Slashdot Mirror
Online Retailers Cruising Tor To Hunt For Fraudsters
Daniel_Stuckey writes "This week, the verification company Service Objects announced a new tool to help websites detect 'suspicious' visitors using Tor and other anonymous proxies. Its updated DOTS IP Address Validation product identifies 'suspicious' discrepancies between the user's home location and the location of the IP address the order's coming from. It joins a handful of other tools on the market promising Tor-detection for retailers. It's a logical strategy: If you're trying to buy something with a stolen credit card, you're obviously going to want to block your real identity and location while doing it. But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online—particularly this year in light of the NSA-spying scandal."
". But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online—particularly this year in light of the NSA-spying scandal."
Seriously?
Why would you ever need to "protect your privacy" via Tor etc, from an ONLINE SHOPPING SITE that you are GIVING YOUR CREDIT CARD AND SHIPPING INFORMATION TO?
I mean, I'm as much anti NSA crap as the next guy. but come on. That said, cool tech. It would make sense that retailers would do this. I see this is a good thing, not a reason to slam the lizards running our government.
I am 31337 or something.
"But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online"
Umm.. the user is ordering something using their name, credit card, and address. They are not going to use Tor to protect their anonymity.
But you certainly have a crowd that likes the idea of tor and has their browser always configured to use it. I don't think that raising the risk level associated with a transaction based on the client using tor is unreasonable. If this were a brick and mortar store, they'd probably be a little bit wary of doing a credit card sale to someone wearing a disguise that covered their face.
Also realize that this would only be one of many sanity checks employed. Is the shipping address to the address listed on the cc for example. The credit card company also checks where the card was used, for things like buying gas at 1pm and then buying it again at 2pm 100 miles away. They also consider the type of merchandise as online purchase of electronics is rife with fraud, but very few people use a stolen card to buy socks.
Making a credit card purchase online via TOR is like going into a shop to buy something using a credit card WITH A STOCKING OVER YOUR FACE.
In the free world the media isn't government run; the government is media run.
You are so wrong it's not even funny. The retailer is almost always held responsible for any fraud. If a charge is determined to be fraudulent the retailer is out the money plus a chargeback fee and on top of that, the event is kept track of so if the overall total gets too high, the merchant account gets terminated.
I am an online retailer. I lost $8,000 in one season from credit card fraud. When the cards are stolen, the frauders use it at a store. The cardholder then does a chargeback. The bank will refund the cardholder and take it from the retailer, so the retailer assumes all risk. Many online sales have 15% margins from which you have to pay advertising and labor costs. A single fraudulent sale can take 10-20 legitimate sales just to break even! Most of the frauders are from countries like Vietnam, China etc. they will ship often to a US address and the cardholder is a US address as well. The only thing us retailers have to go by is the location of the IP address. If that's from a country other than the cardholder's that's a very strong signal that it's a fraudulent order. Size of order, fake phone number are also good signals. If you don't want an order flagged, then don't look like a frauder! Place your order from your actual IP address.