[thelist] what kind of fraud is this?

Erik Heerlein erik at erikheerlein.com
Tue Mar 8 20:12:16 CST 2005

Over the past couple of days, someone has been trying make purchases 
from my SSL e-commerce site. Each time that they do, their card is 

They use the same US billing address, which is the same as the shipping 
address. They only put one item in the cart and the item is different 
almost every time. The names used are either repeated or slight 
variations on each other, i.e. "Tom Smiths", Tommy Smiths", "Tom 
Smith". The IP address is always the same (belongs to a UK ISP) and 
they use a different card every time.

After I spotted the pattern I started recording the whole credit card 
number that they were using (banks wouldn't do anything without the 
whole card number) and reported it as fraud, which the banks confirmed. 
I also emailed the ISP about what was going on but haven't heard 

My question is, what is this person trying to achieve? At this point, 
it's pretty obvious that he's not out to try and get some free 
merchandise because it's obvious ahead of time that the card will be 
declined and they keep coming back. So my only other idea is that he's 
trying to eavesdrop on the transactions to glean some potentially 
fruitful information. So am I vulnerable here in some way? Is he trying 
to hack into authorize.net or the banks?

Also, is there anybody else I should report this to?

- Erik H

More information about the thelist mailing list