[jca]

I recently had a credit card number stolen (via the web, not the physical card itself) and it was used (among other things) to register a domain and website hosting plan under my name.

All of the contact details (name, address, number) of the domain are mine (perhaps to match the credit card billing records), except the contact email. (A fake yahoo.com email was used).

Questions:

Why register a domain name in my name (he/she paid for two years of hosting) when it would be shut down once the credit card company was alerted and cancelled the charge? (The website has a coming soon webhosting banner.)

More importantly, does anyone know how to search across WHOIS database records of all the domain registrars to find matches for Contact names, info?

In other words, I want to find out if any other domain names were registered in my name without my knowledge. Is there a way to do this?

Any help on this would be appreciated.

-jca

[theolein]

Automatically, there isn't AFAIK. Your best bet would probably be to contact a list of registrars starting with network solutions (www.netsol.com), explain your case and ask them for help. Apart from that, if you've cancelled your credit card, they can't use it anymore in anycase can they?

[jca]

Originally posted by theolein:
<STRONG>Apart from that, if you've cancelled your credit card, they can't use it anymore in anycase can they?</STRONG>

No. But why would you register a website/hosting plan with a stolen credit card? It was the biggest/last charge on the stolen account. It's too much trouble to register a website to "ping" the stolen credit card number to see if it's any good. The website never had anything other than the webhost's "coming soon" standard banner.

What would you have to gain?

-jca

[TNproud2b]

Go to www.networksolutions.com and click on the 'whois' link on the upper rt hand part of the page. It will let you search by 6 different criteria including name, IP, URL, etc

[fulmer]

yeah, whoever registered was coming from a certain IP. If it hasn't been too long, the domain registrar should have the logs. They could look up the IP and find out who the ISP for that IP is. Then the ISP could look at their logs and find out which user was on. It's possible, but not likely that anyone will act in a timely manner for you.

[jca]

Well, the website was registered/hosted through Verio. They were very unreceptive on the phone with regards to tracking the person down. I suppose it's just another chargeback issue for them.

I did call the registrar that Verio used, in Melbourne on the off chance Verio was slow in having the WHOIS record deleted. We'll see how much help they offer. (Hope they cancel it quickly.)

-jca

[theolein]

I agree with fulmer. Even with DHCP they should be able to narrow the IP down quite quickly from their logs. Perhaps you could call your credit card company and ask them about pressing charges or something?

I think it might have been a script kiddie who got the card number from astalavista or irc. It's also possible that there has been a major electronic theft somewhere (someone doing some sniffing via a bot at your isp) and your's is not the only credit card that has been stolen. I would check to see if something like that has happened at any of the stores where you have purchased online recently.

[Rolling Musubi]

On a related note regarding not getting any assistance for tracking the person down, someone recently had gotten ahold of one of my credit card info and used it to register for adult websites. What I found was just how lax the claims of some of these online billing sites are when it comes to illegal use of credit cards (i.e. where they state that they take such activities seriously) and just how difficult it is to get a human to deal with in such matters. Two of the billing sites (TSBILL and DCHARGE; both registered companies operating outside the U.S.) never bothered responding to my inquiries for information (besides the automated responses). I also sent notification to the websites where the perpetrator had his memberships and also got no response (except for the automated ones telling me to check with the appropriate billing company). Lastly, I also sent notice to hotmail's abuse center for which the person had used a fake email address and also got no response (except for MS' automated ones). I did contact my credit card company so I didn't have to pay for the charges but this incident did leave me wondering how my card got compromised to begin with (since I only used it at what one would consider the more known online etailing sites though it would not surprise me that some may have sold their databases to gain some additional revenue) and also, how some companies out there will do little in the way of assisting the individual when it comes to fraudulent use. You would think that they would want to track the perpetrator down but most likely, will just deal with it as a chargeback and be done with it (which is why the problem perpetuates itself).

The Federal Trade Commission website http://www.ftc.gov has some pointers on dealing with credit card fraud and what you can do to at least get some of this info to the appropriate channels such that all is not lost from ones ordeal.