Welcome to WebmasterWorld Guest from 23.22.17.192

Forum Moderators: buckworks

Message Too Old, No Replies

authorize.net attacked

merchants subject to thousands of $$ costs

   
9:56 am on Apr 24, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



carders have been attacking authorize.net testing card numbers until they get one that works. as a result, merchants are being billed for every attempt.
[msnbc.com...]
10:47 am on Apr 24, 2002 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I have one client who was hit pretty hard at first, but AuthorizeNet is acting equitably. So far no compaints except for lost time - and that's the criminals' fault most of all. I'm sure AN has been hit pretty hard just with labor costs to straighten it all out.

Hacker chatrooms talking it up, indeed. This is not just some prank. I hope they nail 'em!

3:42 pm on Apr 24, 2002 (gmt 0)

10+ Year Member



I hadn't even noticed it on my accounts, yet. Hope they nail that down FAST.

Brian

4:05 pm on Apr 24, 2002 (gmt 0)

WebmasterWorld Senior Member eliteweb is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I love how they refer to carders as hackers. I thought since all the other media fools were embarressed about this they would learn by now. Seems not, as if they havn't.

BTW, Authorized.net is at fault here, they should have limitations to stop IP's from accessing the system after X amount of attempts as other credit card sites do. Fraud online is so high, and for a company not to impliment ways of stopping this is plain stupidity.

Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try. hahahha. Hope none of you here got hit by authorized' stupidity.

8:28 pm on May 3, 2002 (gmt 0)

10+ Year Member



98% of that fraud comes from a few small countries. If those people would have been using a .htaccess file to deny problem countries, those criminals would not have been able the enter their site and use it for a card tester.

I just posted in this forum about a site I built to help web merchants identify and block fraud, www.combatfraud.org

Rick

1:40 am on May 4, 2002 (gmt 0)

10+ Year Member



>> Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try

It would not be my first bill to not pay based on the laws I am currently regulated by. IMHO everybody should read the rule book ... or at least have a basic understanding of the rules of the game. Contract laws (and state restictions) are a must.

9:35 pm on May 25, 2002 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thought this thread was worth an update. Authorizenet has taken strong steps and made changes that seem to have stopped this problem in its tracks for my clients. They are a solid company and are handling this episode very well in my book.

I've been involved with credit card sales and fraud for over 20 years and this has been some of the finest support I've experienced.

One of the important safeguards is accepting transactions from authorized addresses only. The problem?

Not all browsers handle referers properly, and I'm not just talking about the old relics here - Netscape 6.1 (fortunately not that big a market) is quite buggy at handling referers with form submission - a common purchasing situation online.

So, our only recourse right now is to deny online purchase to people using browsers that don't accurately send referers. Not a big deal so far, but I'm not happy about denying service to someone using a relatively new, mainstream browser.

It's time for the browser companies to get very sharp. Security issues can cripple online commerce altogether. Referer handling, HTTPS, SSL, P3P, TLS - flawless support here is mandatory. Hackers are criminals, and usually not of the dumb variety.