ncyoung.com

Top->Hire Me!->experience->all projects

 - Older in all projects: East Wind Art
 - Newer in all projects: Newer projects I need to add here

Top->Hire Me!->experience->projects by technology->ASP

 - Older in ASP: Ojia Resort
 - Jump to oldest entry: 100 Movies website

Top->Hire Me!->experience->projects by technology->ecommerce/credit card gateways

 - Older in ecommerce/credit card gateways: The Mover's Friend
 - Newer in ecommerce/credit card gateways: Hotspots credit card integration

Top->Hire Me!->experience->projects by role->Maintenance Programmer

 - Older in Maintenance Programmer: East Wind Art
 - Jump to oldest entry: Santa Barbara City College Quiz Maker

A client who uses Authorize.net started seeing a bunch of one cent transactions show up in their merchant interface. There's no way for someone to buy something for a penny at the site, so this was troubling.

We immediately changed the site passwords and the authorize.net account passwords. I audited the scripts to make sure that no-one had changed anything (made a bit harder to do by a recent design update of the site). I updated the scripts to use authorize.net's newer protocol which allows for an MD5 hash to be attached to the transaction as it is sent from our server to the authorize.net server.

I never did figure out exactly where the 1c transactions were coming from, which is a tiny bit troubling. But they have stopped.

As for the why, I can only think that someone had a big batch of stolen credit card numbers and was trying to figure out which ones were good accounts. We live in interesting times.



Dated: 11/01/2002