[thechat] Credit card fraud question

deacon web at master.gen.in.us
Thu Jan 27 14:47:59 CST 2005

On 27 Jan 2005 at 12:21, Madhu Menon wrote:

> What I want to know is: can just the collection of credit card numbers in 
> this manner be considered an illegal activity in USA? Obviously none of us 
> put in a real credit card number to test the system. Is there any law there 
> that says you shouldn't put up a site like this, collecting credit card 
> numbers, unless you have a fully working setup?

Intent is the key. Every state is going to have its own laws, but they are 
going to be similar to this Ohio statute:

So for intent, you have to look at whether his other sites reek of scam. 

If the guy is legit, he's going to already have a reseller account set up 
with a registrar; you cannot possibly develop a site without having the 
API for that registrar, and all those APIs are different. 

He's also going to have a merchant account with some bank, to accept 
the plastic. 

You obviously need to test your site before you turn your customers 
loose on it, so it's not unreasonable that the site exists, and I see ads 
in the paper saying, "Ooops, the supplier couldn't deliver in time, so 
please ignore the 'new Lexus automobiles for $39.50 with purchase of 
5 pounds of hamburger' special splashed across the front page of our 
flyer", so it not unreasonable that the product isn't ready when the 
marketing plugs into place. 

But like you, I'd be suspicious. Why not do a WHOIS on the site, and 
contact his local district attorney, telling him that you suspect that this 
guy is phishing for credit card numbers? It'd be *really* easy to look at 
his software and see what happens to the CC numbers that are being 



Lots of space. 
Lots of bandwidth. 
Lots of speed. 
Lots of reliability. 
Lots of support. 
Lots of preinstalled scripts.
Not a lot of money.

More information about the thechat mailing list