how-to block ads
|
|
Uniqs:
3536 |
Share Topic
 |
 |
|
|
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:17 | Authorize.Net should be investigated for being involved We have seen that apparently there are no procedures in place (or they ignore them for compensation) at Authorize.Net ( »authorize.net/ is a is a registered trademark of CyberSource Corporation »www.cybersource.com/ )to weed out or vetting of scammers using the fake web sites. However, it really pisses me off when I read this info below and I don't understand why they (Authorize.Net) are allowed to even stay in business as a payment processor. There should be extreme pressure placed on them to clean up their act or lose their business. Who is upstream of them that allows them to handle peoples money so recklessly? They should be as diligent as »www.powerpay.biz/ appears to be.......
Psystar still down as Powerpay explains its decision
»www.news.com/8301-13579_3-9922664-37.html
quote:
PowerPay initially suspended and subsequently terminated the merchant-processing account of Psystar for three primary reasons: product/services not as represented in application, sales volumes grossly exceeded, (and) no address verification utilized," Steven Goodrich said in the statement.
Merchant service accounts are set up based on the volume of transactions expected to flow through an online store, Goodrich said. Psystar went well over its expected volume for the year in just a couple of days, as Open Computer orders poured in.
"In this case, the applicant processed almost 200 percent of his anticipated annual volume over just a few days. In doing so, the applicant never used AVS (address verification services), which is a vital part of validating cardholder consent," Goodrich said in the statement. "This, coupled with the fact that product was substantially different from what was described in the application, left PowerPay no choice but to suspend services. The discrepancy in addresses and other info only add to our discomfort with the account."
Or am I misled and offbase?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:4 | sounds like Powerpay has their ducks in a row and isnt taking no mess. too many times i've seen authorize.net mentioned in a negative way. I too am surprised authorize.net still is able to be in business when it's obvious they dont give a sh*t.
»www.ripoffreport.com/searchresul···chtype=0
--
a time for change... | 1st & 10 | Ham is good | |
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:17 | MGD  covers this well in the last portion of this topic: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Here are the detailed snippets.
said by MGD:
If they were able to process fraud charges against these cards with only those two pieces of data, then there is another huge security hole that needs some focus. We do know for certain that this syndicate mandates that all the fraudulent site merchant accounts are set up using Authorize.net / Cybersource as a gateway provider. It has been assumed from the beginning that the reason was the lack of adequate vetting and minimal standards. However, not considered before was that they may have the ability to bypass or hack (AVS) Address Verification System or CVV2 requirements of card not present transactions.
then
said by MGD:
Of course from the earliest days we knew that all the fraud operation sites had one thing in common, they were using Authorize.net as a merchant gateway. Subsequent communication intercepts revealed that the crime syndicate mandated that the recruited cyber-mules only use banks that were affiliated with authorize.net. Using authorize.net was an absolute requirement. It became obvious that the vetting and operational system facilitated the fraud.
I now see cases where the merchant account configuration though it has (AVS) verification toggled on. The reject on invalid zip to street address is turned OFF. So essentially though it may be checking it, invalid entries are still processed. Worse yet, CVV2 validation is also turned off. Now I am not even sure what the requirements are for a CNP card not present transaction using that system is, besides having a valid card number and expiration date. The criminals have have full access to that merchant account control panel, and I assume they can toggle any setting on or off regardless of the original configuration. It has always bothered me, and I have been unable to explain why all fraud charges to Debit cards show up on the line item statements as a POS (Point of Sale) transaction. I do not know if that is generic to all CNP Debit transactions or unique to this criminal enterprise.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5
 ·Clearwire Wireless
 ·RoadRunner Cable
| reply to Doctor Olds
You got it right. PowerPay got it right too, despite my initial reaction of thinking them to have erred on the side of pettiness.
The story is really interesting. It's got all the elements of a best seller. Drama, mystery, suspense & betrayal in a modern day, high tech conflict between the forces of good & evil being played out with a colorful set of characters. The problem with this setting is that it's not fiction. The only predictable & ordinary thing about this story is that it's taking in Florida. What is it about Florida anyway? Maybe we should partition Florida from the net until they can clean up their act a little. 
Paypal coming to the rescue is a good example of how things aren't what they always appear to be & how things are what they appear not to be. The line that separates PayPal's functions from that of a credit card processor have gotten so blurred how can we tell when it gets broken?
The problem boils down to a lack control over how, where & who is responsible for the integrity of the system. As it is now, the consumer is ultimately responsible for footing the fraud bill. That's only been successful because the bill we've been paying has been getting paid transparently in the form of higher credit costs as well as an added on cost that's attached to every item we purchase. This added on cost is like an interest only payment schedule on a loan. It will never pay down the loan, it only services the day to day cost & doesn't affect the original debt. The big problem with this is that the consumer never signed up for this loan but somehow ended up agreeing to pay the cost of servicing it. The debt will never be paid off with this current system. We will be paying off this cost until the system itself is overhauled, shifting responsibility away from the consumer. | | |
|
MGDPremium,MVM
join:2002-07-31
Fort Lauderdale, FL
kudos:9 | reply to Doctor Olds
said by Doctor Olds:........ Or am I misled and offbase? No, not at all.
Clearly PowerPay actively monitors their merchants. They apparently flagged the account for generating billing that exceeded their anticipated revenue. PowerPay even noted that the (AVS)Address verification System, was not utilized in screening the online card transactions. Also, the sales category did not match the vending criteria on the original merchant application. They even mentioned being "uncomfortable" with the subsequent address changes.
Worth noting is the fact that the Psystar LLC, and the pustar.com domain are both registered to the same individual.
In contrast, the merchant applications from the Devbill crime syndicate via the cyber-mules, have absolutely no ownership connection between the LLCs' and the domains.
In the vast majority of those cases you have, for example, a John Doe who sets up an LLC, obtains an IRS EIN number, and opens a business bank account such as:
John Doe
125 5th Ave.,
New York, NY 10001
212-279-1111
Mr. Doe registers an LLC with the state of New York called JODO LLC, applies for, and obtains, an EIN tax number. Then he heads down to the bank produces the tax and LLC certificates, and opens a business bank account. So far so good, nothing out of the ordinary.
However, here is where the whole system falls apart. As instructed, John has opened a bank account at a bank that offers Authorize.net as a merchant gateway card processor.
Following those instructions, Mr. Does now goes back and completes an application for a merchant billing account to get access to the financial card processing system. John applies to open an merchant account for JOD-Solutions.com. The application is approved and the account is set up.
However JOD-Solutions.com domain is registered as follows:
Jane Smith
123 Anystreet,
Tacoma, WA 98401
503-111-1111 ------> Oregon area code.
John Doe has just been approved for a merchant account to process credit cards for a domain / website that HE DOES NOT OWN. The revenue for all card processing from JOD-Solutions.com supposedly owned by an unrelated party in the state of Washington, will now be funneled to an unrelated LLC bank account located in New York. To make matters even worse, in the most flagrant scenarios, JOD-Solutions.com will not even list a reference to the original LLC, and only contains a phone with a California area code.
At this point the integrity of the card processing system has been breached by a blatant failure in the vetting process. Access into the system has been given to an "unknown". As long as this set up does not trigger an excessive chargeback flag, they can process $50,000 per month (as listed on the application) indefinitely. We won't even mention the technical expertise that might have been required to have noticed that JOD-Solutions.com has embedded code that prevents it from being found by anybody doing a search, yet it will generate $50,000 a month in internet sales for an intangible product that does not ship, or otherwise require any additional documentation of a purchase.
Repeat this process over and over, dozens of times a year, year in, year out, and you have a gaping hole that truckloads of fraud money can get through unnoticed.
What are the chances that PowerPay would have approved such a set up, or 99.9% of any of the other gateway processors.
MGD | |
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:17 | Thanks MGD for reading and responding. I'd say PowerPay would have either outright not approved the applications for accounts or would have quickly frozen the accounts when checking applications and seeing the inaccuracies/warning signs along with seeing the 50k in one month on a new 'web based only" business and that is easily one of the reasons why the syndicate doesn't use them. 
Hopefully you will weed out the so far unseen connection and/or you already know some things but just can't detail the info as of yet for other reasons including gathering additional proof. Something is just not right with the current setup. It needs to be cleaned and closed as a loophole with all parties involved in letting happen and allowing to continue unabated prosecuted to the fullest extent of the Law plus penalties.  I can dream big, right?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
|
