dsrtao: dsr as a LEGO minifig (Default)
dsrtao ([personal profile] dsrtao) wrote2006-04-25 10:21 am
  • Add Memory
  • Share This Entry

Antiphishing tactic

Why don't banks (PayPal, EBay, Amazon, whoever) conduct antiphishing operations? Gather up the URLs sent in by your customers, fill out the forms with tagged information, wait for attempted use of the info, and press charges in the relevant jurisdiction.

(Yeah, it's hard and relatively expensive and besides, banks make money from fraud. But besides that?)
Flat | Top-Level Comments Only

[identity profile] cvirtue.livejournal.com 2006-04-25 02:40 pm (UTC)(link)
Good idea. I often wonder if they even do anything with the scams I send them.

Follow the money

[identity profile] metahacker.livejournal.com 2006-04-25 02:57 pm (UTC)(link)
Because phishing does not, in the end, cost banks money. They charge a percent on top of the cost of fraud back to the customers, as "security measures"; fraud is therefore a revenue stream. Meanwhile, they steadily whittle away at the customer's innate protection to fraud. (Think of the protections on a debit card -- essentially, none -- versus that on a credit card, bound by earlier law.)

Likewise, phishers have essentially no money. Taking them down does not achieve financial gain; no lawsuit will do more than recoup losses, given that the phishers' money comes from pools the banks draw from in the first place. Suing them achieves no net financial gain.

Security will not be considered the bank's problem, unless we achieve legislation to make it expensive for them.

Re: Follow the money

[identity profile] learnedax.livejournal.com 2006-04-25 03:56 pm (UTC)(link)
To the second point, determent might be a worthwhile policy, as it ought to be at least a bit more effective than tacit acceptance... provided that the banks' (|ebay's|paypal's|...) motivation here is protecting the customers and lowering their costs.

In the long term semi-successful pursuit might be cheaper than insuring against loss. It also ought to have less tangible benefits. It has to be deleterious to PayPal's image that 99% of emails nominally from them are scams.
ext_104661: (Default)

Re: Follow the money

[identity profile] alexx-kay.livejournal.com 2006-04-25 10:51 pm (UTC)(link)
In the long term semi-successful pursuit might be cheaper than insuring against loss.

Might, might not. I notice that many retail stores are no longer bothering to collect signatures for credit card use. I presume that they finally realized that the cost of collecting the signature was far greater than the miniscule benefit provided.
Flat | Top-Level Comments Only