Re: Unnamed Acquirer Processor Breach Timeline

[Tom Mahoney <lists () merchant911 org>]

Yes, every CNP merchant should do those things, but they are 
unreliable at best.  My files are full of reports from merchants who 
have completed transactions passing AVS and CVV2, shipping to the 
billto address with proof of delivery and still loosing chargebacks. 
We've even see it happen when the merchant is enrolled in Payer Auth. 
although that service does seem to be better in the last  year or so.



At 8:55 AM -0600 2/27/09,  Urban, Michael typed out:
> One way for merchants to protect themselves from fraudulent CNP
> transactions related to these (or any) cards is to perform address
> verification and request CVV2.  Any CNP merchant who authorizes a new
> (or even existing) customer's transaction with only the card number and
> expiration date is taking a risk.
>
> But I may be missing something...

-- 

Tom Mahoney, Founder & Director
Over 3800 Merchants united to protect themselves
http://www.merchant911.org
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss