Cable Forum - View Single Post

Flubflow · 22-04-2005, 16:57

I am strongly doubting that generated card numbers & guessed expiry dates are to blame. There would be more misses than hits. Too many misses from too few sources for card companies to ignore. Add the requirement for a vaild cardholder name and you'd have billions upon billions of combinations.
You can't even make a valid online transaction with just a card number and an expiry date anyway. You need the cardholder's name and the CVC code (which is not linked to the card number mathematically so can't be generated). Most places also require the card holders address for AVS (address verification system).

If we are to believe Check&Bill then just the card number & exp date alone would not go through their system and they require the CVC code etc then how could these customers have been debited?

Well, I am more and more conviced that this is an inside job either by an employee(s) of credit card companies or the post office who are intercepting and passing full card/cardholder details onto a colluding third party (e.g. to someone running fake shop website) for a cut. See my previous link to the new story about woman temp worker at VISA who got caught doing precisely that. There was no indication that the 3rd party was caught and those details could still be in that fraud network (plus the fact that there are quite probably others still planted in the credit card companies who have not been caught yet).

22-04-2005, 16:57	#335
Flubflow Inactive Join Date: Nov 2003 Location: Teesside Posts: 1,566	Re: Banks, Fraud and the Internet I am strongly doubting that generated card numbers & guessed expiry dates are to blame. There would be more misses than hits. Too many misses from too few sources for card companies to ignore. Add the requirement for a vaild cardholder name and you'd have billions upon billions of combinations. You can't even make a valid online transaction with just a card number and an expiry date anyway. You need the cardholder's name and the CVC code (which is not linked to the card number mathematically so can't be generated). Most places also require the card holders address for AVS (address verification system). If we are to believe Check&Bill then just the card number & exp date alone would not go through their system and they require the CVC code etc then how could these customers have been debited? Well, I am more and more conviced that this is an inside job either by an employee(s) of credit card companies or the post office who are intercepting and passing full card/cardholder details onto a colluding third party (e.g. to someone running fake shop website) for a cut. See my previous link to the new story about woman temp worker at VISA who got caught doing precisely that. There was no indication that the 3rd party was caught and those details could still be in that fraud network (plus the fact that there are quite probably others still planted in the credit card companies who have not been caught yet).