EXPLANATION OF REQUEST FOR IP ADDRESSES OR DOMAIN NAMES
As youare probablyaware,companies and organizations which process credit card transactions online have to deal with thieves who have stolen credit card numbers and who subsequently use those account numbers either to purchase goods for themselves or to sell to credit card theft rings. Prominent nonprofits such as the Red Cross, the UNICEF family, and others aretargeted by the thieves for testing ofthe cards to insure that the cards are still active so that the numbers can be sold to the rings as valid numbers. (Since nonprofits accept donations rather than shipping goods, it's the easiest way to test the validity of credit card numbers.)
Though we have no fault in this activity and it has nothing to do with the security of our site, we believe we have an obligation tominimizeit as much as we can. Consequently, we have in place filters which are intended to discourage the thievesfrom using our website in this way. One of the indicators of fraudulent activity is repeated transactions from the same IP address. This is true both domestically and from countries overseas (credit card thieves will typically test a large number of cards in a session). Since corporate offices are likely to be behind firewalls and all traffic is routed through a single IP address, donations from multiple employees of a single location will end up triggering the filters unless we whitelist the offices' domains or IP addresses (we can use either).
Another indication of possible fraudulent activity is a geographic mismatch between the location of a donor (determined by IP address) and the mailing address associated with the donor's credit card account (determined by zip code). To account for people with US addresseswho are travelling or temporarily living far from home, the relevant filters are not triggered until after the third attempt, giving the donor an opportunity to correct any mistakes that may have been made in entering their credit card information. Again, whitelisting the domains/IP addresses of the offices in question will supersede this filter if the donation is being made from the workplace, but if the corporate employee wants to make the donation from home, he/she will have three chances to get it right.
The security filters on our website were recently upgraded to ensure even greater protection for donors who use their credit cards to make online donations. In order to ensure that donors have no difficulty when making their donations, we will need toreceive the IP addresses or corporate domain names that would be used byyouremployees and associates.
Please let us know if you have questions.
Regards,
Managing Director of DDM and IT
U.S. Fund for UNICEF
125 Maiden Lane
New York, NY10038