North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Defeating DoS Attacks Through Accountability

  • From: Marshall Eubanks
  • Date: Sun Nov 12 12:49:45 2000

Joe Abley wrote:
> On Sat, Nov 11, 2000 at 10:41:13PM -0800, Sean Donelan wrote:
> > How would you propose to handle the case where a person has a credit
> > card number, and then you receive a request from a third party with
> > no evidence of any authorization from the registered card owner to
> > charge stuff on that card number?
> The card gets charged regardless; if that turns out to be an unauthorised
> transaction it gets challenged later (assuming it is noticed at all).
> That's what happens today, as far as I can see. Uncanny resemblance :)

Actually, if you are the merchant and want to handle credit cards :

1.) You get a discout if you run a address check (even if you then ignore
a failure) and

2.) If the transaction is successfully challenged or is bogus YOU have
to pay (and
the CC bank may actually hold back some of your CC income to make
sure that you do) AND

3.) If the failed transaction rate (i.e., bogus + successfully challenged
transactions) is consistently > about 5% you will be TERMINATED AND
(i.e., you will find it very hard to do any more credit card
transactions with

It seems to me that the credit card industry is a little more serious
about this...

                                   Marshall Eubanks

   Multicast Technologies, Inc.
   10301 Democracy Lane, Suite 201
   Fairfax, Virginia 22030
   Phone : 703-293-9624          Fax     : 703-293-9609     
   e-mail : [email protected]