> There are two possibilities here, assuming a lying fraudulent criminal is
> willing to commit credit card fraud.
>
> 1) Criminal owns the domain -- He'll renew his own domain for 5 years using
> a stolen credit card knowing that the 5 years can't be removed. When the
> chargeback occurs, he claims innocence. Unless you can prove the user has
> done something illegal he will be free to simply transfer the domain away,
> and the RSP is stuck eating the 5 year renewal.
>
> 2) Innocent user owns the domain -- Criminal renews the domain, then when
> the user claims they knew nothing about it (which is true), RSP/OpenSRS
> suspends the domain, and an innocent user has lost the domain after having
> done nothing wrong.
2b) A malicious person tries to get someone else's domain revoked/held
by renewing the domain with a fraudulant credit card.
2c) A criminal has a completely untraceable way to verify if a stolen credit
card number works. (Although there are many others)
And problem requiring:
1) Innocent's domain expires because he forgot the domain admin password,
or employee who had such password was terminated. (Happens way more
often than you'd think).
Adam
