RE: advise on network security report

I beg to differ, wither I aggregate my announcements does not impact the
$50B charge identity theft puts on the US economy.

Perhaps a better start on impacting this would be for the credit card companies to pursue the people that abuse their cards/systems instead of just writing fraudulent purchases off as a loss and not pursuing them any further. I been through it myself and I know for a fact that at least one major cc company operates in this way. In this model there's nothing to discourage someone from using stolen numbers. Just my $.02


Let's take a hypothetical $300 fraudulent charge. If the card company spends
more than $300 pursuing it, it's losing money on it and is better off just
swallowing it. Now what does $300 get you? If you're lucky, that gets you 5
hours of a tech's time to chase logs, make phone calls, and get all the
evidence together, and 1 hour of a lawyer's time to get the ball rolling if you
pursue it as a civil matter.

How much pursuit can you get done in 5 hours?

The credit card companies are *acutely* aware of *exactly* how much it
costs to swallow any given fraud, and how much it costs to chase a particular
miscreant down. And barring some major economic/political/legal changes
that alter the price/performance ratio, they're unlikely to change the way
they do things.

(Hint - $50B sounds like a lot, but what percent of the total Visa/MasterCard
business per year is that, really? Not much compared against the $1,325B
done by the top 4 card networks in 2004:

The whole article is here:

and discusses in fair amount of detail what the credit card companies
*really* worry about, and why....