alt Hacker NewsIt's up to the company, but since many companies don't want to keep card numbers around (and some processors don't let you see the card number anyway), they're probably more likely to block on identity. Maybe flag the IP address of the transaction for "additional screening" on all future transactions, etc.
Replies
nubinetwork • yesterday at 10:12 PM
CC numbers are also bound to get recycled eventually as cards expire and/or get replaced... even if you block a card, it might have a new owner 6 months or so later.
➕ show 1 reply
IPs are notoriously unreliable for identity pinning, particularly in this age of CGNAT.
If they can’t or don’t want cc numbers (makes sense considering how painful PCI guidelines are anyway) does that mean they need to rely on more tools from the processors or user accounts maintained by the merchant themselves?