h a l f b a k e r yCompound disinterest.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
You get a text saying: "Here is Netflix, account not paid. Click with card to pay or Netflix is to cancell!" You pull out your ScamBuster "Credit" Card.
It's designed so that once the credit card companies receive requests for payment via these decoy cards, an immediate investigation is launched and
the payments to that company are immediately ceased.
So as a scammer, you set up a card payment account, then send out 10,000 fake texts or emails to get people's credit cards. If this system were in place, most of the responses you get would be these scambuster credit cards. Upon receipt of the very first one, which would probably come before you got an actual credit card number, the payment system would be put on hold while the investigation is initiated by the card company, so the chances of you getting anything are very low.
Your card has a unique number, there's no database where scammers can search to see if the number you gave them is legit, they have to send it to the card company, at which point they're under immediate investigation.
The user will be given instructions on how to use these including warning that using these on legitimate businesses for some reason is a crime, these are not to be misused.
Now if the company turns out to be legitimate, that's fine. They'll be on the credit card company's records as being such and the decoy card using person will be notified that they made a mistake. There's also responsibility that comes with these things and if you make another such mistake your card is cancelled. There'll still be plenty of aspiring crime fighters out there to swamp credit card scammers with these things.
Happy New Year everybody!
UPDATE: The credit card companies send out apps that users can open and cut and past these scam texts into. A single spy card is generated that will be sent to the scamming entity that will never be approved for any transaction attempted but will track all those who tried to use it creating an increasingly accurate database of scammers.
Stolen cards tested on charity sites
https://www.bankinf...harity-sites-a-7608 [prufrax, Jan 01 2023]
Two Philadelphia Men Convicted of Running Credit Card Fraud Ring Using 200,000+ Stolen Accounts
https://www.justice...using-200000-stolen [prufrax, Jan 01 2023]
Payment Card Number
https://en.wikipedi...Payment_card_number Card numbers aren't random string of digits, they have structure that you can check. [prufrax, Jan 02 2023]
Shopper Face More Identity Checks when Buying Online
https://www.theguar...-when-buying-online 2FA via SMS, voice or banking apps in the UK [prufrax, Jan 02 2023]
Me and Poc's message to you all this holiday season.
https://www.youtube...watch?v=_uVUSBi3u0E [doctorremulac3, Jan 02 2023]
Credit Card CanaryToken
https://blog.thinks...it-card-tokens.html A real-but-flagged credit card for use by a merchant implementing a PCI-compliant payment system with credit card storage, to help spot if someone steals their store of customer card details [prufrax, Jan 22 2023]
[link]
|
|
I can imagine bad people using these en masse against legitimate companies as a kind of DDOS attack, but the effect of that would only be temporary, so [+] anyway. |
|
|
I like this, but maybe don't give them to everyone immediately - you could roll it out to a few trusted operatives and expand gradually. This would avoid swamping the system or generating too many false-positives. |
|
|
False positives would probably still be an issue; you might need to not trigger a full account lock-down on the first report (although you could start an investigation, if the system wasn't at capacity). |
|
|
Actually I'm not sure you need to roll decoy numbers out to the public at all - if there was a central email address where people could send suspected scams, it would probably be more reliable and efficient to have experts review the email (or text, or other scambait), and decide whether to proceed. Decoy numbers might still be a useful tool for that operation. |
|
|
//Your card has a unique number, there's no database where scammers can search to see if the number you gave them is legit, they have to send it to the card company...// |
|
|
It would be possible to make a database of numbers which triggered investigation, particularly if the 'hold' was immediate. So you'd still need to rotate them after use. |
|
|
This will not hurt credit card scammers. |
|
|
The scammers aren't stupid enough to put the funds directly into their own account. Often stolen card details are simply sold to other criminals. Those criminals then launder funds drawn from stolen cards via activities such as buying items from a legitimate retailer and re-selling them. |
|
|
Worse - in order to confirm that the stolen details are legit, the criminals will often first use them to make a small donation to charity. |
|
|
//but maybe don't give them to everyone immediately - you could roll it out to a few trusted operatives and expand gradually// |
|
|
Absolutely, I'd do a test first, possibly with licenced law enforcement agencies. Give these to half a million cops who might volunteer. My son's a police officer, I'll ask him if he'd partake in something like this. It actually sounds kind of fun. |
|
|
Thank you for your post pru, I like hearing possible drawbacks, but as for the first one, their selling of scam cards to other criminals. What's the downside of that? Get yet another criminal on the tracking program. |
|
|
As for the scam donation to charity I'm not seeing that's any different than attempting to get money from these for any other purpose. The charity wouldn't get any money but I'm sure they're not interested in getting stolen money anyway. |
|
|
In fact, get them, and everybody else on board with this. Any merchant who takes credit cards would be and active part of this sting operation. |
|
|
And to be clear, there are no funds for criminals to launder, these aren't credit cards, they're tracking devices. |
|
|
The main problem you have is that the criminals you're trying to trace are NOT running card payment accounts. |
|
|
They are impersonating the legitimate cardholder whilst purchasing items/services from legitimate businesses. |
|
|
ALL the places the cards are used illegitimately will be in your legitimate known business list. |
|
|
The click-to-pay website the scammer sets up and emails out a link to is completely FAKE. It doesn't take a card payment at all, just steals the details to sell to the money laundering gangs. |
|
|
But they're not purchasing anything. Ever. The "chaff" factor alone would be devastating to this scam industry. |
|
|
Say you're a scammer, let's say you have a real good day. You've got 300 card numbers. 280 of them are these plants because at some point the only people answering are people who have these. Time is money for criminals as much as anybody else. There is no money at the end of these transactions and no way to find that out until they attempt to use them to get money. |
|
|
So you're going to have to sort through 300 cards, 280 of which are decoys putting your system on the radar screen. Currently any card they get is from a sucker, we're talking 100%. Knock that down to 10% and you've wrecked the business model. Practical business models apply to criminal transactions just like any other vocation. |
|
|
//just steals the details to sell to the money laundering gangs.// |
|
|
But like I said, that's good. I love the idea of them selling these to other criminals because, again, there is no money. Not a penny. The scammers would just be passing the scam along. How long would that business last? |
|
|
But again to be clear, I do appreciate your input. Legit concerns, but I think this addresses them. |
|
|
The scammers don't run their own payment systems. They instead use the stolen cards *widely* with many legitimate retailers.
You'd put ALL legitimate retail systems "on the radar", as the criminal is acting as the consumer in these transactions. |
|
|
Also, money launderers DON'T care about financial efficiency, and the money going in is not theirs to start with - in fact suspiciously high levels of unprofitability is often the hallmark of a money-laundering operation. |
|
|
Successful scammers would just learn to be less obvious and more convincing so as to get more legitimate credit card details from the public. |
|
|
And then you'd be back to square one again. |
|
|
//It's designed so that once the credit card companies receive requests for payment via these decoy cards, an immediate investigation is launched and the payments to that company are immediately ceased.// |
|
|
This just kills legitimate businesses and charities by stopping their online card payments dead. |
|
|
But that's like saying tracking and not honoring counterfit money shuts down legitimate businesses that get given the stuff. |
|
|
And it doesn't do anything to the company that GOT the card payment, it's the card user. |
|
|
It's a fake person basically. Once somebody says they're that fake person, they're busted. The company they're trying to pass themselves off to as legit isn't affected. They just don't get any money because there never was any money. |
|
|
But we now know there's a scammer out there who's been taken in by THIS scam. |
|
|
It's a scammer scam. Real simple. The merchant is fine, the fake buyer isn't. |
|
|
You get a payment from this tracking card. The card company says "This is a trap card, send us the info on who tried to use it to purchase from you and thanks for your help. Together we can end credit card fraud." |
|
|
IF you just typed in random fake details without all the extra layers it would also prevent fraud. |
|
|
* You'd give the bad details to a small-time card harvester.
* The card harvester would try to sell it on.
* The organised crime gang buying the numbers would try and use the bad number to donate 50p to a random charity.
* The transaction would fail due to the card number being fake, and so the sale of the number would fall through.
* Card harvester has a bad day, organised crime is not affected. |
|
|
With your scheme as described, the same thing happens except that in addition, the random charity suddenly finds its ability to take credit card donations has been stopped. |
|
|
Well, no, because the when you put that number in, nothing happens, same as when you miss a number. "Card not recognized," This card gets recognized and that starts the investigation. |
|
|
And the charity gets a legit card, they get the money. They get taken in with a trap card they don't. The info gets relayed to the database and the instigator is tracked as much as possible. |
|
|
Again, you don't shut down the merchant, you shut down the criminal, exactly like with counterfit money. |
|
|
Only with counterfit money, you can buy something, with this you can't. The merchant in this case is told immediately that an investigation is underway and they assist. |
|
|
Investigating who though? |
|
|
Or the scripted test purchase made from a tor-hidden IP address to the retailer/charity's website? |
|
|
The card holder, not the merchant, same as with counterfit money. But unlike with counterfit money the merchant is part of the sting and loses nothing. |
|
|
Anyway, covered that, time to move on. |
|
|
So you'd investigate the person to whom the tracking card had been issued? |
|
|
How would that help anything? |
|
|
After all, presumably they entered the fake tracking card details in the first place because they thought the initial email and link looked dodgy. |
|
|
// The merchant in this case is told immediately that an investigation is underway and they assist. // |
|
|
How many investigations per hour can the average volunteer-run charity donation website support before it becomes easier to just stop taking online donations? |
|
|
What percentage of charity donations are scams? I'm assuming the same as any other business. I've started businesses that take credit cards, in all my years of various businesses I haven't had one. You seem concerned that stolen credit cards won't be able to be used to give money to charity. I don't think charities want stolen money. |
|
|
Trying another analogy, these are fake hundred dollar bills you put in a safe that have a tracking mechanism. Merchants handed the bills are told this is a worthless counterfit bill so not to send the merchandise but the systems automatically relates this counterfit bill purchase attempt to the tracking system. |
|
|
But mainly, and this really is the core of the idea, if there are 10,000 safes in the city, 9,500 of them are filled with these bills and the robbers are going to have to spend a lot of time sorting through the fake money to find the real stuff, all the while knowing they're being tracked. |
|
|
But let me ask you this, although I don't see it as a problem, do you see a way to address your concerns with this? |
|
|
Having read [prufrax]'s remarks, I now agree with him, and am rescinding my bun. [=] |
|
|
The credit card system has two kinds of recognisable counterparty, namely, the card-holder and the merchant. This idea, as originally imagined, was a way to attack the merchant in the case where the merchant was actually a crook. But what [prufrax] has pointed out is that the crooks make sure that they are neither the card-holder nor the merchant, and therefore cannot be attacked through the system. |
|
|
See [8th of 7]'s favourite Monty Python sketch, "How Not to Be Seen"; they are not hiding behind either of the bushes. |
|
|
Thank you [prufrax] for utterly demolishing this idea in an interesting, educational and well-meaning way. Next. |
|
|
He doesnt understand the idea. They are neither the card holder, the merchant or the recepieint of any money, Theyve set up an account to receive card payments that will be shut down in short order. These would destroy the mechanism they created for receiving money. Think of it as a virus. |
|
|
I think its a very simple concept obscured by an impassioned but incorrect evaluation. Using the hiding analogy its a bit like saying you cant scatter chaff from a bomber to obscure it from radar because chaff has neither guns or navigation systems. Ill not sure how to respond other than I think youre missing the point. |
|
|
Disagreement is great, but it should be about whether the idea will work or it wont, not about what the actual idea itself is. |
|
|
Giving a credit card scammer a fake card number will shut down charities? It wont and your thinking it will indicates a misunderstanding of the concept. |
|
|
Not sure what idea hes demolishing but its not this one. |
|
|
Tell you what, would anybody be interested to see what the credit card companies might think of this idea? Can we at least agree that they would be the experts and have final say regarding any potential or problems with this idea? This could actually be kind of interesting eh? |
|
|
Ill see what I can find and post it here. Well let them have the final call, one way or another. This could be kind of fun for all. |
|
|
The card issuers don't care about individual single small fraudulent transactions enough to investigate them. If the transaction was declined they haven't lost money and if not, then its not worth the cost of their fraud team's time to investigate every single piddling small transaction reported as fraudulent in detail. They just write the small ones off and mark it against the merchant's reputation if it happens too often. |
|
|
If the card holder complains enough, or if the loss is larger, the card issuer will claw back the fraudulent transaction from the merchant and refund the cardholder. The merchant is left to absorb the loss instead. Too many clawbacks too often and the issuer will reduce the level of trust in the merchant leading to more of their legitimate transactions being randomly declined by the issuers/banks as suspicious activity. |
|
|
The system is set up so that the bank/issuer is always protected first and foremost. Things like 3D-Secure are designed to push the risk of whether a transaction is fraudulent onto the merchant. |
|
|
The police aren't interested in details of every single piddling little fraudulent transaction either because they are after the real criminals - the organised crime money laundering operations that handle stolen money from many sources including stolen card details. The ones driving the market for stolen card details in the first place. |
|
|
If you think your card details have been stolen and contact the police, they will just tell you to contact your issuer to cancel the card, and give you a crime number to give the issuer so the issuer can write the transaction off against their insurance. |
|
|
This is all automatic. No humans are involved other than the intended victim that gives the virus card to the scammer and the scammer who wastes his time trying to get payment from the virus credit card and is automatically shut down and registered as a scammer ineligible for payment when enough of these cards are given to them by consumers fighting back . |
|
|
So, given that, if your idea were implemented (despite it costing the issuers money to do so), it would generate many failed/flagged transactions. |
|
|
The issuers would ignore them as they haven't lost money, but still mark down the merchant's reputation. |
|
|
The organised crime gang would not lose out as they would see the card details the card harvester tries to sell them as cancelled and therefore don't buy them, only the ones that actually work. |
|
|
The card harvester would up their game or spread their net wider to be more convincing to prevent being fed too many fake card details. |
|
|
And if the implementation really DID involve // an immediate investigation is launched and the payments to that company are immediately ceased // then YES small charitiesand online businesses would find their online payment taking capabilities being immediately ceased. |
|
|
HOW is the scammer "automatically shut down and registered as a scammer ineligible for payment" when the scammer never risks their identity at all? |
|
|
The scammer won't try to use the details themselves, but instead sell it on. Nothing to block here. |
|
|
The single fake card transaction is already ineligible for payment. The money launderers will see the transaction fail once and not try that card again. The next onoe they try will be using a different stolen card, coming from a different IP address and against a different merchant. Nothing to block here either. |
|
|
The merchant is innocent. The original cardholder is innocent. They would be the only things that could be blocked in the system, but that would not impact on the fraud. |
|
|
You need to think like an issuer. To them, it's not a "wily scammer getting details from a cardholder" problem. It's a "stupid cardholder giving out details inappropriately" problem. Followed by a "merchant risking accepting transactions inappropriately" problem. |
|
|
//Theyve set up an account to receive card payments// |
|
|
If they did that, that would make them a "merchant", from the credit card network's point of view. But [prufrax] has pointed out that this is not what they do. |
|
|
Yes, theyll just sell the scam info (thats worthless) to another scammer. That somehow negates the main point of this how? |
|
|
Obviously Ive not gotten the point across to a couple of folks and Im repeating myself and getting repeating indications of misunderstanding back. This needs a logic flow chart for clarification maybe.Ill close for now using the analogy of injecting radioactive material into a system to see how it reacts to different impediments in that system. How those reactions transpire and how theyre dealt with can be discussed but thats the basic idea. Ill leave it at that for now. |
|
|
Because the other scammer isn't a "merchant" either, so you can't block payments to them through the credit card network. |
|
|
At some point hell want to receive something. He cant. Dont know what else to tell you. |
|
|
Because the second scammer won't buy, due to the card failing the small automated donation test. |
|
|
The criminals are doing a lot of this automatically too, you know. It's an arms race between the banking system and organised crime. They just need to steal more details to try if more of them are fake. As long as there are a few real details in the mix, it will still be worth their time. |
|
|
Your scheme would generate extra chaff in the _issuers'_ fraud detection systems and cost them money. Which is why it is a non-starter. |
|
|
No, its a simple algorithm a high school student could write. The savings in time and manpower not to mention billions in fraud prevention would pay for this many times over. |
|
|
The current system is defensive and manpower intensive, this goes on the offense and is all automatic. |
|
|
Once the one fake stolen card fails a transaction, the scammer throws it away. It has been filtered out. Just the same as if the card was real but had already been cancelled by a worried cardholder. |
|
|
The scammer is throwing thousands of cards through the system in the hope that a few work and can be sold. The extra chaff won't slow them down. |
|
|
This isnt just chaff, it affects their systems ability to receive benefit from not just this, but any other credit card. |
|
|
Its not a saving in time or money if the issuers have to store, track and issue these fake numbers in the first place. That's a real cost to them. |
|
|
In order to not be detectable, the card numbers would have to look like real card numbers and pass standard credit card number validation checks. Which means they would have to be drawn randomly from each issuer's legitimate card number space. Which means they need to be on the system so they don't get accidentally turned into real cards. |
|
|
If they aren't scattered through the issuers' real card number space then eventually the criminals will work out how to spot the fake numbers before trying them and just throw them away immediately. |
|
|
Storing a few million card numbers on a server costs a few bucks a month. I think youre scrambling to come up with anything to refute that this might work. Which is fine I guess. Im down for debate. |
|
|
Getting lTe though. Ill rejoin tomorrow. Night all. |
|
|
And you are failing to show how this causes the scammers and money launderers to fail to make use of the _real_ stolen card details that they will still obtain from the few people that fall for the scam for real. |
|
|
Without any mechanism for that, it is just extra failed transactions and pointless extra work for the merchants and issuers. |
|
|
Well yes, he can; he receives something by buying real goods from a real merchant with the stolen card details, and then he sells on those goods through some other channel. |
|
|
The merchant in this case is a real merchant, so you can't punish or block them, and the card used is registered to a bona fide card-holder, so you can't punish or block *them*, either. |
|
|
The whole art of the villain here is to make himself invisible to the credit card network, so that any attempt to strike at him through that network (like the one in this idea) will miss its target. |
|
|
A recent change that has temporarily stymied some of the scammers would be the introduction of (semi)manditory phone-based 2FA support for online card transactions in the UK. |
|
|
I would expect scammers are even now looking at ways to get malware onto people's mobile phones to intercept the 2FA callbacks, possibly installed via the same card harvesting fake site links... |
|
|
But this involves giving legitimate cardholders more hoops to jump through to prove each transaction is genuine. |
|
|
When chip+pin auth of in person transactions was introduced, the money laundering gangs simply moved to making transactions abroad in countries where magnetic stripe auth was still in use. |
|
|
Yikes! Have you been up all night obsessing about this thing? So much misinformation here I dont know where to start. |
|
|
/:Well yes, he can; he receives something by buying real goods from a real merchant with the stolen card details, and then he sells on those goods through some other channel.// |
|
|
The card wont get approval, same as a card that gets turned down for not having enough money available. It will however go into a tracking system. Where did you come up with the idea that you can get money from these cards any more than a card with the numbers 1234 5678 1234 5678? And before you get all excited, the only thing these virus cards share with a random number is that they cannot be used to complete transactions for goods or services. |
|
|
I did however see a flaw that you missed. These virus cards are limited to a few uses. Easily solved. An app given to users from the credit card company that generates unique faux cards for every scam incident they encounter. |
|
|
As far as your extensive critiques of some idea that does not exist, lets try a different approach. With great specificity and in your own words, what is this idea? Dont cut and paste and heres a hint, if its more than a couple of sentences thats not it. And hold the criticism tornado for a second, just demonstrate that you understand the concept. |
|
|
So what, in your own words, is this idea? |
|
|
Ive added another improvement: you just grab and paste the text and drop it into the app. |
|
|
Here's a thought.
There are several basic modes of operation in scam card operations; at least three: |
|
|
1) Directly drawing money from the account as a fraudulent retailer.
2) Purchasing a physical item from a third party retailer.
3) Purchasing a non-physical service from a third party retailer. |
|
|
In case (1), you don't want the transaction to go through, you want the scam account shut down.
In case (2), you the transaction to appear to go through - but then cops arrive at the delivery address and shut the scam down (it'll probably be a mule, but it's a start.)
In case (3)... well, it's not quite so easy. Sometimes supplying 'poisoned' or corrupted service might be appropriate. |
|
|
Anyway, it would be quite an involved operation. I think it might be worth attempting though, if you could get the interests of customers, banks and legitimate retailers aligned. |
|
|
//Anyway, it would be quite an involved operation. I think it might be worth attempting though,// |
|
|
My thought exactly, this is worth exploring. |
|
|
Think of this card as a spy. A broke spy who can't buy anything. |
|
|
Here's a scenario of how this might work: |
|
|
1- Bob and Joe are scammers, they buy a list of vulnerable people to send fake Netflix renewals to. |
|
|
2- They send out a million fake renewal notices with info on where to put your credit card information. |
|
|
3- The next day they get 300,000 card numbers, but Bob and Joe know that many or most of them are these counter attack cards. No problem, they just put them all in. |
|
|
4- One of those cards is poor old Mrs Blumpmire from down the street. She's been taken in and gave them her card number. |
|
|
5- The credit card company gets Mrs Blumpmire's card number, but also, from that same entity they've received thousands of plant card numbers indicating this is a scam. |
|
|
6- Mrs Blumpmire is notified that she's been taken in by a scam and they won't approve her card payment. |
|
|
7- That entity, and whatever information they have about it is now in a database of scammers. |
|
|
8- Nice old Mrs Blumpmire is sent a poster of the very handsome doctorremulac3 to hang on her wall. (Or over her bed? Oh you devil, get your mind out of the gutter!) |
|
|
There might be issues with implementing this but it bears looking into. For instance, maybe instead of a poster it's just a 8x10 suitable for framing. |
|
|
// 5- The credit card company gets Mrs Blumpmire's card number, but also, from that same entity they've received thousands of plant card numbers indicating this is a scam. // |
|
|
This is where the flaw in your thinking lies. |
|
|
The scammers aren't going to put everything through the same entity, they'll scatter the test transactions across loads of merchants. So there is nothing to tie Mrs Blumpmire's card to the plant cards and the scam trap fails to fire. |
|
|
And the entities through which the transactions are placed are still legitimate merchants and NOT THE SCAMMERS. |
|
|
Who approves the transaction on THAT CARD NUMBER? Wherever and for whatever it's used for. |
|
|
I'll try one last time, then I'm moving on. |
|
|
In your own words, and with great specificity, what is this idea? It should only be a sentence or two long. |
|
|
The card issuer issues known bad credit card details to its customers for the purposes of responding to scam attempts. |
|
|
The customers pass the bad details to the scammers. |
|
|
The scammers try to use the bad details to buiy or donate via a random merchant and that triggers an alert to investigate the merchant? |
|
|
I'll leave you to your magical payment system fantasy then, whatever it is supposed to be. |
|
|
//3- ... they just put them all in.// |
|
|
This is the flaw in the idea. The scammers don't put any of their harvested numbers "in". |
|
|
I like this idea because it is like a perpetual motion machine. It obviously won't work because there is a fundamental flaw in the design. But it is fairly tricky to concisely understand and explain what that flaw is. |
|
|
//a poster of the very handsome doctorremulac3// OK I take everything back. Where do I pay to get one of these? I have my credit card here ready to enter the number. |
|
|
//This is the flaw in the idea. The scammers don't put any of their harvested numbers "in".// |
|
|
Well problem solved, they get these numbers and put them in a jar in the basement, they don't actually use them to get any money. |
|
|
//I have my credit card here ready to enter the number.// |
|
|
Where? Credit card numbers evidently aren't put "in" anywhere. They're wrapped in pixie dust, sprinkled with kisses and shipped to the land of magical fulfillment where robo-dwarfs make the stuff we buy. |
|
|
Who's getting bored of this chain? (hand up) |
|
|
Xenzag, get in here with a surrealistic, non- controversial idea that paints a nice picture! Here's your pre-bun: [+] |
|
|
Too late you started it. now we have to argue until the heat death of the Universe. |
|
|
Just say it. Say "I was wrong, you were right, I apologise unreservedly for my stupidity". Its the only way to bring this to a satisfactory conclusion don't you agree? |
|
|
Okay, okay I will, sheesh. |
|
|
You were wrong, I was right. |
|
|
No need to apologise unreservedly for your stupidity though. In fact, I don't think you are stupid. I can see that because I'm such a super genius with like, big old brains 'n stuff. Ten, twenty times the size of a regular brain easy. |
|
|
See folks? That's how to we can all come together, hold hands with all the children of the world and sing, in the spirit of love and peace. (see link) |
|
|
(Kidding Poc, love ya buddy) |
|
|
Wow, was going to go pull up an idea of yours and give a peace bun but I've already bunned like every idea going down the line. |
|
|
See, everyone? I have him wrapped round my little finger! |
|
|
OK next step on the route to world domination... checks notes... hmmm it seems to be a shopping list. Cat litter, bin liners, toilet cleaner... back soon folks |
|
|
Well, that took an unexpected turn. |
|
|
But no thanks, I can only guess where that finger's been. |
|
|
See link - a canary token credit card setup. it's used by the _merchant_ not the end user though.
The idea is that a merchant that stored customer credit card details for repeat payments or ease of use - and they do need to be VERY careful if doing so wrt PCI compliance - can hide an entry with one of these in their customer database so that they will be notified if anyone manages to get into their systems, steal their customer data and make use of it.
If it ever triggers, then they will know to inform all their customers of a breach, even if the intruder managed to evade detection otherwise. |
|
|
The link is proof of concept and vindication of the idea, but not particularly interested in this chain any more. Got very dull and repetitive. Time to move on. |
|
| |