07/18/14

Speaking at the NYC Bitcoin Center -HD-BIP32 Multi-sig Business Wallet

gAtO - will be Ringing the Trading Bell and presenting his HD-BIP32 Multi-sig Business wallet at the NYC Bitcoin Center with my good friend Dr. Nicolas T. Courtois from the University College London on Monday July 21 2014. If anyone is in the NYC area and wants to come on down for the show and after do a little Bitcoin trading – Come on Down. - gAtO oUt

poster_NYC

05/17/14

Bitcoin 2.0 and the Segway Bike

Bitcoin 2.0 and the Segway Bike

gAtO Imagine - some of the business side applications we can build with future triggered events being executed by Autonomous Cyber Robots. All build on the basic Bitcoin 1.0 code but not using the coins but the blockchain – there be treasure in that blockchain but it’s all math ugh!!!.

segway_bike_Bitcoin

Ok first what is Bitcoin 2.0? Basically it’s a new way to have a cyber robot or a cyber drone that can do what you instruct them to do. It is a timestamp triggered event and you can now just add business rules to it that will work in cyberspace.

What do you do online today?

  • Shop for things and have them delivered
  • Online banking
  • Buy and sell stocks and bonds
  • Send donations to Charities or political organizations

So now you can build cyber-business rules to be execute on the web and put them into one of these cyber robot or a cyber drone. I use these 2 terms because when people hear drones they think attacks and such and yes you can now build digital FINANCIAL  warriors that can execute based on events, millions of them and they can be used for good and evil.

timeStamp- or -blockchain-trigger event – robots with business rules- example//

  • Send 100 Bitcoins to my family every 6 months after I die.
  • Buy or sell stocks ambiguously  – Digital Business Contracts – or Personalities
  • Any transaction that can be performed on the web!
  • Set up a corporation by an Ethereum digital actors
  • Any Business rule that can executed digitally 

gAtO lOvE Ethereum //= it is a platform and a programming language that makes it possible for any developer to build and publish next-generation distributed applications. https://www.ethereum.org/  Next Generation Smart Contracts and a Decentralize Application Platform. Non-geek cyber-business rules OK…

GAtO used to lug around an Osborne luggable computer… 1.0 laptops – but gAtO was cool aligning 10MB (yes 10 Mega Bytes) hard rives the size of a large home freezer. The good old computers days… Out of hardware back to Biz -mEoW

MasterCoin – The Master Protocol facilitates the creation and trading of smart properties and user currencies as well as other types of smart contracts. Mastercoins serve as the binding between bitcoins (BTC), smart properties and smart contracts created on top of the Mastercoin Protocol. Non-geek cyber-business rules OK…

Similar Alt-coins but both the same (going after the business side) in a way but these seem to be a new wave of Bitcoin 1.0 off shoots. Now NameCoin and Trusted coin are on a different course, since they are more into the digital Notary service that can be done with any blockchain type Bitcoin off shoot. And LiteCoin 84 Million -versus- 21 Million in Bitcoins another fight but of a different financial play on this alt-coin. LiteCoin is around $10 bucks Per so we have to keep an I on them too.

Once again these another development are being built on the shoulder of the great Satoshi Nakamoto work. GaTo as a technologist love all these new and exciting toys to play with. Then I think about the Segway Bike I alway wanted one but then again really, I’m I really ready to give up walking? Back in 2001 it was so cool, it was the evolution of the bicycle or was it???

13 years later this evolution the revolution of the bicycle is seem by most as the Mall Police ride by. Ok maybe in Seattle or San Francisco I can see that but really. Now Bicycle Cops are everywhere but real cops on a Serway Bike – you know maybe I don’t really want one anymore. But I wonder if I can buy one with Bitcoins? ummm

DogE-Coin is hot with the young bloods as a NEW digital currency that’s taking Reddit and other places by storm- I know gAtOCoin, maybe I’ll start one of my own, there only about 500 Alt-Coins around and growing all built on the Bitcoin core code. Bitcoin is only 5 Years Old -Wow- Imagine in another 3-5 years // world wide currencies all over doing different things creating the NEW Cyber-System D-(system) that no government can controls, of the people and by the people. Double -Wow

gAtO’s bet is on Bitcoin, simple it has payed it’s dues, from an underground play toy to International financial deals like flying to the Moon on Virgin Air, I wonder if I can buy that with Litecoins- you listening Richard Branson I’m mining Namecoin too Richard.

The new Bitcoin business Investors and Incubators are hopping with new Bitcoin 2.0 ideas, but is it different if it’s control by the users, not the sole players like the bankers and older financial players. But truth be told these will bring newer workable solutions that will trickle down to the normal person. We must be careful because these new worldwide cyber solution will have little government controls so the game is changing and the ability to jump on this but NOT to give up privacy with government toys like TPM – Trusted Computer Platform – yes July 2015 all Windows 8 devices will have TPM 2.0 in control of your devices. The US solution cyber Kill Switch.

AT least Apple has not added TPM into it’s hardware but they banned against Bitcoin -Steve told you to Innovate Apple- But that’s another battle.

You can trust your government spying on you IF you have nothing to hide RIGHT!!! - gAtO oUt

Digital System D-

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.

 

06/27/12

E-Commerce in the Black Market

gAtO hAs - found that e-commerce in the Black Market in the Tor-onion network is a little different than e-commerce in the clear web. Places like the Silk Road that deal with illegal drugs and other black market marketplaces have a lot to think about when they do business and the customers of these services have similar problems that can open them up to being caught and prosecuted. There a few thing that we must examine to understand e-commerce in the deep dark web. Once again gAtO does not recommend doing business with the black market but from a technical and SE view of how these transactions happened we may learn something. I have learned that China,Iran and Syria look for Tor traffic because of the fingerprint of the traffic stream – Tor traffic is padded to 512 byte size packets, normal VPN is not. But we know that the Tor-Project team is working on new and better ways to hide Tor fingerprint so everything is evoling.

Here are a few notes I found that makes you think – mAyBe sI-nO:

Conceal your membership (VERY IMPORTANT FOR VENDORS)

Using Tor by itself is not enough to protect you, particularly if you are a vendor. Membership revealment attacks combined with rough geolocation intelligence can lead to a compromise! The gist of a membership revealment attack is easy to understand. The attacker merely determines everyone who is connecting to a particular network, even if they are incapable of determining where the traffic being sent through the network is destined for. Tor does a good job of preventing an attacker who can see exit traffic from following the stream back to your location. Unfortunately, if you ship product the attacker can determine your rough geolocation merely by determining where you ship product from. If the attacker already knows your rough geolocation and they are capable of doing a membership revealment attack to determine who all in your area is connected to Tor, they can likely narrow down your possible identity to a very small set size, possibly even a set size of one.

This is not likely to be useful for evidence but it will provide strong intelligence. Intelligence is the first step to gathering evidence. The attacker may put everyone in your area who they detect are connecting to the Tor network under meatspace surveillance looking for evidence of drug trafficking activity. For this reason it is highly important that you protect yourself from membership revealment attacks!

Membership revealment attacks are less a worry for customers (provided financiall intelligence is properly countered to avoid an attacker finding rough customer geolocations!) than they are for vendors. There are a few reasons why this is true. First of all a customer is likely to reveal more about their identity when they place an order than the attacker will be able to determine with a geolocation + membership revealment attack. Secondly, the vendors allowed to operate on Open Source have been highly screened to significantly reduce the probability that any of them are federal agents, but the customers on Open Source are not only anonymous but they are also not screened at all. Third of all, the organizational structure reduces the risk for customers; a customer may work with a few vendors but each vendor is likely to be working with hundreds or thousands of customers. Customers sourcing from Open Source are at minimal risk even if they have products delivered directly to there own residence, vendors working on Open Source at particularly vulnerable to membership revealment attacks due to the open nature of the site.

The primary concern for customers is that they load finances anonymously and the vendor decentralizes their financial network. If a vendor is using a star network (centralized) financial topology there is a risk that an attacker could map out the geographic locations where customers loaded funds. After determining where funding was loaded the attackers could do anonymizer membership revealment attacks in an area around the load point and filter out everyone who is not using an anonymizer. This will likely leave the customer and few others. The attacker may even be able to compare CCTV footage of the load to the users of anonymizers in the area and look for a facial recognition match. To counter this it is important for customers to make use of good financial counter intelligence techniques (E-currency layering being one). Customers may also choose to utilize transients by paying them a fee to load currency, this way the customer avoids being on CCTV at any point. If vendors decentralize funding points (ditch the star network topology) customers will be strongly protected from such attacks, however it is impossible for a customer to ensure that a vendor is using a 1:1 customer to account/pseudonym identification ratio.

There are several ways you can protect yourself from a membership revealment attack, if you are a vendor it would be foolish to not take one of these countermeasures. The primary way to protect from a membership revealment attack is to make sure you do not enter traffic through the same network you exit traffic through. As all traffic to Open Source ‘exits’ through the Tor network, entering your traffic through a VPN first will reduce your vulnerability to membership revealment attacks. The attacker will have to determine who all in your area uses any anonymizing technology and put all of them under meatspace surveillance, there are likely to be far more people in your area using some sort of proxy system than there are people using Tor in particular. This will substantially increase the cost of putting all ‘potential targets’ under surveillance.

Using a VPN is helpful but it is not the most ideal solution. Your crowd space against a membership revealment attack will increase but perhaps not by much depending on the particular area you work out of. Also, a particularly skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area. VPN’s protect from IP routing based membership revealment attacks but not from traffic fingerprinting membership revealment attacks. However, it is less likely that an attacker will be able to do a traffic fingerprinting membership revealment attack. The Chinese intelligence services apparently are still using IP address based attacks to block access to the Tor network. This is not nearly as effective as traffic fingerprinting based attacks. This could be an indication that traffic fingerprinting membership revealment attacks are more difficult to carry out (likely), however it could also be due to a lack of skill on the part of Chinas intelligence services. It could also be that China is not particularly interested in blocking/detecting all Tor traffic and IP address based attacks meet their requirements.

A better option than using a VPN would be to set up a private VPS and then enter all of your Tor traffic through this. Doing this will make you much more resistant to IP address based membership revealment attacks because now the attacker will not even be able to narrow you down to all people in your area using any anonymity technology. This is still weak to traffic fingerprinting membership revealment attacks!

Perhaps the best option to avoid membership revealment attacks is to use open or cracked WiFi from a different location + Tor every single time you connect. You could even use open Wifi + VPN/VPS + Tor for very high security from membership revealment attacks. Using random (not your neighbors) open/cracked WiFi greatly increaces your resistance to a wide variety of identity revealing attacks. An attacker can still do membership revealment attacks on users of open WiFi but they can no longer gain useful intelligence from the attack. If they detect that an open WiFi connection unrelated to you is using Tor it can not be used to put you under meatspace surveillance unless they manage to identify you (facial recognition from CCTV cameras, etc).

If you are operating as part of a group you can avoid membership revealment attacks via smart organizational policy. The person responsible for communicating with customers should be different from the person shipping orders. Now the customers are incapable of determining where your actual rough geolocation is because product is sent from a different geographic area than you communicate from. Your shipper should be aware that they will potentially come under scrutiny via a geolocation + membership revealment attack, especially if they use Tor to enter traffic.

Another option is to configure Tor to use a bridge. Tor bridges are designed to allow people in nations such as China the ability to connect to the Tor network. China uses IP address based blocking to prevent users from connecting to known Tor nodes. Bridges are Tor entry guards that are not publicly listed and have a limited distribution mechanism. You can get some Tor bridge IP addresses from the Tor website. We do not suggest you use Tor bridges because they replace your entry guard and they are under crowded. This will lead to a lot less multiplexing on your Tor circuit and can hurt your anonymity in other ways, although it will indeed offer some level of protection from membership revealment attacks. China has managed to detect about 80% of Tor bridges, it is likely that NSA knows all of them. Police agencies in the West are probably not yet particularly worried about locating bridge nodes but they can probably do so with near the same accuracy as China. In our opinion it is not smart to rely on a Tor bridge to protect you from membership revealment attacks in most cases.

Step Four: Know how to do safe product transfer, handle finances safe

Note: Although customers sourcing from Open Source are encouraged to take the best security measures they can, it is not likely required for them to utilize advanced operational security regarding mail (such as fake ID boxes, tactical pick utechniques, etc). Because the vendors allowed to be listed here have been highly screened it is likely safe for customers to have product delivered directly to their homes. If you only work with highly trusted and trusted vendors your biggest concern will be a package being intercepted!

 

Online Verification Procedures
Over the years, I’ve come across dozens of procedure lists for top-tier merchants regarding online transations and fraud reduction. I’ll detail several companies verification procedures below.

While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used.
The Risk Management Toolkit

  • AVS
  • CVV
  • IP/GEO/BIN
  • Cardholder Authentication (VbV/MSC)
  • Phone Verifications
  • Manual Order Reviews
  • Chargebacks & Representments
  • PCI Compliance & Data Security

 

AVS – Address Verification Service

How It Works

  • Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code… not the actual address. (i.e. “1234 Test Street” is parsed into “1234” just the same as “1234 Wrong Way” would be).

Implementation

  • Available on any Internet merchant account and virtually any Payment Gateway.
  • Most gateways provide an AVS configuration area where you can specify whether you want to automatically“decline” (i.e. do not settle) an authorization that has an AVS mis-match or non-match.

Benefits

  • Easy to implement Limitations
  • Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
  • A growing % of compromised credit cards – especially those obtained through inside jobs or hacked databases– will also contain the necessary information to provide a valid AVS match result.

Recommendation

  • If you handle a mix of int’l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing “Non-Matched” AVS match results.

 

CVV – Card Verification Value

How It Works

  • A service with many names – CVV2, CVC2, CID – but the premise is the same for all.
  • Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder’s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.

Implementation

  • Available on any Internet merchant account and virtually any Payment Gateway.
  • Most gateways provide an CVV configuration area where you can specify whether you want to automatically “decline” (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.

Benefits

  • Works for virtually ALL cardholder accounts – both U.S. and international.
  • There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
  • Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.

Limitations

  • CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.

Recommendation

  • CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.

 

IP/GEO/BIN Scrubbing

How It Works

  • Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
  • Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
  • Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.

Implementation

  • Custom direct integration into a service such as MaxMind.com
  • Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
  • Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.

•Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.

Benefits

  • Fast, Cost Effective and Non-Intrusive
  • Provides merchants with an excellent “do the pieces fit consistently?” analysis.
  • Can block up to 89% of all fraud if properly implemented

Limitations

  • Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
  • Proxy database is always in a real-time process of being updated as new proxies open up.

Recommendation

  • IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as “high risk” formore intensive scrubbing vs. being an outright decline.

Examples of what IP Geo-Location can tell you:

YELLOW ALERTS

  • Free E-mail Address: is the user ordering from a free e-mail address?
  • Customer Phone #: does the customer phone # match the user’s billing location? (Only for U.S.)
  • BIN Country Match: does the BIN # from the card match the country the user states they are in?
  • BIN Issuing Bank Name: does the user’s inputted name for the bank match the database for that BIN?
  • BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?

RED ALERTS

  • Country Match: does the country that the user is ordering from match where they state they are ordering from?
  • High Risk Country: is the user ordering from one of the designated high risk countries?
  • Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
  • Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
  • High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
  • Ship Forwarding Address: is the user specifying a known drop shipping address

IP/GEO/BIN Scrubbing (Continued)

Open/Anonymous Proxies: an open proxy is often a compromised “zombie” computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.

26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from anopen/anonymous proxy.

High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.

Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.

Results that speak for themselves:

ChangeIP – is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.

MeccaHosting – is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.

Red Fox UK – is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.

365 Inc. – is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.

Whew. A lot of editing. I’ll post the remainder in a bit.

 

 

Online Verification Procedures
Over the years, I’ve come across dozens of procedure lists for top-tier merchants regarding online transactions and fraud reduction. I’ll detail several companies verification procedures below.

While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used.
The Risk Management Toolkit

  • AVS
  • CVV
  • IP/GEO/BIN
  • Cardholder Authentication (VbV/MSC)
  • Phone Verifications
  • Manual Order Reviews
  • Chargebacks & Representments
  • PCI Compliance & Data Security

 

AVS – Address Verification Service

How It Works

  • Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code… not the actual address. (i.e. “1234 Test Street” is parsed into “1234” just the same as “1234 Wrong Way” would be).

Implementation

  • Available on any Internet merchant account and virtually any Payment Gateway.
  • Most gateways provide an AVS configuration area where you can specify whether you want to automatically“decline” (i.e. do not settle) an authorization that has an AVS mis-match or non-match.

Benefits

  • Easy to implement Limitations
  • Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
  • A growing % of compromised credit cards – especially those obtained through inside jobs or hacked databases– will also contain the necessary information to provide a valid AVS match result.

Recommendation

  • If you handle a mix of int’l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing “Non-Matched” AVS match results.

 

CVV – Card Verification Value

How It Works

  • A service with many names – CVV2, CVC2, CID – but the premise is the same for all.
  • Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder’s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.

Implementation

  • Available on any Internet merchant account and virtually any Payment Gateway.
  • Most gateways provide an CVV configuration area where you can specify whether you want to automatically “decline” (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.

Benefits

  • Works for virtually ALL cardholder accounts – both U.S. and international.
  • There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
  • Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.

Limitations

  • CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.

Recommendation

  • CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.

 

IP/GEO/BIN Scrubbing

How It Works

  • Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
  • Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
  • Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.

Implementation

  • Custom direct integration into a service such as MaxMind.com
  • Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
  • Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.

•Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.

Benefits

  • Fast, Cost Effective and Non-Intrusive
  • Provides merchants with an excellent “do the pieces fit consistently?” analysis.
  • Can block up to 89% of all fraud if properly implemented

Limitations

  • Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
  • Proxy database is always in a real-time process of being updated as new proxies open up.

Recommendation

  • IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as “high risk” formore intensive scrubbing vs. being an outright decline.

Examples of what IP Geo-Location can tell you:

YELLOW ALERTS

  • Free E-mail Address: is the user ordering from a free e-mail address?
  • Customer Phone #: does the customer phone # match the user’s billing location? (Only for U.S.)
  • BIN Country Match: does the BIN # from the card match the country the user states they are in?
  • BIN Issuing Bank Name: does the user’s inputted name for the bank match the database for that BIN?
  • BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?

RED ALERTS

  • Country Match: does the country that the user is ordering from match where they state they are ordering from?
  • High Risk Country: is the user ordering from one of the designated high risk countries?
  • Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
  • Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
  • High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
  • Ship Forwarding Address: is the user specifying a known drop shipping address

IP/GEO/BIN Scrubbing (Continued)

Open/Anonymous Proxies: an open proxy is often a compromised “zombie” computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.

26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from an open/anonymous proxy.

High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.

Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.

Results that speak for themselves:

ChangeIP – is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.

MeccaHosting – is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.

Red Fox UK – is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.

365 Inc. – is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.

This is only a small part of the e-commerce as you can see there are lot’s of opinions on how to do business in the Black market and understanding how it’s done can help us to figure out solution for legit business in the future. - gATO oUt