Re: [nznog] Bank domains for walled garden

Hi Russell, On 3 July 2012 19:05, Russell Tester wrote:

Hi Stan, Honestly - good luck with this. We came to the conclusion that you essentially need to permit every bank in the world as they all have different authentication methods, all hosted on their own infrastructure. That is how Verified by Visa and Master Card Secure Code are able to guarantee the level of security.

Neither Verified by Visa nor MasterCard SecureCode guarantee any security. Neither scheme is hosted by any issuing bank from what I have observed. What data do you have? The schemes merely guarantee that if they return a response indicating 'yes', any liability for any associated chargeback that arises will not be borne by the vendor (i.e. you). Of course, that is subject to exclusions, exemptions and other ways around the ToS. So it still might be. YMMV.

In the end we managed to convince our provider that the low transaction value was worth the risk, signed a waver and opted out of the scheme.

Most of the providers I've dealt with have specifically had you *opt*-*in* to making your customers transactions, and lives, more cumbersome. Note - that customers can opt-out at any time (and are able to opt-out every 3 transactions) so, again, neither scheme does anything but shift liability (subject to asterisks) to the customer and make it harder to complete the purchase. Regards, Anand

On 3 July 2012 04:42, Nathan Ward wrote:

...

Why not allow based on referrer for some limited period of time? I assume that the referrer is going to be your hotspot's URL or something. Or maybe allow based on referrer forever and do some monitoring to check and see if people are abusing it. No need to get a perfect solution on day 1, you're better off allowing all customers than blocking potential freeloaders.

On 3/07/2012, at 3:38 PM, Stan Rivett wrote:

...

Hi all

Does anyone have a reasonably comprehensive list of domains used by credit card processors, such as 'Verified by Visa' etc., that I can add to the walled garden on a pay hotspot?

My provider, Payment Express, aren't being very helpful and filling my list by asking clients to read the URLs from their 404 message is proving to be slow and annoying.

So far I have:

arcot.com securesuite.net onlineauthentication.com.au lloydstsb.com securesuite.co.uk

Cheers

Stan Rivett ------------------ Netspeed Data Ltd PO Box 5691 Dunedin P: +64 3 481 7245 C: +64 21 323 841 ------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- “Don’t be sad because it’s over. Smile because it happened.” – Dr. Seuss