[thelist] what kind of fraud is this?
Erik Heerlein
erik at erikheerlein.com
Wed Mar 9 08:38:14 CST 2005
On Mar 9, 2005, at 1:01 AM, Maximillian Schwanekamp wrote:
> You're using Authorize.Net, so you'll have a good array of anti-fraud
> tools available. A few recommendations: First off, AuthNet
> recommends that you use "password-required mode" if you're using AIM
> (Advanced Integration Method). This means that in order to submit a
> transaction, your AuthNet login password is required. This is good
> only if you consider your ecommerce software reasonably secure.
The shopping cart I wrote myself in PHP and to the best of my
knowledge, it's secure, and I am using "password-required mode" with
AIM.
> Definitely do use CVN ("Card Code Verification" in AuthNet).
I am.
> If possible, use the MD5 Hash feature.
I'm not. Due to time constraints in the original development I didn't
implement it. I think I will now.
> Finally, if you want to go the extra mile, get the Fraud Detection
> Suite.
My volume of sales is pretty low and I'm not sure it's worth paying for
something which I pretty much do anyway, which is look for suspicious
activity. Am I wrong here? Does the Fraud Detection Suite provide
something I couldn't do myself? Or is it just basically a convenience
thing?
>> Also, is there anybody else I should report this to?
>
> Contact your Authorize.Net reseller asap. Also contact Authorize.Net
> support.
Should I bother trying to contact a law enforcement agency of some
kind? I know I can block the ISP but is there merit in trying to work
with some agency to find and prosecute this guy? Or is that just a
waste of time and paperwork which probably won't do any good.
- Erik Heerlein
More information about the thelist
mailing list