Fog Creek Software
Discussion Board




Here's a what if

What if the credit card companies could sue for damages resulting from fraudulent purchases stemming from trojanned windows machines with keyloggers.  That might make Microsoft push security a little harder.

HP
Friday, June 25, 2004

They'd say "That's what if, byotch".

Wayne
Friday, June 25, 2004

How could you tell that the card details used in the fraudulent purchase were obtained via a keylogger?

.
Friday, June 25, 2004

Whenever there's massive amounts of credit card fraud, they try to find what they all have in common. One case where the victims were spread all over the country involved a Rent-A-Wreck center in Florida that everyone had visited.

I imagine they'll examine the computers & find the spyware, and between any footprints it might leave & the spending habits of whoever got the CC#, catch them.

Either way, it would be prosecuted as credit card fraud the same as anything else.

www.MarkTAW.com
Sunday, June 27, 2004

Online fraud could be greatly curtailed if the card companies would issue a card that could only be used on the internet and only in conjunction with a card scanner hooked to your pc. 

The card number alone means nothing if you don't have the card and the hardware, which would be encoded with each having one half of a key.  If onine fraud gets costly enough, I would think the companies would find it cheaper to do somethin like this.

HP
Sunday, June 27, 2004

I think one bank in the UK does something pretty clever for this.

I believe that they allow you to go online and generate a credit card number that can be used for one time only. This is then useless after it has been used once.

Seems like a good idea, but there is no finincial imperative for the CC Issuers, acquirers, banks, etc to do anything, so they won't.

Steve Jones (UK)
Monday, June 28, 2004

Citibank calls it a 'virtual number' and I believe American Express has something similar.  Basically you generate a virtual number and that number can be used once or you can configure it to be re-occuring/expire after a given time period.

MikeG
Monday, June 28, 2004

what about in person cc purchases?  You'd be blown away at the sheer number (and moreover the maximum purchase price) of purchases I've made where no ID was necessary.  I just swipe my card and voila, money spent.  Whether tens or hundreds of dollars, no one seems to care.  I am thinking of going around and pressing charges in a huge class-action lawsuit against i.e. Wal-Mart for not checking.  Do you know how many purchases they must get that are fraudulent,given that I've never been ID'd there?

Devin
Monday, June 28, 2004

oh yeah, one more thing.  I could show up at a store with a credit card that says only"check ID", and purchase something with a resale value way over $100.  If I get ID'd, i just say,"you know, I've been told I look like my uncle, Ben Franklin, what do you think?" and hand it over.  Most of those clerks are making $5.15/hr; I would guess that the resemblence would be pretty clear to them.

Devin
Monday, June 28, 2004

*  Recent Topics

*  Fog Creek Home