with that.

[Jensen]

Quote:

Originally Posted by tical

theres no enforced requirement for this online though, they have pins for atm / check cards... and securecode shit for visa

but they are just 'optional' not enforced, and not all sites even have these features available

an "online password / pin" would be great

if you want to use your card online, you must setup an online pass/pin otherwise it shouldnt work

that would cut down on HUGE amounts of fraud

all merchants in norway are using it and it works great.. why the heck others are waiting I have no clue about..

my guess is that the us is lagging so far behind with internet banking that so few customers would be able to set a pass? or?

[Chr0makey]

Sounds good to me

[tical]

Quote:

Originally Posted by Jensen

all merchants in norway are using it and it works great.. why the heck others are waiting I have no clue about..

my guess is that the us is lagging so far behind with internet banking that so few customers would be able to set a pass? or?

ah no shit? well there you have it... i'm sure people would complain in the US about it being a hassle... fuck them though, i wouldnt mind it at all

[Chio]

Quote:

Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online.

YARGH! Sorry to say but this is completely false. I know quite a bit about online billing and I can tell you that nearly 100% of credit card fraud comes from bogus sites collecting credit card information, and providing a real service. They trap all the needed info on the order page and the user is given access to a site or product, everything seems legit, until a short time later when fraud charges start.

There is no way to stop this type of fraud.

Credit card companies could easily stop fraud using any number of suggested methods that never seem to get passed the development stages... they won't though, it's a huge amount of income to them in the form of charge back fees. A perfect example of this type of mentality is bounced checks. You would think with the technology we have it would be impossible to pass a bad check. Will banks ever do it? No. Why? Same reason. Free money.

[Jensen]

Quote:

Originally Posted by Chio

YARGH! Sorry to say but this is completely false. I know quite a bit about online billing and I can tell you that nearly 100% of credit card fraud comes from bogus sites collecting credit card information, and providing a real service. They trap all the needed info on the order page and the user is given access to a site or product, everything seems legit, until a short time later when fraud charges start.

There is no way to stop this type of fraud.

Credit card companies could easily stop fraud using any number of suggested methods that never seem to get passed the development stages... they won't though, it's a huge amount of income to them in the form of charge back fees. A perfect example of this type of mentality is bounced checks. You would think with the technology we have it would be impossible to pass a bad check. Will banks ever do it? No. Why? Same reason. Free money.

won't verified by visa etc stop it?

[Chio]

Quote:

Originally Posted by Jensen

won't verified by visa etc stop it?

The only thing that would work 100% is if *all* Merchant gateways process directly through the issuing credit card company (not just visa). So when an order is placed you get bounced to amex for example, input your card info at amex with a pin. If everything checks out you are passed back to the originating merchant site to complete the order.

The infrastructure to do this is for the most part already in place, yet we still don't have it. I first saw ramblings about this in 98. It's still not done.

[Chio]

In the above example carding sites would never see the info, they would only know that the order was successfully processed.

This would stop online card fraud in it's tracks.

It would also stop "friendly" fraud when a husband buys a porn membership, then tells his Wife he didn't and she charges back. This would be impossible with the above system in place.

[Jensen]

Quote:

Originally Posted by Chio

The only thing that would work 100% is if *all* Merchant gateways process directly through the issuing credit card company (not just visa). So when an order is placed you get bounced to amex for example, input your card info at amex with a pin. If everything checks out you are passed back to the originating merchant site to complete the order.

The infrastructure to do this is for the most part already in place, yet we still don't have it. I first saw ramblings about this in 98. It's still not done.

works great up here.. we get bounced to the issuing bank were we input a password and are passed back to the merchant site.. been doing this for a long time already.. (I'm only using visa/mastercard though)

[Chio]

Quote:

Originally Posted by Jensen

works great up here.. we get bounced to the issuing bank were we input a password and are passed back to the merchant site.. been doing this for a long time already.. (I'm only using visa/mastercard though)

Yeah that's what I mean by *all*, only visa does it, and for whatever reasons (fees I'm guessing) they are not too keen on forcing gateways to implement it.

[Klen]

Btw with american express blue every transaction which go with your credit card you must authorize with credit card reader which you got it with card so even if someone has completly data of you he still cannot use credit card.

[Cassie]

Quote:

Originally Posted by Jensen

Why aren't the billingcompanies using methods like Verified by Visa yet? I can't buy shit in Norway without my pass but haven't seen it used elsewhere... why the fuck not?

i had this discussion with cardservice the other day.

one of the main reasons verified by visa and master card security code hasn't been implemented is because it hasn't been required to be implemented by the card holder's bank or merchant banks (although humboldt and now cardservice are pushing the system a bit more to their merchants).

second reason is that the smaller banks can't necessarily afford to implement the system.

third reason is because First Data (which is like congress to the credit card association) is in negotiations to force this system to be implemented but they are taking their time doing so (various contractual negotiations, blah blah blah).

we have this system on our various retail sites through cardinal commerce and it seems to work out well with cb ratios. however, until merchant banks and cardholder banks are required to offer this system, you won't see much of it because most cannot afford to implement this system.


btw, i received this information when i discussed it with both the director of cardinal commerce and the director of cardservice NE division.

[Barefootsies]

Um...................cvv2

[DanielS]

The big % of credit card fraud is because of hackers stealing big databases with ALL the information, number, cvv2, name, address, etc. Then the numbers are used not only for buying things, but to write blank real cards using bank keys and clean the account through atms.
The real solution is to have strong firewalls and secured servers.

[Jensen]

Quote:

Originally Posted by DanielS

The big % of credit card fraud is because of hackers stealing big databases with ALL the information, number, cvv2, name, address, etc. Then the numbers are used not only for buying things, but to write blank real cards using bank keys and clean the account through atms.
The real solution is to have strong firewalls and secured servers.

verified by visa password aren't stored on the same servers but are stored with the local banks...

[Aneros Josh]

Etrade has this pretty cool thing where when you go to login to your account, you enter your username/password then it asks you to input the code from a keychain/keyfob thing they give you when you sign up. They send a code that is good for 30 seconds to the keychain. It seems that if credit cards had this same type of system or something similar, it could be pretty useful in stopping fraud.

[TheDoc]

Why not just give all credit cards a 4-6 digit pin, like debit cards, then require all online transactions to use that pin. Fraud will go down something quick when people don't know the pin codes.

[BJ]

MBNA will generate a 1 time use cc# for online purchases, meaning the cc# is only good for 1 time. Good enough for me.

[Gillespie]

Undetected fraud = $$$
Detected and chargebacked fraud = $$$

Same thing, as far as the CC companies are concerned.

[JimiJimi]

Concept and spelling APPROVED

[eddie-executive]

Has nothing to do with swipe terminals or anything. Its not a password, passwords can easily be hacked and easily forgotten by consumers casuing more hassle. Adding extra passwords or pins all can be hacked.

[Pimpin_J]

Most online credit card fraud is caused by lost credit cards so if someone found a credit card they wouldn't be able to use it online

Sorry but this is far away from reality. Just check the news and see whats going on out there! http://www.cardcops.com/
The guy who runs this site is an idiot, but thats not the case right now. But the fact is that one guy can steal up to 100 credit cards in a couple of minutes, by hacking some shop site for example. But no one finds hundred´s of lost cards in a few minutes at the streets.

[Pimpin_J]

This extra field on the card is crap too. The companies had nearly the same idea some years back, called CVV2 number on the cards. But thats the same useless like your idea! Once your "secret field" or the cvv2 is entered into a userdatabase from a shop/pornsite, ITS ON THE INTERNET.
So the game starts again -> hacker hacks the site -> steals database -> has the "secret field / cvv2" and can use the card again. So its useless. Even a phone varification is easily cheatable.

[Kimmykim]

Lots of misinformation in here.

1. CVV2 is not stored in a database, it's expressly prohibited to store the data anywhere, and the punishment for a violation is losing your merchant account.

2. VbV/SecureCode suffer from shit marketing and the inability of smaller banks to afford implementing the system. Consumers who actually read the VbV terms and understand them realize they are relinquishing their right to charge back, and the habitual cb'ers (of which there are many) aren't going to go for that.

3. Thinking that the issuers or acquirers, much less Interchange, would add yet another field to the database is silly. The associations are owned by the member banks (Visa still, Mastercard is doing that public thing) and while Interchange does profit from a chargeback, individual banks, either acquiring or issuing, lose money on them.

[TheDoc]

The pin code for debit cards is stored at the processing bank. If CC #'s get stolen they only have to change the pin code rather than issue a new card. Most stolen CC's don't come from hacks.

The credit card # has a pattern that adds up and creates the cv2, zip, and some other bs to make sure the card is valid. So CC generators can take a valid card and off of this math generate 100’s of valid cc numbers with matching cv2 and zip codes.

Add a pin code that gets verified at the bank level, then generated cards and found/stolen cards won't work. Even if a family member stole it, chances are they don’t know the pin.

[flashfreak]

Quote:

Originally Posted by hydro

just block romania + russian +indonesia and then use a little geotracking for extra protection. The adult industry will always have a higher chargeback ratio due to pussy whipped men who are afraid of their wives and kids who find mom's credit card

fuck off idiot... you have no clue.

unlike you, 99% of the carders are smart enough to jump from one server to another 5-6 times... how do you know they're romanians, russians etc? idiot

[Thee Johnclave]

Quote:

Originally Posted by PureMeds

MBNA will generate a 1 time use cc# for online purchases, meaning the cc# is only good for 1 time. Good enough for me.

Brilliant! Let's endorse a product which would kill recurring billing; the life blood of online adult.

KK...lots of misinformation is an understatement.

[germ]

Quote:

Originally Posted by FleshJosh

Etrade has this pretty cool thing where when you go to login to your account, you enter your username/password then it asks you to input the code from a keychain/keyfob thing they give you when you sign up. They send a code that is good for 30 seconds to the keychain. It seems that if credit cards had this same type of system or something similar, it could be pretty useful in stopping fraud.

yeah. my aol account has this. im not sure why my bank account/visa doesnt.

[cams2chat]

Quote:

Originally Posted by Evil Doer

You've been working on this idea for months?

I don't quite understand... your idea is to eliminate using a credit card number and replace it with something new?

Sign Language?

[marketsmart]

you know...there is...verified by visa...

[polish_aristocrat]

Quote:

Originally Posted by eddie-executive

In a nutshell I am eliminating using credit card numbers online.

cool idea

the girl who jerks you off in your car for 80 bucks because she needs to pay her cell phone bill, would be impressed

[collegeboobies]

Whatever it is... can be social engineered or hacked somehow.
Any info that someone types in or knows can easily be gotten on phishing pages by the thousands.`

[Aquarius]

In theory it sounds ok.

[TheAmericanCannibal]

I have the solution and have for over a YEAR no

it's called

http://www.purevanilla.com

[rowan]

Quote:

Originally Posted by Kimmykim

Lots of misinformation in here.

1. CVV2 is not stored in a database, it's expressly prohibited to store the data anywhere, and the punishment for a violation is losing your merchant account.

This is how I understood it as well, but the interesting thing is that when informing several companies of my new CC number, two of them asked for the CVV2. These are for regular monthly payments which may not necessarily be the same amount each time. Is there some sort of pre-verification where they can pass the details once-off to say "customer has authorised future charges without CVV2" or is it likely they're storing it?

edit: just realised it's an old thread... still, interested to hear what anyone in the know has to say about the above.

[BusterBunny]

50 solutions to online credit card fraud

[Klen]

American express blue card require card reader otherwise credit card wont work.It's also called "safe credit card for internet"Toobad it's not easy avaible.