Just a quick question. During the network solutions days, did the customer
ever have access to a control panel? In your automating code, would it be
possible to write a script which registers domain names in the customers
name for the customer, but leaves "manage your domain" functions completely
in the hands of the Internet service provider. I would have thought most
customers we are working with would be acquiring hosting from us, and
perhaps Web design. Most non cyber squater customers are new bees, and
don't even understand the domain registration process and wouldn't know what
to do with control panel access anyway. Maintain complete control panel
access yourselves and be available to your customers for updates. This
might even make it easier for her clients as well, and you don't have to
worry about fraud artists than. Just a thought. Comments?
_________________ L e x D u n k e l m a n ________________
----- Original Message -----
From: Coolfred Internet Services <coolfred@coolfred.org>
To: <lists@tigertech.com>; <discuss-list@opensrs.org>
Sent: Saturday, March 04, 2000 5:40 AM
Subject: Re: New Ideas for OpenSRS (or wish list) - Reseller Access
>
>
> --- Tiger Technologies <lists@tigertech.com> wrote:
> >At 3/3/00 9:08 PM, Jeff Dafoe wrote:
> >
> >> Item D, to me, seems quite bizarre.
> >>in item D your statements indicate
> >>that you are not willing to address the risks and accept responsibility
> >>for the parts of the transactions that are yours.
> >
> >Hmmm.
> >
> >I've been selling digital goods over the Internet for five years, and I
> >can tell you that (despite what other people have recently said) in a
> >"card not present" transaction, where you didn't get a point-of-sale or
> >delivery signature, you have no defense against a chargeback. Absolutely
> >none.
> >
> >It doesn't matter whether the address verification matched. All the
> >customer has to say if they don't want to pay for such a transaction is
> >"I didn't authorize the charge." When that happens, you won't get paid.
> >There are no exceptions, because you have no proof it wasn't someone
> >impersonating the customer who happened to know the customer's name and
> >address.
> >
> >It's happened to me plenty of times, and there are hundreds of thousands
> >of stolen card numbers floating around the Internet. The accepted figure
> >is that about 1% of Internet credit card sales result in a chargeback
> >where the customer claims the charge wasn't authorized, so it will happen
> >to you.
> >
> >Now, when it is impossible to collect the money owed, it's reasonable
> >that we have a way to cut off the service we've sold to that person,
> >whether it was the actual owner of the card or not. That's not "bizarre":
> >if someone uses fraud to "buy" ten years of domain service, it isn't
> >right that I'll lose the $100 AND they can use the service for the next
> >ten years for free.
> >
> >If word gets out that people can defraud any OpenSRS reseller and their
> >domains will never be shut off, then the credit card kiddies are going to
> >have an absolute field day. They'll come to your site and register dozens
> >of domains just to impress their friends, and you'll lose thousands and
> >thousands of dollars before you even see the names of the domains if you
> >have a fully automated system.
> >
>
> I 200% agree with you and this is what I have been itterating here. People
don't realize what risks they will get into when the word gets around that
OpenSRS resellers cannot take back domains once it has been registered. Just
take a trip to chat lines in IRC on EFnet and you will see dozens of "chat
channels" dedicated to exchanging credit card info and account passwords and
systems with security loopholes and ... I hate to see them passing the names
of OpenSRS resellers around as Easy Targets for Fraud and simply childish
games... when that happens, then OpenSRS will crumble under thousands of
complaints a day. Just beware that this is a very likely possibility and
during this development period we have to keep this in mind and develop
methods to avoid it. The answer "simply don'r accept credit cards" is
idiotic (no offense) and anyone who is running a serious business cannot
operate without accepting credit cards. I have yet to see a successful, and
profitable business that!
> does not take credit cards.
>
> >Here's a question for the TUCOWS folks: if someone uses a stolen credit
> >card to buy a ten year domain from Domain Direct, and you get a
> >chargeback two months later, do you shut off the domain or leave it going
> >for the next ten years?
> >
> >If Domain Direct would turn it off, we should have the same power.
> >Otherwise, they have a competitive advantage in that people committing
> >fraud will avoid them and target us.
> >
> >I have no problem with the power being restricted (for example, requiring
> >a liability release form to be signed by the reseller before OpenSRS
> >turns off a domain).... but it ought to be available.
> >
> >--
> >Robert L Mathews
> >Tiger Technologies
>
> Farhad Sadeghi
> Coolfred Internet Services
> http://www.coolfred.net
>
> _____________________________________________________________
> Email Powered by Everyone.net
>
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:23 EDT