advise on network security report

Valdis.Kletnieks at Valdis.Kletnieks at
Wed Nov 1 21:17:49 UTC 2006

On Wed, 01 Nov 2006 15:09:59 EST, Mike Callahan said:
> Perhaps a better start on impacting this would be for the credit card
> companies to pursue the people that abuse their cards/systems instead of
> just writing fraudulent purchases off as a loss and not pursuing them
> any further.

Let's take a hypothetical $300 fraudulent charge.  If the card company spends
more than $300 pursuing it, it's losing money on it and is better off just
swallowing it.  Now what does $300 get you?  If you're lucky, that gets you 5
hours of a tech's time to chase logs, make phone calls, and get all the
evidence together, and 1 hour of a lawyer's time to get the ball rolling if you
pursue it as a civil matter.

How much pursuit can you get done in 5 hours?

The credit card companies are *acutely* aware of *exactly* how much it
costs to swallow any given fraud, and how much it costs to chase a particular
miscreant down.  And barring some major economic/political/legal changes
that alter the price/performance ratio, they're unlikely to change the way
they do things.

(Hint - $50B sounds like a lot, but what percent of the total Visa/MasterCard
business per year is that, really?  Not much compared against the $1,325B
done by the top 4 card networks in 2004:

The whole article is here:

and discusses in fair amount of detail what the credit card companies
*really* worry about, and why....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list