Hello,

We've all had our fill of chargebacks. I've thought for a long time that there should be a tool to help nip it in the butt. Myself and a couple of friends at Dreamsweb.net thought, what better tool than a searchable MySQL powered database forum.

We think that there should be a community where web host administrators could go to share any information on chargebackers. That way if you are suspicious of a client, you can do a search to look for any similarities. i.e. names, addresses, phone numbers, web site names, and maybe last four ccn's.

This is a completely private and free forum. All that you have to do is register with an administrative address from your hosting company.

The site is coming alive now, so it may not be up in your area yet.

I hope that we are not the only ones that see a need for this. After we saw a client charge back after 6 months of service last week, we felt that it was time to do something. There is a lot that credit card companies will not tell you that you have to learn by experience, so let's enlighten each other in what we have learned.

www.chargingback.com

daydreamer

I can't be the only one fed up with chargebacks:(

There is a site like that already. Its called http://www.hostabuse.com/.

Privacy policy come into effect here?

"Privacy policy come into effect here?"

Could you please elaborate?

I can't see having a policy to protect a an individual's privacy that has used your companies service with the full intent of not paying for it. And whom, chances are is now moving on to their next victim. Maybe you...

If we don't do something, no one else will.

True... but you would still be giving their information to a 3rd party. No point in having one if you don't honor it. Some people may think they are justified in doing a chargeback... and their intent may not have been to not pay for your services the whole time.

What we are hoping to point out here is those who sit there and get 6 months of good service, never even so much as sending in a support request and all goes fine, yet after all that time, the hosting company is left holding the bag.

We're also talking about these people who use stolen credit cards to get a site hosted. They do it all the time. We need to help each other, as if you have any experience with chargebacks on an internet business, you know that the processing companies are no help at all. I have heard them say time and time again.... "Well, that is the price you pay for having an internet based business....."

I would really like to know what other people feel about this....

dd

Hello
We have had another thread discussing ways to combat this.

Basically you need proof that it was the customer who ordered the service.
We now record the IP's of all customers ourselves rather than relyingon the card processor to do it.
We enforce a fax back account confirmation form.
We have also taken out chargeback insurance.

I think that covers all angles that we can possible cover.

The first test is about to happen:
Customer orders domain name, is sent receipt, is sent welcome e-mail. Now claims that the system told him his card had not been accepted.
Meanwhile he has used the domain name and obviously wanted to buy it in the first place.

It will be interesting to see what happens. Will his chargeback be successful?
Will our insurance pay up if it is?

We will have to wait and see.

Gordon

Hello Gordo:
Excuse me for my ignorance, but what is chargeback insurance?
I suppose that is a insurance against chargeback, but where do you take it? how?
A scanned License Driver and Credict Card sended by email ( I can't tell to the people to fax me, cause I live in Argentina, and that go to cost them more than 1 month of web host :) ) go to cover me against chargebacks?
Thanks in advance

You arrange it with your bank that you have the merchant accoutn with.
We are paying 1% on top of the normal commission rate.
Its worth it just for the extra few hours sleep it gives me, but it might not be so good for someone starting out who wants to keep the costs down.

Gordon

Thanks a lot Gordon for the Info.

Originally posted by GordonH
You arrange it with your bank that you have the merchant accoutn with.
We are paying 1% on top of the normal commission rate.
Its worth it just for the extra few hours sleep it gives me, but it might not be so good for someone starting out who wants to keep the costs down.

Gordon

Gordon,
do you get reimbursed for the amount charged back on your account or only for a percentage of it.
???

We have been inundated with fraud for the past 2 weeks. We log all IPs, but that doesn't make any difference. These guys try it from behind proxies and from different parts of the world. We verify each order manually, but still about 3 days ago one of them looked very convincing and accurate and we ended up registering a domain and creating an account. 2 days afterwards I had a "hunch" and after reviewing the order again and calling the customer I determined that this was indeed fraud. Well, now I have a stupid domain that I don't need and this guy is out there doing it again to another host.

It is unbelievable the amount of fraudulent transactions that this industry sees every month. I think there is a huge need for a company or organization that could track these transactions and keep them on a searchable database. It is also very obvious :angry: that these stupid banks are not doing anything at all to block these cards "quickly enough" after they are stolen.

The worst thing is that some of these people are just trying to get hosting for free, but on the other hand, some of them want to do nasty things, send spam and who knows what else. Do you imagine one of these scum bags with root access to one of your servers? :angry:

Originally posted by bert
. It is also very obvious :angry: that these stupid banks are not doing anything at all to block these cards "quickly enough" after they are stolen.

:angry:

Bert,
just wondering if its actually the banks who are not acting fast(not siding with them-can't stand them either :D)
But I always thought once the cardholder called the bank, they would stop the card immediately. So could it be the cardholder is not calling the bank? But then how is the cardholder supposed to know his card has been stolen when he has it right there in front of him and someone is racking up big bills with the cardnumber and expiry date off a reciept.
Makes me wonder. who is actually to blame??

I have an idea about how this could be done, I would need tech help in setting it up and getting the word out after, but I think there is a need for both sides of this issue, hosting and client fraud both, and at the same time keep all info confidential.

Originally posted by mekmal
I have an idea about how this could be done, I would need tech help in setting it up and getting the word out after, but I think there is a need for both sides of this issue, hosting and client fraud both, and at the same time keep all info confidential.

for the client side fraud. I believe the card companies are making a move, they finally seem to be feeling the pressure. epaynews had quite a bit on them yesterday.
for getting the info out you could use forums like this and http:\\chargingback.com
and i am sure the word will spread.

Clients? Clients have absolutely nothing to loose. Once the card is stolen that is it! You just get a chargeback from the bank.

Not even legitimate orders placed by legitimate cardholders have any validity if the client decides to do a chargeback.

I know so many stories about people ordering hosting, prepaying for a full year, using their account to the max, and after about 8 months putting a chargeback and the hosting company can't do absolutely anything about it! :angry: The "stupid" banks will always stand behind the client.

SORRY FOR DOUBLE POSTING! :D

We have been hit too. Always out of Malaysia, Singapore, and Indonesia for us. To combat this we now do the following. It takes time but in my opinion worth it.

1) Record all IP's. Run them in Sam Spade for a quick look. Most the time the IP comes from APNIC, yet the address they signed up from is US based.
2) Call all large signups, domain registrations for over two years, and all accounts signing up with a free web service address. If the sign up seems odd, it is odd for a reason.
3) If an address looks fishy, check it on Yahoo maps. You would be surprised how many people make up addresses not thinking we won't check. Then call to verify. It usually is a wrong number.
4) Another trick is to record the IP address, send the customer you have a *hunch* about an e-mail requesting extra info, then tell them they have to reply to that exact e-mail. Most fraudulent users will not respond because it will also grab the mail server they sent from. If they do respond, check the IP again.

Of course if someone REALLY wants to sign up fraudulently, we are powerless.

Anyone else have any tricks?

Those are all excellent ways to check. I guess in the end like you said if they really want it and know how to do it they will get it.

How is one supposed to rely on "total automation"? This is literally impossible if you don't want to run the risk of opening your servers to these "scum bags"

Unfortunately we will have to continue to create accounts manually until there is a solution to all this credit card insecurity.