Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is. If you spill the beans that you are checkin staying on site and browsing before buying, and it'll take a week till there's a tool for simulating that.


There is no security through obscurity only illusions of it.


Will people please stop saying that in this context?

Merchant-side fraud prevention schemes are not security. They are heuristics for reducing the number of bad transactions that the vendor has to handle.

Algorithms should be air-tight. Yes, the best way to ensure that they are is to make them public. Heuristics by definition are not airtight. The best way to get utility from them is to keep their nature hidden from parties trying to abuse the system.


It's analysing behaviour for patterns. If you let out what patterns you're looking for then those patterns change.


Wouldn't the patterns change after the fraudsters realize they are not working?


I'm not saying something like that will hold forever. It might take 2 months to figure out that sites check for that, and 2 weeks (/days) to code it up. If you make the information on your heuristic public, those 2 months just drop out straight.


It's a trap.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: