[thelist] what kind of fraud is this?

Erik Heerlein erik at erikheerlein.com
Wed Mar 9 08:38:14 CST 2005

On Mar 9, 2005, at 1:01 AM, Maximillian Schwanekamp wrote:
> You're using Authorize.Net, so you'll have a good array of anti-fraud 
> tools available.  A few recommendations:  First off, AuthNet 
> recommends that you use "password-required mode" if you're using AIM 
> (Advanced Integration Method).  This means that in order to submit a 
> transaction, your AuthNet login password is required.  This is good 
> only if you consider your ecommerce software reasonably secure.

The shopping cart I wrote myself in PHP and to the best of my 
knowledge, it's secure, and I am using "password-required mode" with 

> Definitely do use CVN ("Card Code Verification" in AuthNet).

I am.

> If possible, use the MD5 Hash feature.

I'm not. Due to time constraints in the original development I didn't 
implement it. I think I will now.

> Finally, if you want to go the extra mile, get the Fraud Detection 
> Suite.

My volume of sales is pretty low and I'm not sure it's worth paying for 
something which I pretty much do anyway, which is look for suspicious 
activity. Am I wrong here? Does the Fraud Detection Suite provide 
something I couldn't do myself? Or is it just basically a convenience 

>> Also, is there anybody else I should report this to?
> Contact your Authorize.Net reseller asap. Also contact Authorize.Net 
> support.

Should I bother trying to contact a law enforcement agency of some 
kind? I know I can block the ISP but is there merit in trying to work 
with some agency to find and prosecute this guy? Or is that just a 
waste of time and paperwork which probably won't do any good.

- Erik Heerlein

More information about the thelist mailing list