Danny Froberg wrote:
Well maybe time to create such an entity, since none thats
international / global exists, and it's definitely not cost efficient to
signup with every local credit information system on the planet ;)
Heck if I know, we need some way to protect ourselves.
And the system wouldn't contain any credit information, only blacklists
(or similar).
Shoot some suggestions, regulatory considerations can be overcome in a
wide variety of nations.
Some kind of joint effort seems to be needed however. And a system like
this would only work if quite a few companies joined in to provide data.
I for one am quite willing to host the systems while it's being built, I
can even foot the bill. Later if successful (working) we can figure
something out if it turns into a high traffic/resource hog.
Let me know if *anyone* would be interested...
Very interested.
The poster's comment about using the MD5 sum of the CC# is very good.
What credit card number, officer?
The way I would design it would be:
The vendor, while opening a new account, would send an email to
[EMAIL PROTECTED] The email would contain:
. MD5 sum of the CC#
. the first <n> digits of the CC# (unencrypted), enough to identify the
bank and country
. IP address
. callback telephone number
. name on card (?)
. billing address
. city/country.
The name on the card might be useful in the case of a lost/stolen
wallet. The name loosely ties together all the cards in the wallet.
The billing address would also tie together the cards.
The email reply would contain the country code of the CC and whether any
chargebacks had been received for that CC# or that IP. Also the country
of the IP. It would also contain the number of queries from other
vendors in the past <n> hours.
When a chargeback was received, the vendor would send an email to
[EMAIL PROTECTED] with the CC# MD5 sum as the subject. The system
would register the complaint and then send an email to all those who had
queried on that CC#. An email would also be sent to all vendors who had
queried on the offenders IP.
But this could go a lot further. "Friends and Family" is what it would
be called :-) When a chargeback is received, the offenders complete
Asterisk cdr would be emailed to [EMAIL PROTECTED] The system would
construct a graph (the calling tree) of the offender's calling and
called numbers (ranked by frequency of use) and reply to the vendor.
Whenever one of those numbers was called in the future, or whenever a
caller's CallerID matched, the vendor could have the account flagged for
investigation.
The system could also build a combined (global) calling tree using all
submitted cdrs. Overlapping calling trees would give good insight.
Another thought is having a bot monitor the IRC channels where CC# are
traded. When a bot identified a CC#, it would be entered into the database.
A legit user who was denied would simply have his bank reissue his
credit card (this would happen anyway after he rejects a charge).
I would be very interested in doing this, and I have the bandwidth to
support a reasonable number of transactions. To stay under the lawyer's
radar, I'm thinking this would be a subscription only (not public)
service. I don't think a vendor would be obliged to inform the perp why
service was being denied.
Know thine enemy.
Comments?
_______________________________________________
Asterisk-Biz mailing list
Asterisk-Biz@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-biz
