Today I got my first orders through my 2CheckOut account.
A couple of hours after receiving the order-e-mails, I received an e-mail from 2CO that one of the orders was payed with a fake credit card, and that the order had been canceled (the buyer signed up with an address in the US, while it was payed through a connection from Japan ?? :confused: ).
I had already set-up the account, and had even had contact with the socalled buyer through MSN Messenger.
He had signed up, saying that his name was Alex xxxxxx,
and lived in Illinois (with a few more address details, ofcourse).

Now; after I received that e-mail, I got back in touch with him, and confronted him with the fact that this bill was payed in an inhonest way. So I started testing him: 'What's your name again?' etc.
I also sent him a file through MSN (just our company logo), so that I would get in direct touch with his computer, and so that I could get his IP address & his provider. I could see that he was from Sweden, so I was really sure now that he was lying (he had denied everything up until now).
Then, he had to go offline, and a couple of hours later, we met again on MSN. Here's the conversation:
(please, translate 'zegt' with 'says', I'm using a dutch version of MSN messenger ;))

haha zegt:
well
haha zegt:
what now?
GHS zegt:
Well:
GHS zegt:
where do you live at?
GHS zegt:
I'm really concerned about your honesty here. Forgive me if I'm wrong.
haha zegt:
ee
GHS zegt:
But I need to get to the bottom of this.
haha zegt:
what do you mean where do I live?
GHS zegt:
Yes, what country do you live in?
haha zegt:
USA
GHS zegt:
What state?
haha zegt:
IL
haha zegt:
illinois
GHS zegt:
How do you explain this:
GHS zegt:
a couple of hours ago I connected to your pc directly by sending you a file (our company logo).
GHS zegt:
By doing this, I was able to get your IP
GHS zegt:
What ISP are you using?
GHS zegt:
To connect to the internet,
haha zegt:
Bonet
haha zegt:
look, listen
GHS zegt:
Bonet, isn't that in Sweden?
haha zegt:
One of my really stupid friends wanted to make a warez site, he used a fake credit card from his computer to get this thing, then he told me that I could upload, so that is why I tried to get that information, I am really sorry, it will never happend again, I promise I did not sign up or anything like that, he just used my mail to do this, I promise, I am really really sorry
GHS zegt:
Thank you. You're finally being honest.
haha zegt:
I don't want to get any problems, I did not do anything, I just wanted to upload
haha zegt:
sorry
GHS zegt:
You know you can get into serious trouble with this, right?
GHS zegt:
I mean SERIOUS
GHS zegt:
trouble
haha zegt:
yes, I am really sorry
haha zegt:
please
haha zegt:
I don't want to go to jail
GHS zegt:
How old are you?
haha zegt:
15 right now
haha zegt:
I don't want to get in any trouble
haha zegt:
my friend is also 15
haha zegt:
he is a really idiot
GHS zegt:
And if I understand correctly, you're from Sweden?
haha zegt:
yes...
GHS zegt:
No: YOU're an idiot as big as he is, just by agreeing to do such a thing with him
haha zegt:
I did not do anything
haha zegt:
I just wanted to upload
haha zegt:
some games
haha zegt:
he just gave my email when he signed up
haha zegt:
I did not know it was a real persons credit card used, I thought the info was made up, and the credit number was generated
GHS zegt:
Hmm.. You're lucky not to have continued this (lying and all). But as I already said: just by using a fake credit card, you could get punished severely.
haha zegt:
then he told me it was a real persons credit card'
haha zegt:
yeah
GHS zegt:
How did you manage to do this? I mean; the credit card.
haha zegt:
he did everything, he just gave my email
GHS zegt:
It must have been stolen somehow, right?
haha zegt:
I don't know, I did not ask him
haha zegt:
maybe
GHS zegt:
hmm...
haha zegt:
what are you going to do now, please....don't like tell the police or anything..
GHS zegt:
Ok look: I don't want to EVER see you again. Not you, not your friend. I don't even want you to VISIT our site anymore. Understood? :mad:
GHS zegt:
I think that's a fair deal.
haha zegt:
ok, I promise
haha zegt:
please, thanks you very much, don't press charges, please
GHS zegt:
I hope you'll find better ways to make money/fun in your life than stealing people's money and time.
haha zegt:
as I said, I did not sign up
haha zegt:
but ok
GHS zegt:
Farewell. :)
haha zegt:
ok
haha zegt:
bye
GHS zegt:
I forgive you
haha zegt:
ok
haha zegt:
thanks
GHS zegt:
You're lucky to have signed up with me, instead of some host that would press charges against you. ;)
haha zegt:
yeah
GHS zegt:
Anyways: take care of yourself, and don't ever do this again. :)
haha zegt:
ok, I promise
haha zegt:
thanks you very much sir
haha zegt:
I appreciate it
haha zegt:
I will just study and make money the hounest way
GHS zegt:
Oh, and haha: you can visit our site ;) As long as you're not going to DoS attack me or anything.
haha zegt:
heh
haha zegt:
ok
GHS zegt:
Bye
haha zegt:
bye


:D

As you can see it all ended well. I know I should've had to report this to the police, but I felt sorry for him. So young and stupid. :D

NEXT TIME, YOU WON'T BE THAT LUCKY MISTER !! :angry:

Hehe... Kids these days...

don't be sorry, just report him to the police

AWWWWW how sweet!!! :bawling: poor lil kid

He was only 'sweet' after he realised his cover was blown. Police!

A kid we were hosting tried a SSH exploit on one of our servers. We cauht him red-handed but he kept deying and being quite arrogant until I showed him our log file. But...

But, as it turns out, it's ALWAYS their stupid friend.

How odd...

However I haven't pressed charges either, well, I wasn't mad enough since he hadn't been able to destroy anything, and after all, they're just kids.

Unfortunately credit card fraud it a big part of the hosting business. We capture the IP address of all orders and if it doesn't jive with the address on the credit card, we stop the process. We have lots of other security measures in place to prevent fraudulent orders. We get a few a week.

If anyone is interested in other measures, I will be happy to share more information off line. We have never had a charge back due to our diligent upfront work. :cool:

Brad

<<Please set up a signature (see PROFILES button above)>>

Heh, I think he fooled you there. Why would his friend use his e-mail?

Press charges on him. If not then he'll just go and do it again, and again.

I have a US bank account and a US address. My fiancé is a US citizen and currently in Sweden with me. We both use our US bank creditcards to pay for things online and have never had any problems. I don't think it's right to assume that all orders that are from an IP in country A with CC address in country B are fraudulent.

just kids huh?

Well when I was just a kid I don't remember commiting fraud, carrying a gun, or robbing 7-11's.

That doesn't wash too well with me, and would be happy to nail him to the wall as one of life's little lessons. They know it's wrong no matter how they squeal that they didn't know better.

Maybe I'm just getting to be an old man now, but there's a serious lack of respect for other peoples property and privacy these days.

Greg Moore

I have been getting alot of fraud accounts lately and i got tired of it so i reported one person it turns out the person who did this was a 12 year old little kid

i felt bad after i called the police but if he didnt get stopped now whos know what would happen to him in the future hopefully he learned his lesson

if he didnt then that is his problem but i look at it as i tried to help so what if in the process he got hurt

thats just my thought about it

DefCon,

If I may ask, how does this "file through MSN (just our company logo)" work in obtaining a remote computer's IP address? Is this some type of sub seven program you're talking about?

If the kid was genuine, then everything's fine. The problem is that you can't tell over the net whether they're genuinely scared and remorseful or just having you on again. It may be best to report it to the police and let the police handle the little chat.

A house call by police, talking to the kid and their parents, is often very effective for these little chats. Especially after the police leave...

Originally posted by Mr. Amazon
I don't think it's right to assume that all orders that are from an IP in country A with CC address in country B are fraudulent.

I'm another example of this: Canadian credit card, currently living in the UK. I haven't had any problems in the past six months, but I haven't tried to order web hosting either. ;)

ROFLTOFLMAO THE STUPID KIDS TODAY WITH THIER PAKMAN VIDEO GAMES AND THE COLA SOFT DRINKS AND THE SPORTS TRAINERS,NEED TO BE TOUGHT A LESSON,Back in my day it werent prison that we punished bad boys wit it was a good wipping,i used to whip my boys senceless until they had learnt their lesson.Now a days kids have all these rights..Its just darn annoyin tis

Originally posted by cperciva
I'm another example of this: Canadian credit card, currently living in the UK. I haven't had any problems in the past six months, but I haven't tried to order web hosting either. ;)

We have used ours to buy servers in the US, pay for colocation, for a few different hosting packages (from different companies) and also a couple of dedicated servers without any problems.

I only had problems once when I was a member of egghead auctions long time ago and they got hacked and before I knew about this myself, the bank issued a new card to me.

I think if webhosts assume that everyone that has an IP of country A and address in country B is using stolen CC lose a lot of customers. There must be a better way to make sure..

i dont think u can report it to the police...as far as i know he is in a different country so u cant touch him...from what i have seen and heard from experts...but i might be wrong in some case...

if he had stolen it in US then thats different...but u cant report him if he lives overseas in a different country, i dont think sweden police deals with internet fraud...

Originally posted by xelA
DefCon,

If I may ask, how does this "file through MSN (just our company logo)" work in obtaining a remote computer's IP address? Is this some type of sub seven program you're talking about?

Just get in touch with someone's computer, (like by sending him a file) and enter MS-DOS (do 'run' -- 'command'), then type "netstat" or "netstat -n".

You'll get a list of all computers/IPs you're in contact with. :)

Originally posted by Mr. Amazon
I think if webhosts assume that everyone that has an IP of country A and address in country B is using stolen CC lose a lot of customers. There must be a better way to make sure..

I think it's not so much the credit card address that was a giveaway, but if someone claims to be *living* in Country A, when they've dialed in from Country B on the other side of the atlantic.... That's when you really have to start asking questions.

and lets face it, if you were going to use a card that had an address in a different country to the one you were signing up from, and it *was* your card, wouldn't you mention it in the comments area of the sign up form? I know I would...

Greg Moore

So many people suggested reporting the kid to the police. Do all of you actually get help from them? I reported one fraud to the police once, had all the info and everything, but they thought it was a joke. :rolleyes:

Originally posted by Lurleene
So many people suggested reporting the kid to the police. Do all of you actually get help from them? I reported one fraud to the police once, had all the info and everything, but they thought it was a joke. :rolleyes:

Yes, but a slightly different situation. We found one order which we thought was fraudulent and contacted the phone number given. We got the real card holder, asked about the purchase, and when he knew nothing about it, explained the situation to him. He promptly cancelled the card and contacted the police. The police then contacted us for more information and e-mail headers etc. That was the last we heard of it. Both ourselves and the real cardholder were in Australia, which made this possible. Admittedly, it's much more difficult contacting someone out of the country.

The police probably aren't so interested when the merchant contacts them, however. The crime is really against the cardholder (I presume), not the merchant. So it's really up to the cardholder to report the fraudulent card use to police in their country.

And people in other countries aren't untouchable, it's just a case of the process of chasing them up not being worth the trouble most the time. It takes some co-operation between relevant authorities in each country.

The crime is really against the cardholder (I presume), not the merchant.

This is true -- on the other hand, the cardholder, once they report the crime, does not have to pay. The merchant, on the other hand, loses -- we had to pay chargeback fees and we also registered a domain for them. In addition we provided a service, including support, for which we were not reimbursed.

I understand it's so common and our loss was minimal. However, it drives me crazy that I would be laughed at by the police who are supposed to protect citizens. Fraud is absolutely a crime, but it isn't treated as such.

There is absolutely no detterent to committing fraud. If I want to hack cards, I will get away with it ad infinitum. The only consequences are the inconvenience of having to get new service once I am found out. :angry:

Hello
The fault lies with the creidt card companies who make more money from chargebacks than from genuine sales.

Until this situation is reversed there will be no encouragement for them to enforce security.

e.g. CVV2 is not required to submit a transaction and the new Visa PIN number system is also voluntary.

If they were serious about fraud this would all be compulsary and merchants would be able to run refunds of suspected frauds without having to pay commission.

I have not seen any evidence of Visa and Mastercard enforcing any security through their members banks.

Gordon

Originally posted by .::DefCon::.
As you can see it all ended well. I know I should've had to report this to the police, but I felt sorry for him. So young and stupid. :D


So you know that he did a crime but you refuse to tell the authority (migh be hard anyway since he is in Sweden, but how if he is in US). Won't you be charged on assisting crime then, especially if he stole another cc again? This thing always confuses me: "Kindness and Justice: The art of balancing the two"

cheers,
:beer:

Originally posted by Lurleene
So many people suggested reporting the kid to the police. Do all of you actually get help from them? I reported one fraud to the police once, had all the info and everything, but they thought it was a joke. :rolleyes:

well at least you have done your part and you would be released from further blame associating you with that crime.

cheers,
:beer:

So you know that he did a crime but you refuse to tell the authority (migh be hard anyway since he is in Sweden, but how if he is in US). Won't you be charged on assisting crime then, especially if he stole another cc again?

If you are the victim of a crime but don't report it, you are not going to get charged with accessory. I doubt that you legally could, but if it was possible it would never happen.

There have been cases where people who have reported crimes and then decided later that they don't want to testify have been charged with obstruction of justice. Two specific circumstances where this happened were in an abuse case (wife decided that she didn't really want to see abusive husband go to jail) and a case involving organized crime (victim got scared).

As for not reporting a crime... for any criminal charges to result, it would have to be provable that you were aware of the crime, which isn't necessarily easy. On the other hand, there is certainly the risk of civil liability -- employers have been sued for giving good references to problem employees, and this might possibly be considered similar.

But, of course, IANAL, this is not legal advice, et cetera.

Anyone could say they are 15.

report all types of theft because how do you know they are not doing it to some other company.

Hmm... you guys are making me doubt here. :rolleyes:
Maybe I should have had to report this... :(

Oh well... Occasion passed. We'll see what happens next. :D

'Carpe Diem' ;)

Everyone here keeps assuming that it WAS a kid. Well I don't buy that. I tend to believe it's some adult trying to get out of trouble by making you think he's too young to be prosecuted, and that he's a "poor lil kid" who's crying in his pants right now.

Oh and then there's his "friend"... That really tips it off for me. If someone is willing to lie about one thing, what makes you think he won't lie about everything else?

I say report him to the police. You're doing ALL of us a favor by doing so. Now if only every other host can do the same...