Re: [LUG] Email encryption, was Re: www.dcglug.org.uk

[Simon Avery <digdilem@xxxxxxxxx>]

It does lead to some odd situations. Some time ago, some hacktivists
found a bunch of credit card details (I believe from people who were
subscribers to a foreign policy magazine) and used them to make
donations to the Red Cross. Assuming the payments were cancelled, this
meant that hackers effectively stole some money from the Red Cross and
donated it to Visa and Mastercard.

Not just them. I run a charity and for a number of years we've had a worldpay gateway for donations on our website, and quite regularly we spot fraud payments. Typically small amounts and they use our gateway to test the numbers, or guess expiry/cvv values (you see a string of failed, and then a successful one).

I've asked Worldpay if they can stop the same IP from hammering after 2 faileds, but they can't/won't. They have an alerting system which is fairly obscure, and seems to rely mostly on "Issuer country != country of access" and alert us to most of them.

In that case, if we act quick enough we can refund the donation and will not get fined any chargeback fees, so it's just our time wasted. But if we miss it, yes, we get a chargeback hit.

(Incidentally, since I added a Paypal option to that page a couple of years ago, that's almost always the option chosen by donators now)  Customers either prefer the ease of paypal, or trust it more than a properly secured "normal" payment gateway.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq