Aardvark Daily aardvark (ard'-vark) a controversial animal with a long probing nose used for sniffing out the facts and stimulating thought and discussion.

NZ's leading source of Net-Industry news and commentary since 1995
Australasia's "New Economy" News And Commentary Site
Today's Headlines | Contact | New Sites | Press Bin | Job Centre | News Search
Net Speed Strikes Again 14 July 2000 Edition
Previous Edition

Yesterday I mentioned a good idea I'd had some time ago for reducing credit card fraud online. I also mentioned the term "Net Speed" as an indicator of the pace at which investors and innovators must move in order to protect such good ideas in cyerbspace.

Well as if to prove my point, I read today that my good idea has, at least in part, just been launched in the USA in a partnership between VISA and a company called Trintech Group.

So... now that the cat's out of the bag... here's the guts of what I was proposing.

The big problem with credit cards on the Net is that all the information required to submit a transaction is either stored on the card or can be calculated and guessed pretty easily. In short, all you need is a valid card number (and there are plenty of programs that will produce these or the fraudster can simply get ahold of a valid card number by various means), a name and an expiry date.

In effect -- anyone who can get a look at your card or a zip-zapped receipt created by your card now has full access to your line of credit.

Fraudsters armed with card-number generation software can produce huge lists of valid card numbers and then submit them to a number of online shopping sites. Of course they don't know the expiry date -- but they can simply keep trying different dates (often at a range of different online stores) until they find the one that works.

My solution to the problem was to set up an independent validation service that invited card-holders to register with them. On registering their credit card, the card-holder would be given a PIN number.

Vendors wishing to take advantage of the system would also register with the service and then be able to submit any pending transaction to the service for validation.

In effect -- a registered customer would visit a registered vendor and enter his credit card details as normal. On pressing the submit button, the vendor's system would call the independent validation service which would then ask the customer to enter their PIN number to complete the transaction. The part of the transaction involving the customer submitting their PIN number would completely bypass the vendor site -- the vendor would never see this additional piece of information -- they would simply receive an "accepted" or "declined" response.

Now, and here's one of the best features, if an incorrect PIN number was entered, the validation service would immediately send an email to the registered card-holder advising them that if it wasn't them who had just attempted to submit a transaction with an invalid PIN number then someone was attempting to fraudulently use their card. They could then contact the vendor and ask that other information (such as the delivery address submitted by the fraudster) be forwarded to the relevant authorities or the bank for investigation.

The system would also be designed so that the actual user's card number was never actually submitted to the validation service as part of the transaction approval process. In fact, one of the key components of my design was a system that meant that the card numbers of registered users was never actually stored on any of the validation service's computers. This means that even if the security of the validation service was compromised, a hacker would be unable to obtain any information of value.

Now the smarter amongst you will be saying "but what's to stop a fraudster registering stolen credit card details with the service?"

To be truly effective, such a service would require that those who registered their card details also submitted a signature in hardcopy form. This would meet the bank's criteria for insuring a transaction. Without any hardcopy signature, the vendor takes the risk -- with a signature it's the bank who carries the loss of a fraudulent transaction.

To get around this situation, those wishing to register their card details could print a form published on the Web, sign it and mail it to the validation service. Alternatively, as would seem to be the case with the company that has just announced a similar system, an arrangement could be made with the banks to auto-register all newly issued cards.

One version of the business plan associated with this idea involves a small cardholder "registration fee" of $5 or so which not only helps offset the setup costs, but also provides a verifying transaction to prove the integrity of the submitted information.

Like most of my ideas, this has even more potential than might first be seen and provides multiple revenue streams. For example, the operator of this service has the email and postal addresses of many millions of people with a proven line of credit. When signing up they would be invited to receive "special offers" from approved merchants -- thus allowing those who opted in to be added to a direct-marketing database. That alone is worth many, many millions of dollars over a period of time. So... there you have it -- another billion dollar opportunity lost because I've been so damned busy just working to pay the bills that I couldn't afford to exploit it.

Looking at my "ideas diary" I see that I first thought of this concept some 15 months ago -- which would have been plenty of time to get it off the ground and capitalise on today's e-commerce boom well ahead of the venture that has just announced their plans to do the same.

Ah well... never mind, I still have more than a dozen other ideas of similar calibre that are languishing for lack of time and money to exploit them. Fortunately the list is being added to on a regular basis -- there really are an incredible number of opportunities and a huge amount of money to be made in this new cyberworld.

It's just a shame that the governments which purport to run this country in the best interest of its citizens are so hell-bent on driving away people like myself who have these ideas.

Who Goofed?
Gosh... what do you think of these new spectrum auctions then?

Looks as if someone in government has goofed big-time. Have I missed something here or does it appear that we have a situation where the amount of spectrum on offer is closely matched to the number of bidders -- so there's no need for them to bid against each other.

It's as if there were three identical houses for auction and just three bidders -- nobody's going to bid above the reserve if there's enough for everyone are they?

I suspect the government has realised, albeit a little too late, that they've stuffed up wholesale here and Cullen tried to salvage the situation by putting things on hold -- usign the excuse that they must wait until the result of the appeal case brought by Maori was handed down.

Why the hell didn't the government auction one third of the spectrum each year over the next few years. That would have encouraged fierce bidding and a much better return... wouldn't it?

While socialist governments have their strong points and merits -- they really seem way out of their depth when it comes to managing the country's resources so as to provide a good return to the shareholders (ie: the citizens). And that kind of makes it hard to fulfill all those social-service promises doesn't it?

As always, your feedback is welcomed.

NZL Sites
NZ Netguide
NZ Herald Tech
PC World NZ

AUS Sites
Fairfax IT
Australian IT
AFR Tech
AUS Netguide
NineMSN Tech
APC Magazine
Corporate IT

USA Sites
CNNfn Tech
Yahoo Tech
ZDNet Tech
USA Today Tech
7am.com SciTech

UK Sites
The Register
BBC SciTech

The Day's Top News
4 = open in new window
New Zealand

4  Trademark WAP names for sale, says NZ man
A local man who has registered WAP-related domain names including the trademarks of leading New Zealand companies says the names are for sale to all comers...

4  Ihug: back in bidding but not counting out further legal action
Ihug will be back bidding when the government radio spectrum auction resumes today, but is reserving its right to resume court action...

4  E-Phone has new allies
Listed telecommunications company E-Phone has entered a strategic alliance with two information technology giants - NCR and Hewlett Packard - to attack the public internet terminal and kiosk market...
NZ Herald


4  WorldCom outage highlights Net bottleneck concerns
One of the few points that connect the Internet's hundreds of networks was crippled for much of this week, forcing massive amounts of Internet traffic to shy away from the WorldCom-owned facility...

4  Suisse files Web libel suit
Credit Suisse First Boston filed a lawsuit on Wednesday alleging that 11 people posted bogus messages on a Yahoo! Inc. message board slandering a Credit Suisse analyst and illegally copying the analyst's research...

4  AT&T's new wireless Net
The wireless division of long-distance giant AT&T is rolling out a new form of high-speed Internet access that will compete with Digital Subscriber Lines and cable modems, and also enable AT&T to supply telephone service to consumers' homes without having to pay an access fee to the incumbent local telephone company...

4  Payment System Adds Fraud Protection for Visa
A new payment system for online transactions announced Wednesday by Visa and Trintech Group is expected to lower the cost of online transactions for merchants that accept Visa and will provide the credit-card company with a greater level of fraud protection....

4  Dot-Coms Ditch the 'Dot-Com' Suffix
With the easy money glory days fast receding for dot-com start-ups, what's a self-respecting dot-commer to do?...


4  Coles Myer and Yahoo! to expand web alliance
Coles Myer and the Australian arm of United States internet portal Yahoo! are poised to expand their alliance with several new projects being worked on behind the scenes...

4  Hindal deals a winning hand for dot com hopefuls
Botique investment bank Hindal Corporate is shaping up as a key deal maker between Melbourne's fedgling e-entrepreneurs and investors with deep pockets...

4  Liberty slugged by Zivo loss
TROUBLED internet investor LibertyOne yesterday lurched into another crisis, losing the founder of its Zivo web integration business, Jeff Lewis...
Australian IT

4  Has Telstra lost the plot?
The telco giant's Net investment strategy is causing increasing concern....


4  LookSmart bills queue-jumpers
LOOKSMART has unveiled an aggressive strategy that will make companies pay for priority processing when they apply for listing with the internet search firm...
Australian IT

4  Reno to Review the FBI's Internet Wiretap System
U.S. Attorney General Janet Reno said on Thursday she would review a new FBI automated computer system that can wiretap the Internet to determine whether it might infringe on privacy rights...

4  Script kiddies: The Net's cybergangs
Call them clueless. Call them ankle-biters. Call them packet monkeys. But the Internet's teen vandals aren't going away...

4  'Smash' virus could hit Friday
A sophisticated Windows 95 virus that launches on the 14th day of the month could hit computers on Friday, security experts say...