Re: verisign payment site backdoor ?

[redwood () visualjourneys com (Nojan Moshiri)]

Is this a function of Verisign or a function of Address Verification
(AVS) on the credit card side.  Credit Card companies use the digits
of your stress address and your zip to validate billing.  This may
be true for US citizens only based on verisign's CC verification
company.

If would be good to try five zeros with a US based credit card. If AVS
is being properly used it should no go through.

On Thu, 7 Feb 2002, Andrej Todosic wrote:

> Hello,
>
> so i had today a little adventure with verisign about paying some domains.
> When you go on their secure site and enter payment information, they now
> require a security check
> The security check consists of entering a billing address postal code.
> Without this the payment wouldnt work.
> After verifying several times witht hem on the phoen ( their system wont
> accept a canadian postal code).
> They told me just to put 5 zeros. The payment went through. I also seem to
> vaguely remember a mention of it somewhere in the payment confirmation
> screen. My question is:
>
> they gave it to me, so they know very well it exists, but what security do
> they have if they have a backdoor like this,
> and what is the point of extra precautions when you publicly tell everyone
> to use zeros if nothing else works.
>
> I dont know if this should be made into a big thing, but i certainly dont
> feel comfortable with these guys having my CC number.
>
>
> Comments or opinions are welcome.
>
> Andrej