Welcome to WebmasterWorld Guest from 54.145.198.123

Forum Moderators: buckworks

Message Too Old, No Replies

authorize.net attacked

merchants subject to thousands of $$ costs

     
9:56 am on Apr 24, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 26, 2001
posts:1076
votes: 0


carders have been attacking authorize.net testing card numbers until they get one that works. as a result, merchants are being billed for every attempt.
[msnbc.com...]
10:47 am on Apr 24, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


I have one client who was hit pretty hard at first, but AuthorizeNet is acting equitably. So far no compaints except for lost time - and that's the criminals' fault most of all. I'm sure AN has been hit pretty hard just with labor costs to straighten it all out.

Hacker chatrooms talking it up, indeed. This is not just some prank. I hope they nail 'em!

3:42 pm on Apr 24, 2002 (gmt 0)

Preferred Member

10+ Year Member

joined:June 21, 2000
posts:626
votes: 0


I hadn't even noticed it on my accounts, yet. Hope they nail that down FAST.

Brian

4:05 pm on Apr 24, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 5, 2001
posts:2728
votes: 8


I love how they refer to carders as hackers. I thought since all the other media fools were embarressed about this they would learn by now. Seems not, as if they havn't.

BTW, Authorized.net is at fault here, they should have limitations to stop IP's from accessing the system after X amount of attempts as other credit card sites do. Fraud online is so high, and for a company not to impliment ways of stopping this is plain stupidity.

Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try. hahahha. Hope none of you here got hit by authorized' stupidity.

fortweb

8:28 pm on May 3, 2002 (gmt 0)

Inactive Member
Account Expired

 
 


98% of that fraud comes from a few small countries. If those people would have been using a .htaccess file to deny problem countries, those criminals would not have been able the enter their site and use it for a card tester.

I just posted in this forum about a site I built to help web merchants identify and block fraud, www.combatfraud.org

Rick

1:40 am on May 4, 2002 (gmt 0)

Full Member

10+ Year Member

joined:Aug 26, 2001
posts:277
votes: 0


>> Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try

It would not be my first bill to not pay based on the laws I am currently regulated by. IMHO everybody should read the rule book ... or at least have a basic understanding of the rules of the game. Contract laws (and state restictions) are a must.

9:35 pm on May 25, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Thought this thread was worth an update. Authorizenet has taken strong steps and made changes that seem to have stopped this problem in its tracks for my clients. They are a solid company and are handling this episode very well in my book.

I've been involved with credit card sales and fraud for over 20 years and this has been some of the finest support I've experienced.

One of the important safeguards is accepting transactions from authorized addresses only. The problem?

Not all browsers handle referers properly, and I'm not just talking about the old relics here - Netscape 6.1 (fortunately not that big a market) is quite buggy at handling referers with form submission - a common purchasing situation online.

So, our only recourse right now is to deny online purchase to people using browsers that don't accurately send referers. Not a big deal so far, but I'm not happy about denying service to someone using a relatively new, mainstream browser.

It's time for the browser companies to get very sharp. Security issues can cripple online commerce altogether. Referer handling, HTTPS, SSL, P3P, TLS - flawless support here is mandatory. Hackers are criminals, and usually not of the dumb variety.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members