homepage Welcome to WebmasterWorld Guest from 54.166.14.218
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
DDoS against MasterCard's sites and the SecureCode Directory Server.
Big problems for online Meastro acceptance...
thorsten iceland

5+ Year Member



 
Msg#: 4240212 posted 6:36 pm on Dec 8, 2010 (gmt 0)

MasterCard pulls plug on WikiLeaks payments [news.cnet.com]
Anonymous Mastercard attack 'hits payments' [bbc.co.uk]

MasterCard finally acknowledging the current ongoing issue for the last few hours:
"Please be advised that MasterCard SecureCode Support has detected a service disruption to the MasterCard Directory Server. The Directory Server service has been failed over to a secondary site however customers may still be experiencing intermittent connectivity issues. More information on the estimated time of recovery will be shared in due course."


I feel very sorry for many merchants who have for some hours been unable to accept Maestro online.

Those merchants with SecureCode may be getting dinged for downgraded transactions too.

 

thorsten iceland

5+ Year Member



 
Msg#: 4240212 posted 7:18 pm on Dec 8, 2010 (gmt 0)

See also: Mastercard Site Hit By 'Hacktivists' Over Wikileaks [webmasterworld.com...]

walkman



 
Msg#: 4240212 posted 8:48 pm on Dec 8, 2010 (gmt 0)

MasterCard should re-reimburse merchants but I doubt they will. It was a corp decision to cut off wikileaks so they should pay, not the merchants during their busiest week of the year.

thorsten iceland

5+ Year Member



 
Msg#: 4240212 posted 4:26 pm on Dec 9, 2010 (gmt 0)

MasterCard state on their front page (the message was released on the 8th Dec) [mastercard.com]:
MasterCard has made significant progress in restoring full-service to its corporate website. Our core processing capabilities have not been compromised and cardholder account data has not been placed at risk. While we have seen limited interruption in some web-based services, cardholders can continue to use their cards for secure transactions globally.

The reason for this wording seems to be that certain members of 'Anonymous' had an idea for a follow-on attack - spreading false rumours of a data breach happening at the same time as the DDoS attack [latimesblogs.latimes.com...] :

Operation: Payback [the DDoS attack] is being followed by Operation Bank-Troll -- an online effort to spread a rumor through e-mail, Twitter, Facebook and other social media websites that MasterCard has been hacked and credit-card numbers have been leaked.

On Twitter, some messages claiming that MasterCard numbers had been leaked included links to a PasteBin.com, a file sharing website where hundreds of numbers and dates were posted -- numbers MasterCard says are fake.

HRoth

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4240212 posted 12:55 pm on Dec 10, 2010 (gmt 0)

I read an article today that said that it was the corporate site that was targeted, NOT payments, that Anonymous deliberately focused on the corporate sites--of Paypal, Mastercard, and whatnot--not the payment acceptance systems. So it's all a tempest in a teakettle.

PCInk

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4240212 posted 2:15 pm on Dec 10, 2010 (gmt 0)

I got an email from a payment provider to state disruption to payments was happening.

It only affected Mastercard payments where SecureCode was set up on the card. Other Mastercard transactions were going through as normal.

brotherhood of LAN

WebmasterWorld Administrator brotherhood_of_lan us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4240212 posted 3:16 pm on Dec 10, 2010 (gmt 0)

The chances of success could be boosted by a new version of LOIC written in web programming language Javascript that allows anyone with a browser, including on a mobile phone, to launch attacks.


[bbc.co.uk...]

thorsten iceland

5+ Year Member



 
Msg#: 4240212 posted 5:13 pm on Dec 10, 2010 (gmt 0)

HRoth wrote:
I read an article today that said that it was the corporate site that was targeted, NOT payments

As I wrote in another thread [webmasterworld.com] on 8th Dec:
...we can expect a lot of breathless misunderstandings from the worldwide press in the coming hours, not understanding that 3D Secure is an additional authentication layer on top of the card-not-present authorisation system for credit cards.

Problem is, there are a number of debit cards issued that will only work if SecureCode (3D Secure) is working and available.

As part of the DDoS attack the MasterCard SecureCode Directory Server was affected and as a result merchants worldwide were not able to perform SecureCode authentication on MasterCard transactions.

This had two main side effects:

i) Online sales using Maestro (a leading debit card brand in Europe, especially important in the UK) were not possible during the time the SecureCode server was unavailable, thus affecting sales to British customers, in particular, wanting to pay that way.

This is because since July 2007 it has been mandatory to attempt SecureCode (3-D Secure) authentication when processing a Maestro debit card online.

ii) While in general online merchants processing (non-Maestro) MasterCard credit or debit cards in all countries *could* get authorisations as usual through their acquirers, there is the issue of downgraded transactions.

Specifically, will acquiring banks charge merchants a downgraded rate for MasterCard transactions where the merchant was enrolled for SecureCode, but unable to attempt payer authentication, because the SecureCode Authentication Server was unavailable?

Although less commonly understood in Europe, the use of SecureCode generally attracts interchange relief, i.e. a reduced processing rate.

MasterCard has encouraged use of SecureCode authentication in general by making merchants eligible for a reduction in the range of 22-59 basis points (i.e. 0.22-0.59% off your processing cost) on MasterCard transactions processed with the UCAF (Universal Cardholder Authentication Field) field included.

The reduction depends on the MasterCard type and whether the cardholder has enrolled the card in the SecureCode system.

So given all that is going on, it is not unreasonable to expect that SecureCode might be attacked again.

Therefore it might be appropriate for online merchants to ask for a specific policy from their acquiring bank about this.

If you have done so (either as a MasterCard merchant based in the UK, or in the US, or elsewhere) I am sure the general response from each acquiring bank would be read with interest by many online merchants and retailers that read here at WebmasterWorld.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved