--- Tiger Technologies <lists@tigertech.com> wrote:
>At 3/3/00 9:08 PM, Jeff Dafoe wrote:
>
>> Item D, to me, seems quite bizarre.
>>in item D your statements indicate
>>that you are not willing to address the risks and accept responsibility
>>for the parts of the transactions that are yours.
>
>Hmmm.
>
>I've been selling digital goods over the Internet for five years, and I
>can tell you that (despite what other people have recently said) in a
>"card not present" transaction, where you didn't get a point-of-sale or
>delivery signature, you have no defense against a chargeback. Absolutely
>none.
>
>It doesn't matter whether the address verification matched. All the
>customer has to say if they don't want to pay for such a transaction is
>"I didn't authorize the charge." When that happens, you won't get paid.
>There are no exceptions, because you have no proof it wasn't someone
>impersonating the customer who happened to know the customer's name and
>address.
>
>It's happened to me plenty of times, and there are hundreds of thousands
>of stolen card numbers floating around the Internet. The accepted figure
>is that about 1% of Internet credit card sales result in a chargeback
>where the customer claims the charge wasn't authorized, so it will happen
>to you.
>
>Now, when it is impossible to collect the money owed, it's reasonable
>that we have a way to cut off the service we've sold to that person,
>whether it was the actual owner of the card or not. That's not "bizarre":
>if someone uses fraud to "buy" ten years of domain service, it isn't
>right that I'll lose the $100 AND they can use the service for the next
>ten years for free.
>
>If word gets out that people can defraud any OpenSRS reseller and their
>domains will never be shut off, then the credit card kiddies are going to
>have an absolute field day. They'll come to your site and register dozens
>of domains just to impress their friends, and you'll lose thousands and
>thousands of dollars before you even see the names of the domains if you
>have a fully automated system.
>
I 200% agree with you and this is what I have been itterating here. People don't realize what risks they will get into when the word gets around that OpenSRS resellers cannot take back domains once it has been registered. Just take a trip to chat lines in IRC on EFnet and you will see dozens of "chat channels" dedicated to exchanging credit card info and account passwords and systems with security loopholes and ... I hate to see them passing the names of OpenSRS resellers around as Easy Targets for Fraud and simply childish games... when that happens, then OpenSRS will crumble under thousands of complaints a day. Just beware that this is a very likely possibility and during this development period we have to keep this in mind and develop methods to avoid it. The answer "simply don'r accept credit cards" is idiotic (no offense) and anyone who is running a serious business cannot operate without accepting credit cards. I have yet to see a successful, and profitable business that does not take credit cards.
>Here's a question for the TUCOWS folks: if someone uses a stolen credit
>card to buy a ten year domain from Domain Direct, and you get a
>chargeback two months later, do you shut off the domain or leave it going
>for the next ten years?
>
>If Domain Direct would turn it off, we should have the same power.
>Otherwise, they have a competitive advantage in that people committing
>fraud will avoid them and target us.
>
>I have no problem with the power being restricted (for example, requiring
>a liability release form to be signed by the reseller before OpenSRS
>turns off a domain).... but it ought to be available.
>
>--
>Robert L Mathews
>Tiger Technologies
Farhad Sadeghi
Coolfred Internet Services
http://www.coolfred.net
_____________________________________________________________
Email Powered by Everyone.net
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:23 EDT