I was recently the victim of credit card fraud. Basically, somebody used my card to register some domain names. The amount in question was not that much, and I successfully had the charges reversed, but I’m still baffled as to why someone would do this. I mean, of all things to illegally purchase, domain names? Is there some aspect of this I’m missing?
My first thought was because they are atomic dumbasses but another possibility is that they are trying to cause a cockup for someone who is legitimately trying to get that domain. The folks who committed the fraud don’t have the domain but I bet the registry will put a freeze on it for a while. Just a guess though.
It is possible that this is more about identity than about money. If you register a domain normally, nobody will check whether you lie about your personal details, but your own credit card could still give you away. Perhaps the thieves hoped that a small payment would remain unnoticed (assuming your physical card wasn’t stolen) or at least not be reversed.
It’s just weird, because last I heard domain names were not a big deal anymore.
Maybe yours was among a long list of stolen CCs and the thieves registered domain names with each in the hope of finding which (1)card numbers are good and (2) of those that are, which owners don’t pay attention to smallish charges.
It’s possible that the fraudsters were spammers. One of their recent techniques is to register disposable domain names like “bwruteszyymtp.biz”. They then send a wave of spam messages from some (also disposable) e-mail addresses linking to these temporary sites where they try to sell hair enlargement diet pills or whatever. The offending addresses and sites usually get disconnected as soon as their respective ISPs get wind of it - their lifetimes is probably measured in hours. Although the registration of a domain name (or even a dozen) is not much, in the long run they probably cost some hefty sums under these circumstances. Another “benefit” of using a stolen credit card (for the spammers, that is) is probably that it’s harder to track down the person running the whole operation.
[hijack] When are we finally going to see some legislation putting an end to this? [/hijack]
Bingo.
I managed the billing and payment systems at a MAJOR domain name registrar for over 5 years. We spent a lot of time in developing techniques to deal with credit card fraud. One thing we learned was that our online credit card payment system was so effective, with real-time card authorization, that it became very popular among fraudsters for finding out which credit cards would work. We even found a reference to using us for that purpose on a fraudster web site (sorry, it’s been a while, no cite).
Real-time card authorization is much more common now online than a few years ago, but domain names are an easy transaction. You don’t have to provide a real address since there’s nothing to ship, although we used zip code verification against the credit card billing address. We used to look through the logs at failed transactions and see the same credit card number attempting lots of different zip codes, all kinds of things.