> I pulled up the scripts our team had created to programmatically refund all the fraud victims. "Damn," I thought. "If this script doesn't work exactly like it's supposed to, there's no telling what could happen."
> [...] Lesson #2: It's OK to go manual sometimes
I'm not going to disagree that SOMETIMES a manual approach is better, but where's the part that validates the decision to the degree that it becomes a "lesson" from the incident? Just the fact that they managed to finish?
So why would refunding these transactions render the credit card thief unable to use these cards?
In any case, I’d guess this was traffic from a checker used by multiple people or some market site. Odds are the valid cards were immediately used elsewhere.
> [...] Lesson #2: It's OK to go manual sometimes
I'm not going to disagree that SOMETIMES a manual approach is better, but where's the part that validates the decision to the degree that it becomes a "lesson" from the incident? Just the fact that they managed to finish?