Credit card fraud and reverse DNS

We had a credit card stolen a while back and I was just on the phone with the bank clearing up one last transaction. The vendor, Steam, was claiming that the charge was valid. It took me about 2 minutes to convince the card issuer that the charge was not valid by simple reverse DNS of the IP addresses captured by Steam. Account signup happened at a location served by Adelphia (I have never been an Adelphia customer), and subsequent accesses all took place via two different Russian ISPs.

What surprises me is that neither Steam nor the card issuer (a huge national card issuer) was able to figure this out. It seems very automatable. And seems like card issuers could easily cut down on online fraud by looking at IP addresses — for myself, 99.99% of my transactions come from my work or home machines with fairly stable IP address histories, at least at the subdomain level. Not foolproof of course, and I do occasionally do transactions from other locations, but it seems like another good piece of info to consider when assessing the validity of a particular transaction.

One thought to “Credit card fraud and reverse DNS”

  1. This is exactly the technology we built at Quova – IP geolocation.

    The merchants typically make a decision to use the technology, either by purchasing directly from Quova or by using one of the many fraud solutions that integrate Quova’s technology (Cybersource, Clear Commerce, etc.). Just about every major ecommerce store uses the technology directly or indirectly.

    The card issuers (Visa et al) bear no direct risk, so they haven’t really used the technology.

Comments are closed.