Daniel Lemire's blog

, 2 min read

The day I subscribed to a dozen porn sites…

This morning, I noticed some odd charges on my VISA card. They were attributed to sites such as videosupport1.com, bngvsupport.com, paysupport1.com, bdpayhelp.com. I called up my bank. They gave me the phone number of the company behind these pay sites and told me to ask what the charges were for. I called the company behind these sites and they were very nice. They listed about a dozen porn sites that I was a member of. (Update: I don’t actually know that they are porn sites. I assume they are. The company behind sites such as videosupport1.com is a large porn company.) Apparently, someone used my name, my card number and email address. Of course, I never got any email about this. There is no mention anywhere in my inbox that I subscribed to these sites. VISA never checked with me.

I called back my bank as this is a clear case of fraud. There was a pause. Then the agent started arguing with me that fraudsters do not use stolen card numbers for porn sites, and when they do they never use the owner’s name and email address. They told me that even if they tried to declare it as fraud, it would contested and amount to nothing. Basically, they told me that it was my problem. They did not even offer to block my credit card to prevent further transactions.

Effectively, it appears that the burden of proof is on me to show that I did not subscribe to a dozen porn sites. How do you prove such a thing? You do not.

It seems to me that it is backward… they should have to prove that I did, indeed, subscribe to these services.

Note: Christopher Smith pointed out that the fact that it was porn made me less credible. Apparently, lots of men are caught by their significant other buying porn and they then deny having done so.

Update: After two more phone calls, another agent agreed that the charges were suspicious and marked them as fraud. I offered access to my email account (gmail) and pointed out that I never bought porn before (as they can readily verify), and certainly not hundreds of dollars worth.

As a computer scientist, this story troubles me somewhat. One thing that computer scientists are very worried about are protocols that are open to abuse. I knew about the danger of identity theft and online fraud, but I always assumed that credit-card vendor took this seriously. As we transition to an e-commerce economy, such weak security will come back to haunt us. Update 2: I estimate the fraud to $290. I will recover most of it.