use of routing information in anti-fraud mechanisms

Adam Shostack adam at homeport.org
Tue Nov 29 17:12:19 UTC 2005


On Tue, Nov 29, 2005 at 12:01:48PM -0500, Anthony DiPierro wrote:
| On 11/29/05, phobos at rootme.org <phobos at rootme.org> wrote:
| > On Tue, Nov 29, 2005 at 09:38:48AM -0500, or at inbox.org wrote 4.9K bytes in 98 lines about:
| > : Hmm, when I read this I assumed you were just connecting from some
| > : high fraud country, though now that I think about it, it could be
| > : both.  Maybe your billing address is in Cambridge, MA and you're
| > : connecting from a completely different country which has an extremely
| > : high fraud rate.
| >
| >        While this an edge case, when I travel around the world, I
| >        frequently come from foreign IP addresses that don't match my
| >        residential or business addresses.  Frankly, i wouldn't do
| >        business with them, or call them up and explain the situation.
| >        Lots of the working world are travelers.
| >
| > --
| > Andrew
| 
| If you're going to go visit (for example) Nigeria and you plan on
| using your credit card, you should probably let your credit card
| company know first.  This is true whether you're planning on making
| purchases online or offline.

Does anyone share data about what fraction of online credit card fraud
is done by small time operators, versus those with access to farms of
zombie proxies?

Adam



More information about the tor-talk mailing list