I guess I'm curious as to why this should be anyone's problem but yours....
You should get the billing address of the card and check the AVS code returned by your processor. If you do split-transactions, you can verify the information before you charge the card. Same with the CVV2 code, which only appears on the card itself, not on old bills or anything else. But, you should also consider fraud as part of the cost of doing business. Sure, in the example someone got hit for $40, but if domains are moving fast you should make that up in very little time. .... and he's got the domain to sell, so his loss may be zero. I know for many RSPs this only makes sense with highly automated systems -- even with all the checks that can be done, a fraudulent transaction will slip through from time to time, and you won't know for about three months. -- Lynn -----Original Message----- From: A. M. Salim [SMTP:[EMAIL PROTECTED]] Sent: Saturday, May 25, 2002 5:20 AM To: Ramy Nabil Cc: Jim Whitesell; [EMAIL PROTECTED] Subject: Re: fraud hedsup Hi, > How can we be protected from such fraud orders? > Jim Whitesell wrote: > > We got hit by someone who registered one domain for four years. The credit > > card was stolen. Name used was Antonio Bredelli but is probably ficticious. We have had this happen to us on occasion and I have discussed this at length with OpenSRS. Their response is "it's your problem to figure out it was a fraud order and not process it". !!?? Clearly, not a satisfactory attitude on OpenSRS's part (or ICANN's part as well). OpenSRS claims they have no choice because they have to pay the $6 regardless. And we typiclly don't find out until a chargeback happens a few feeks later. However if you provide OpenSRS with enough documentation about the chargeback, they will consider locking the domain and removing it from the root nameservers. best regards Mike
