Howdy all, The EFA, among others, have for many years exhorted Australians to use a VPN for all internet traffic. This week I have closed a support ticket with one overseas service provider, who refused to take an order from me. More precisely, their position was that their “financial partner” refused me service (validating my credit card), they could not accept an order without that, and they were not willing to argue thye case with their financial partner. The reason given (I was not told who the “financial partner” is, nor how to contact them for support) was eventually summarised with: The policy of our payment partner is like this due to fraud problem. Many fraudulent payment come from user of VPN. I am no longer interested in pursuing that particular provider. But I am interested in the implications for Australian internet users. * Credit card fraud and VPN use How much truth is there to the claim that a connection over VPN is prone to fraudulent credit card use? I can't see how that affects the ability to defraud the credit card system of an online ship. * Discrimination against VPN use How should we be responding? My support ticket appealed to the fact this effectively discriminates against those who use a VPN for their safety; that appeal did not even get a specific response, so I don't know to what extent the provider was moved by that. -- \ “To punish me for my contempt of authority, Fate has made me an | `\ authority myself.” —Albert Einstein, 1930-09-18 | _o__) | Ben Finney
On 2017-04-21 06:57, Ben Finney wrote:
* Credit card fraud and VPN use
How much truth is there to the claim that a connection over VPN is prone to fraudulent credit card use? I can't see how that affects the ability to defraud the credit card system of an online ship.
Part of the problem here is how poor the security is on Internet credit card transactions. All you have to do is place a transaction, and after the goods have been shipped dispute it with the credit card company (I lost my card!). Then the retailer has to try and prove that the transaction was genuine (they can't). AFAIK If the retailer fails to prove that the transaction was authorised by the cardholder, then they have lost the goods (already shipped), have to repay the amount they received from the bank, they could also get extra (large) bank fees to pay for the fraudulent transaction, and it could upset their credit rating (and hence fee structure) with the bank (the exact details varies depending on the agreement they have with the bank to process credit card transactions). If only there was a secure way of paying for goods over the internet. *cough* bitcoin *cough*. I am not sure if there is any truth in the claim that VPNs attract fraudulent credit card. Just as easy to get away with credit card fraud without a VPN I think. Maybe might be more risky however with the data retention laws - "I can clearly see from your leaked data logs that you did connect to our website at the time the purchase was made!"
Brian May <brian@linuxpenguins.xyz> writes:
Part of the problem here is how poor the security is on Internet credit card transactions. All you have to do is place a transaction, and after the goods have been shipped dispute it with the credit card company (I lost my card!). Then the retailer has to try and prove that the transaction was genuine (they can't).
Agreed. What concerns me is the *additional* implied claim: that connections over a VPN will be so much more difficult to authenticate, that the “financial partner” must exclude them.
I am not sure if there is any truth in the claim that VPNs attract fraudulent credit card. Just as easy to get away with credit card fraud without a VPN I think.
I agree, and that was the position I pressed: that this was needlessly discriminatory to people using a VPN connection, and that the justification of “maybe fraud” does not justify that specific discrimination. I'm open to evidence that does support that claim. My knowledge, of how credit cards fraud varies in different scenarios, is quite lacking. -- \ “The entertainment industry calls DRM "security" software, | `\ because it makes them secure from their customers.” —Cory | _o__) Doctorow, 2014-02-05 | Ben Finney
Although I agree that being rejected service due to VPN usage is both sad and problematic, they are probably correct that more fraud happens via VPNs. It is the same with TOR. Although there are a multitude of reasons for regular citizens to use TOR or VPNs to protect their privacy, it is also true that these technologies make it safer for people to conduct criminal activity. To me, the situation we are in as users-of-VPNs-for-privacy-reasons is similar to that of an insurance company telling me that when I was a 25yo male, my car insurance was much more expensive. I could talk to them as much as I want about my personal driving record, or about other aspects of my demographic which would indicate I may be a safe driver. In the end, I believe them when they have the aggregate statistics to say that _on average_ 25yo males are worse than most other drivers. Unfortunately I don't think that the banking institution is doing anything unreasonable _from the perspective of a business trying to maximize profit_, even though it is unreasonable from a privacy/ethical perspective. I hope that as more people move onto VPNs and TOR, that the loss of business from excluding those users outnumbers the loss in money from fraudulent transactions. Then it becomes good business to allow VPN and TOR users to access financial services. On 2017-04-21 10:29, Ben Finney wrote:
Brian May <brian@linuxpenguins.xyz> writes:
Part of the problem here is how poor the security is on Internet credit card transactions. All you have to do is place a transaction, and after the goods have been shipped dispute it with the credit card company (I lost my card!). Then the retailer has to try and prove that the transaction was genuine (they can't).
Agreed. What concerns me is the *additional* implied claim: that connections over a VPN will be so much more difficult to authenticate, that the “financial partner” must exclude them.
I am not sure if there is any truth in the claim that VPNs attract fraudulent credit card. Just as easy to get away with credit card fraud without a VPN I think.
I agree, and that was the position I pressed: that this was needlessly discriminatory to people using a VPN connection, and that the justification of “maybe fraud” does not justify that specific discrimination.
I'm open to evidence that does support that claim. My knowledge, of how credit cards fraud varies in different scenarios, is quite lacking.
If you think this is bad, wait until you won't be able to buy anything from outside Australia *without VPN* http://www.zdnet.com/article/ato-fails-to-rule-out-website-blocking-to-enfor... On Fri, Apr 21, 2017 at 11:02 AM, <peter@serwylo.com> wrote:
Although I agree that being rejected service due to VPN usage is both sad and problematic, they are probably correct that more fraud happens via VPNs. It is the same with TOR. Although there are a multitude of reasons for regular citizens to use TOR or VPNs to protect their privacy, it is also true that these technologies make it safer for people to conduct criminal activity.
To me, the situation we are in as users-of-VPNs-for-privacy-reasons is similar to that of an insurance company telling me that when I was a 25yo male, my car insurance was much more expensive. I could talk to them as much as I want about my personal driving record, or about other aspects of my demographic which would indicate I may be a safe driver. In the end, I believe them when they have the aggregate statistics to say that _on average_ 25yo males are worse than most other drivers.
Unfortunately I don't think that the banking institution is doing anything unreasonable _from the perspective of a business trying to maximize profit_, even though it is unreasonable from a privacy/ethical perspective.
I hope that as more people move onto VPNs and TOR, that the loss of business from excluding those users outnumbers the loss in money from fraudulent transactions. Then it becomes good business to allow VPN and TOR users to access financial services.
On 2017-04-21 10:29, Ben Finney wrote:
Brian May <brian@linuxpenguins.xyz> writes:
Part of the problem here is how poor the security is on Internet
credit card transactions. All you have to do is place a transaction, and after the goods have been shipped dispute it with the credit card company (I lost my card!). Then the retailer has to try and prove that the transaction was genuine (they can't).
Agreed. What concerns me is the *additional* implied claim: that connections over a VPN will be so much more difficult to authenticate, that the “financial partner” must exclude them.
I am not sure if there is any truth in the claim that VPNs attract
fraudulent credit card. Just as easy to get away with credit card fraud without a VPN I think.
I agree, and that was the position I pressed: that this was needlessly discriminatory to people using a VPN connection, and that the justification of “maybe fraud” does not justify that specific discrimination.
I'm open to evidence that does support that claim. My knowledge, of how credit cards fraud varies in different scenarios, is quite lacking.
_______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo /free-software-melb
Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
On 21/04/17 21:25, Adrian Colomitchi wrote:
If you think this is bad, wait until you won't be able to buy anything from outside Australia *without VPN*
http://www.zdnet.com/article/ato-fails-to-rule-out-website-blocking-to-enfor...
Yes, it's a great government we have now, NOT! I tried to download gnu bash from ftp.gnu.org using wget over the tor network.., that wouldn't work either "bad ip" in browser and "ERROR 400: Invalid request received from client." in bash. With "--no-proxy" it was fine, but we shouldn't have to do that either. Cheers A.
On Sun, Apr 23, 2017 at 04:08:03AM +1000, Andrew McGlashan wrote:
On 21/04/17 21:25, Adrian Colomitchi wrote:
If you think this is bad, wait until you won't be able to buy anything from outside Australia *without VPN*
http://www.zdnet.com/article/ato-fails-to-rule-out-website-blocking-to-enfor...
Yes, it's a great government we have now, NOT!
I tried to download gnu bash from ftp.gnu.org using wget over the tor network.., that wouldn't work either "bad ip" in browser and "ERROR 400: Invalid request received from client." in bash.
With "--no-proxy" it was fine, but we shouldn't have to do that either.
Cheers A.
Most FTP servers block Tor, but they also usually have a HTTP mirror so try using that.
participants (6)
-
Adrian Colomitchi -
Andrew McGlashan -
Ben Finney -
Brian May -
Jookia -
peter@serwylo.com