You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

ISSUE:    C.1

Require PCI compliance in registration process

 

Priority:
 

RAA Final Report (High Priority Item)


Issue/Request

Each registrar is required to validate the following data upon receipt from a registrant:
(1) Technical Data
(a) IP addresses used to register domain names.
(b) E‐mail Address
(i) Verify that registration e‐mail address(es) are valid.
(2) Billing Data
(a) Validate billing data based on the payment card industry (PCI standards), at a minimum, the latest version of the PCI Data Security Standard (DSS). Each registrar is required to validate the following data upon receipt from a registrant:
(3) Contact Data
(a) Validate data is being provided by a human by using some anti‐automatic form submission technology (such as dynamic imaging) to ensure registrations are done by humans.
(b) Validate current address WHOIS data and correlate with in‐house fraudulent data for domain contact information and registrant’s IP address.
(4) Phone Numbers
(i) Confirm that point of contact phone numbers are valid using an automated system.
(ii) (ii) Cross validate the phone number area code with the provided address and credit card billing address

Source: 
LEA original submission to the RAA-DT

Notes

Additional information regarding requests:
LEA
LEA Code of Conduct did not include this topic.
RAA-DT
Registrars are to be required to avail themselves of commercially available identity verification systems that will provide for time-of-registration validations.





RAA-DT Final Report


Discussion Points


Date Discussed

 

Registrars seek specific input regarding any “commercially viable” validation mechanisms available:

  • Discussion regarding cost and effectiveness of various mechanisms
  • Discussion regarding information availability (e.g., cardholder data if credit card processing is outsourced);
  • Discussion regarding variations from country to country in the availability of verification;
  • Discussion regarding potential barrier to online businesses and other registrants in  developing countries and/or level playing field.

18 Nov 2011

Proposed Text

Open


Status/Outcome

Under Discussion


Explanation

Open


COMMENTS:

Comments may be submitted using the “Add Comment” feature below.



 

To Leave a Comment on This Page:  Any user logged into Confluence will see an "Add Comment" button at the bottom of this page, which can be used to leave a comment.  To log in, click the "Log In" button on the gray control bar toward the top of the page, and enter your user name and password.  If you do not have a user name and password, please e-mail seth.greene@icann.org with "Log In" in the subject line. 

  • No labels