Jim McAtee wrote: >> We could have left our renewals wide open, however we made a business >> decision to require the username and password on renewals to cut >> down on credit card fraud. > > I'm trying to imagine a situation where someone would use a bogus > credit card to _renew_ a domain name. To what advantage? They're > going to lose the domain shortly thereafter.
Oh? There are two possibilities here, assuming a lying fraudulent criminal is willing to commit credit card fraud. The RSP and/or OpenSRS has a choice: Do you let the user keep the domain, or suspend/withhold it? The abuse will come in one of two ways, depending on whether you deactivate the domain or not: 1) Criminal owns the domain -- He'll renew his own domain for 5 years using a stolen credit card knowing that the 5 years can't be removed. When the chargeback occurs, he claims innocence. Unless you can prove the user has done something illegal he will be free to simply transfer the domain away, and the RSP is stuck eating the 5 year renewal. 2) Innocent user owns the domain -- Criminal renews the domain, then when the user claims they knew nothing about it (which is true), RSP/OpenSRS suspends the domain, and an innocent user has lost the domain after having done nothing wrong. -- Dave Warren, Email Address: [EMAIL PROTECTED] Cell: (403) 371-3470 Fax: (403) 371-3471 Toll free: (888) 371-3470 Vonage: (817) 886-0860 ICQ: 17848192 AIM: devilspgd Yahoo!: devilspgd MSN/PASSPORT: [EMAIL PROTECTED]
