Re: [gnso-rap-dt] revised WHOIS note

[Roland Perry <roland@xxxxxxxxxxxxxxxxxxxxxxxx>]

In message 
<20090721151652.9c1b16d3983f34082b49b9baf8cec04a.fadb9ba6ac.wbe@xxxxxxxxx
ureserver.net>, at 15:16:52 on Tue, 21 Jul 2009, James M. Bladel 
<jbladel@xxxxxxxxxxx> writes
> But does this not present the paradox of a criminal entering fraudulent
> WHOIS data, and then purchasing (or stealing) Proxy Services to obscure
> that fraudulent data?
>
> Or, does this scenario presume that a (not very bright) criminal will
> operate a fraudulent website, but enter their -valid- contact
> information behind a Proxy service?  This is analogous to someone
> burglarizing an darkened home, but leaving their wallet behind.
I thought I'd covered those objections when I said:

"I'm aware that they might just be hiding false details, but shouldn't 
registrars be doing more checks on such things? For example, where a 
domain is paid for by a Credit Card, making available as default the 
address details used to verify that payment."
(Yes, some domains will be paid by stolen CC, but shouldn't they be 
cancelled as soon as that is discovered?)
Here in the UK we can't enter any serious financial transaction (or even 
pay large amounts of cash into a bank) without proving ID. It's money 
laundering regulations.
>In fact, the recent SSAC report seems to indicate that these services 
>provide some security benefits for registrants versus hijacking /
>compromised accounts.

I would be surprised if the SSAC understands the extent to which online 
fraud is being perpetrated upon the public. Almost no-one else seems to 
(including most governments and police, who typically don't even have a 
way to record crime reports, let alone investigate all but the most 
serious).
I appreciate that as a registrar (I used to be one too), or Proxy 
operator, any extra work will be resisted, but I have a feeling that 
it's time a sturdier "know your customer" philosophy should kick in.
--
Roland Perry