Hi all. I have as most of you experienced a charge back or two. I have an idea that doesn't seem to be widely implemented so I thought I would post it here and see if there is a known reason why it wouldn't work.

lets say you use a 3rd party like paypal or 2checkout. Then when a user signed up the thank you page is a billing authorization form for the user to fill out sign and fax back to you with his data and signature. This would provide irrefutable that the user did indeed initiate the charge.

I am sure this brings up a few points suck as is it even legal to obtain and store that kind of information since you aren't the actual processor, and would the processor even act on the information if the had it to dispute the charge back.

I have had servers myself where this information was given before the account was set up, however I cant remember if that company had their own merchants account or not.

Anyway sound off > terrible idea ? illegal ? even so could it be the thing to make a user think twice before going for the free hosting scam ?

I think that is legal. That is what Gary does with his WebHostingBilling software. I really don't see why it would be illegal but I could be wrong.

Andrew

It (WHB) seems to use a merchants account but I cant really tell because theres not much info at the site and the admin panel demo dosent work for me.
I know its leagal with a merchants account as I have one. I just dont have the scripting abilities to set up aoutomated accounts with my payment server (in house).

This is common place. While it helps in preventing fraud, it doesn't prevent or help you win all chargeback disputes. If you read your merchant account agreement, it states imprinted sale draft with signature. A photocopy even with a copy of the crdit card can be argued stolen.

It is still a very good idea, because some banks will accept it.

UmBillyCord:
I am sure it would help when a person uses thier own merchants account, better than nothing anyway right.
What I am trying to figgure out is if any one has ever taken this aproach when using a 3rd party processor.
Has anyone ever tried it or use it now sucessfully ??

Then when a user signed up the thank you page is a billing authorization form for the user to fill out sign and fax back to you with his data and signature. This would provide irrefutable that the user did indeed initiate the charge.



It would slow the sales process and lose sales because people paying online expect to simply pay online. You also forget that signatures can be [often easily] forged.

I am sure this brings up a few points suck as is it even legal to obtain and store that kind of information since you aren't the actual processor, and would the processor even act on the information if the had it to dispute the charge back.


No idea how it works in the US, but in the UK such information is covered by the Data Protection Act [1987, I think]. There are strict regualtions as how such information can be stored, let alone used. Such a system as you suggests would require legal advice on what regulations are in force.

And note that not everyone has a fax machine - I certainly don't and see no reason to ever contemplate having one. Expect established businesses to have fax machines, but not necessarily personal users.

It would also offer poor security for the user if you had to resort to using postal services - you'd need something specific like Recorded Delivery, which is more expensive, and adds to your costs.

The storage of such information would also have to be very secure. What if a little brother or friend walked out with the exact credit card info for a few hundred customers? You yourself could potentially be held legally responsible for the loss and misuse of such information, and therefoer face litigation from all cstomers affected.

All in all, the methods suggested would cost you far more in terms of custom than a few chargebacks would. You simply have to accept the risks that are there, and keep them minimal.

Personally, having just purchased through 2Checkout, I think every possible effort is made to avoid fraud through the supply of extensive personal details. If I were defrauding, I would find it exceptionally difficult through that interface.

In which case you are left with fickle customers - and you can never completely avoid them.

When you say "chargeback" do you mean due to fraud or due to "buyers remorse?"

We try to avoid fraud by:

1) blocking IP addresses of certain countries that are hotbeds of fraud (yes we may be missing a few legitimate businesses from Turkmenistan, but I ain't losing any sleep over it).
2) manually process every order. First we eyeball it. If it looks good, we'll process it. What do I mean by good vs bad order? Do they order every add on? 5 year domain names? Have differnt name than the credit card holders?
3) log IP addresses. If the order looks suspect, the first thing we do is a traceroute to see if the geographic location of the order matches the location of the ISP.
4) Call the card holder. If it looks fishy, we'll spend the few cents to make the long distance call. Beats a chargeback.
5) match the cvv2 code. Some sophistacted rings get these number too, but if they don't match, RED FLAG the order and see rule #4.

We've had disputes, mostly from clients that forget they have a website (yes it does happen) and a few in the early days before we switched our merchant account to our DBA instead of our incorporated name.

As far as buyers remorse, we offer a 30-day money back guarantee. After that, there should be no need for a charge back.

Also, AFAIK, charge backs hurt your rep. If you can, call the customer and offer to credit them back, if they pull their charge back request. Crediting a client doesn't hurt your standing with the merchant account. I have a partner that handles this aspect of the biz, so I am not sure if I am 100% accurate.

Just some thoughts.

Pete Stoermer
TotalHosting.com