Perry E. Metzger wrote:
That's not practical. If you're a large online merchant, and your automated systems are picking up lots of fraud, you want an automated system for reporting it. Having a team of people on the phone 24x7 talking to your acquirer and reading them credit card numbers over the phone, and then expecting the acquirer to do something with them when they don't have an automated system either, is just not reasonable.
But how can the issuer know that the merchant's fraud detection systems work, for any value of "work"? This could just become one more avenue for denial of service, where a hacked online merchant suddenly reports millions of cards as compromised. I'm sure there is some interesting work to be done here.
/ji --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]