I have one client who was hit pretty hard at first, but AuthorizeNet is acting equitably. So far no compaints except for lost time - and that's the criminals' fault most of all. I'm sure AN has been hit pretty hard just with labor costs to straighten it all out.

Hacker chatrooms talking it up, indeed. This is not just some prank. I hope they nail 'em!

I hadn't even noticed it on my accounts, yet. Hope they nail that down FAST.

Brian

I love how they refer to carders as hackers. I thought since all the other media fools were embarressed about this they would learn by now. Seems not, as if they havn't.

BTW, Authorized.net is at fault here, they should have limitations to stop IP's from accessing the system after X amount of attempts as other credit card sites do. Fraud online is so high, and for a company not to impliment ways of stopping this is plain stupidity.

Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try. hahahha. Hope none of you here got hit by authorized' stupidity.

98% of that fraud comes from a few small countries. If those people would have been using a .htaccess file to deny problem countries, those criminals would not have been able the enter their site and use it for a card tester.

I just posted in this forum about a site I built to help web merchants identify and block fraud, www.combatfraud.org

Rick

>> Hah, you don't think I'd ever pay that bill if the company wanted to charge me x.00 per try

It would not be my first bill to not pay based on the laws I am currently regulated by. IMHO everybody should read the rule book ... or at least have a basic understanding of the rules of the game. Contract laws (and state restictions) are a must.

Thought this thread was worth an update. Authorizenet has taken strong steps and made changes that seem to have stopped this problem in its tracks for my clients. They are a solid company and are handling this episode very well in my book.

I've been involved with credit card sales and fraud for over 20 years and this has been some of the finest support I've experienced.

One of the important safeguards is accepting transactions from authorized addresses only. The problem?

Not all browsers handle referers properly, and I'm not just talking about the old relics here - Netscape 6.1 (fortunately not that big a market) is quite buggy at handling referers with form submission - a common purchasing situation online.

So, our only recourse right now is to deny online purchase to people using browsers that don't accurately send referers. Not a big deal so far, but I'm not happy about denying service to someone using a relatively new, mainstream browser.

It's time for the browser companies to get very sharp. Security issues can cripple online commerce altogether. Referer handling, HTTPS, SSL, P3P, TLS - flawless support here is mandatory. Hackers are criminals, and usually not of the dumb variety.