From: Robert J. Bradbury (bradbury@aeiveos.com)
Date: Wed Oct 17 2001 - 05:43:16 MDT
Brian Atkins wrote:
> I think it's important for people to realize that when you do this,
> your card company is not taking a loss, in fact they are most likely
> making money. The party that takes the loss when it comes to credit
> card fraud is the merchant who accepted the card. Not only do they
> lose the transaction money plus whatever service or goods the
> thieves purchased, but they also get hit with a fee by the card processing
> company/bank- who seem to actually have an incentive to keep the
> system insecure.
I suspect this isn't *always* true. In my case the card was never
stolen. If merchants are presented with what appears to be a
perfectly valid card and it matches what appears to be a perfectly
valid ID how can they be held responsible? (We know that some of
the terrorists got into the country on stolen, presumably doctored
passports). As I recall thefts of CC blanks in the past is what
lead to the current system of holograms on the cards and having to
confirm your receipt of the card with a separately sent security
code before it becomes usable.
In the situation I mentioned, I believe that the information thieves
created dummy cards that worked at cash machines or some more sophisticated
method of tapping into the fund transfer authorization system was developed.
I don't think the CC companies can hold the banks responsible for a
release of cash that they authorized. There was a lot of discussion
regarding how the Russian fund transfer system was developed by the
Russian's because they didn't want to pay for the use of the Western system.
They apparently used a weaker encryption system than they should have
(perhaps a mole on the development team???) and that may have contributed
to the security failure. Another theory was moles inside the centers
that recieve the CC information and issue the approval codes.
I've never followed up on it to determine if they ever figured out
how the system failed. The CC companies probably kept it under
wraps just as Citibank did when the Russians hacked into their system.
Robert
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:11:26 MST