[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] NiX API
- To: "nix@xxxxxxxxxxxxxxxx" <nix@xxxxxxxxxxxxxxxx>, Aaron Turner <synfinatic@xxxxxxxxx>
- Subject: Re: [Full-disclosure] NiX API
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Thu, 9 Jun 2011 21:40:51 +0000
> Yes. That's the flipside of the coin. However though, any merchant that
> accepts purchases from user's behind proxies or other anonymizer's is
> taking a siginificant risk.
Says who other than you? I use a proxy all the time and have never made a
fraudulent purchase attempt. It is nobody's business where I am. Just because
you think proxied connections are bad doesn't mean they are. Your "majority of
fraud is committed from a proxy" is just some opinion. How about some proof of
that?
Besides, you will *never* be able to find out where my proxies are or add me to
your database. If I decided to commit fraud, your system would never catch me.
You have no way of determining how much fraud it committed from other sources,
because you don't (and can't) know.
> This happened to us about 50 times in 2.5 months period. Needless to say,
> im still mad as hell. We lost several hundreds of bucks to those paypal
> 'reversal fees' + wasted significant amount of our precious times while
> answering to those disputes.
Ah. So, one attempt per day or so during that period is what you are basing
your opinions on? Depending on what one is selling, all it would take is one
false positive to screw over the person using your API. It just isn't a good
idea.
> The API resolved all issues. There has been few legit customers who
> wondered why they could not login using the proxy, I said, remove the
> proxy and try again and then do purchase. They did. A fraudulent user
> never bother for this, they will leave your site alone.
Nor do you know if a legitimate use would do it. If I went to buy something
from you and you assumed I was fraudulent and blocked the transaction, I
wouldn't even bother telling you - I'd go buy from someone else. The fact
that you think the API resolved the issues doesn't prove anything. It just
proves that you THINK it did, but you don't know. I may have stopped 1 bad
transaction a day, but stopped 10 good ones. You just don't know. Your main
bitch seems to be about a company charging you to use their risk management
service. If you don't like PayPal's agreement, then don't use them.
You seem to be getting awfully wound up over a "free" tool. It's free. What
do you care what people think? Or is this just a "get my name in links" so
that you can try to sell it later? All my tools are free, and I've gotten
plenty of "why should I use your tool" emails to which I reply "I have
absolutely no investment in you using it or not. If it provides value for
someone, there it is. Otherwise, go shit in your hat."
You should wait until you are selling it before you give your sales pitch.
>
> > --
> > Aaron Turner
> > http://synfin.net/ ; Twitter: @synfinatic
> > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
> > Windows
> > Those who would give up essential Liberty, to purchase a little temporary
> > Safety, deserve neither Liberty nor Safety.
> > -- Benjamin Franklin
> > "carpe diem quam minimum credula postero"
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/