Home > Features > Why VISA/MC Drives Me Nuts! • Bookmark   • Newsletters   • Register Search Options


Why VISA/MC Drives Me Nuts!

Why VISA/MC Drives Me Nuts!

June 28, 2003
Text size: 
Get XBIZ News
XBIZ Research
Will virtual reality boost the paysite market?
Yes, it will soon
Yes, but in a few years
Out of 179 votes. Results based on votes submitted by members of XBIZ.net social network.

" I know for a fact I can go into any store in my town and buy something with a credit card without ID. Pretty much everywhere that is the case. How is this much more secure? Because they get a signature? "

Tired of being manipulated, penalized, and discriminated against by the major credit card companies simply because you are an online merchant - and worse yet - in the porn business? Well, so is Doug, and if you’re like him, you’re shaking your head and wondering why…

I think at this point that anyone who is not scrubbing for fraud in transactions is asking for severe trouble. And it makes no sense that VISA/MC will not share their data on stolen cards with the processing gateways. But what we have seen this year for fraud is quite a bit more disturbing, and points in my mind to a fundamental need for better general security in cards and an end to the conflict between card companies and legitimate webmasters through finding win-win solutions that benefit and grow both parties' business. Virtual VISAs are one good solution... But the reality is, while the concept of virtual VISA is great, 99.99% of users will rely on their tried and true plastic.

The adult industry is in the spotlight as being a "bad risk" in their eyes, but I strongly disagree. If you eliminate the "friendly fraud" incidents and factor in that (unlike I suspect most of the "traditional" online processors) adult merchants almost unilaterally use fraud scrubbing/negative databases, require CVV2, and billing address verification, that says we've taken steps to the maximum possible limit under current technology. We stop thousands of dollars of suspicious transactions weekly because of these checks (believe me, I've checked, it's a depressingly high number). Our affiliate program has gone one step further; I've written a fraud scrubbing database for our webmasters which runs numerous checks and will not activate webmasters' accounts if there is something fishy.

So what happens in a real-world situation where we find clear-cut fraud and try to thwart it? I'll give you one recent example. We began receiving a high number of chargebacks linked to one affiliate. I immediately cancelled the affiliate and refunded every single transaction that they processed that had not been charged back. There was no question upon detailed review of the transaction that they were not legitimate, though nothing in looking at daily signups would have aroused suspicion.

Conversions looked a little good, but then again, lots of our webmasters whom I know are legitimate were converting just as well. But they still made it through our gateway's fraud database and address verification, and, much more disturbingly, almost all of them had CVV2. Coming across a hundred transactions designed to bypass every defense disturbed me greatly, especially since they had CVV2 in most cases... to me this smacked of an organized operation with a database of stolen information. I immediately contacted VISA and told them I had strong evidence that someone had a database of cards including CVV2, address, phone number, and that none of the cards were cancelled. I gave them the name and address of the webmaster responsible and told them they had successfully cashed their affiliate check, as well as the social security number.

They transferred me to Internet Support who wanted to walk me through my network settings! Obviously the persons I spoke with had no clue what any of what I described - fraud scrubbing, etc. - meant, and had a reaction of "well, it sounds like something internetish so I'll forward them there." I got transferred to someone else after that who told me, "Well, that's interesting, we can't really do anything, you'd need to go to the issuing banks." I asked how to do that and the response was vague - there was probably a different issuing bank for every card, I'd have to somehow determine what bank issued the card, and different banks had different procedures for handling this, but there was nothing VISA/MC could do. They did not even seem concerned about it! I offered them every assistance - IP addresses (there were actually only two, from a broadband ISP in Brooklyn), even going so far as to get a photocopy of one of the checks he cashed.

If they were so concerned about fraud, why would they not consider nailing this scumbag a major victory? We're a small program and I would be willing to bet he ran this scam on dozens of other affiliate programs, and probably hit quite a few of the major third party billers with lots of chargebacks as well, and those guys processing hundreds of thousands of transactions a day would have real difficulty detecting and stopping the source.

We actively tried to pursue a clear-cut case of fraud with lots of evidence supporting it and there is no way even with all of this to do what we supposedly as adult webmasters are not concerned with, stopping fraud. Who wants a fishy transaction much less a series of them? We lose the cost of the transaction plus fees and chargebacks. We even failed to reverse some of the chargebacks in cases where we had refunded the original transaction! Stopped at every turn.

The card companies need to look hard - not at adult merchants, but at the reality that *all* online merchants are in a paperless environment and that is the future of credit cards. CVV2 does not cut it. What happened to SET?

I know for a fact I can go into any store in my town and buy something with a credit card without ID. Pretty much everywhere that is the case. How is this much more secure? Because they get a signature? Offline merchants are in reality no more secure in their nature than online – they may have fewer chargebacks maybe because the perception is that they are though. Carbon copies with complete credit info thrown in the trash, clerks making $4 an hour handling hundreds, even thousands of dollars a day where they could easily get information necessary to steal that card. Compare buying books at the local bookstore with buying them through one of the online e-tailers:

Offline. Hand them your card. They have signature and date, usually no confirmation of ID. If it's not swiped, then they have a nice carbon of your card which probably is thrown in the trash by a minimum wage clerk without being shredded, then it's handed off to trash where anyone could sift through and find it.

Online. Date, originating internet address (which ISPs can in most cases easily use to track back the exact location of the transaction), customer's complete billing address, CVV2, we even get originating country as reported by the browser, language of the customer who is browsing. The only card number record is stored in a secured database behind an encrypted administrative interface along with this information.

Much more documentation online to intelligently re-examine if need be later. Just because you can look a person in the eye when they buy from you does not mean you can trust them. Jeffrey Dahmer seemed like a nice person to most people who met him, you know?

I would suggest that there be an automated internet response set up by card companies that webmasters can submit fraudulent transaction details - as many as we have to offer, which is usually substantial - and have them research it. Not just for adult but for all online businesses. Perhaps create an additional incentive for webmasters actively using the service in cutting a half-percentage point off of their rate or factoring this into their chargeback percentage scoring in their favor as a way of saying, "Hey, we were wrong about these internet sites, I can see from all the data they're giving us that they really do believe in being ethical merchants."

Stopping "friendly fraud" is a more daunting task but that also could be worked into the reporting system. Instead of putting us under review, put customers who chargeback excessively under review. "Uhm, Mr. Smith, we realize you may have a valid reason to charge this back, but we'd like to talk with you because we can see from your file that this is beginning to be a pattern." Ethics are a two-way street. Suspend customers' cards if they exceed 1% chargeback volume in a month!

Get rid of the whole reason code scheme for the most part as it applies to online. Sure, I can see fraudulent transaction, but "card not present"? "Cancel recurring billing"? If a customer can't find how to cancel when it's on our main members' page, the page they joined the site with, a customer service site, and an automated responder, most of which are in as many as ten languages, how on earth can that be my fault? How can this person find food at night? Is it reasonable to expect that when the system is 99.99% automated for cancellation that I have to walk every single person through a painfully simple process or do it for them?

And someone stop these foreign banks from charging back dollar transactions in Euros. I didn't feel quite as annoyed about that until Euro and dollar switched positions in exchange rates – Sorry about the book, these things drive me NUTS! ~ Doug


How Advertisers Use Your Devices to Sell You Stuff

The paranoia has reached an all-time high. Now some people actually believe that their microwave ovens are spying on them — despite the fact they don’t have any listening devices or cameras.... More »

As Mobile Grows, So Does Need to Push Sales

The number of consumers browsing and buying online will reach 270 million by 2020, driven largely by activity on mobile devices, according to Forrester. Business is booming and the fact that most purchases... More »

With AI, Routine Tasks Start Fading Away

I just turned 42. The list of things I may never do again is growing fast. I no longer dream that I will become an Olympian in any sport except archery or horseback riding. The oldest Olympians in those... More »
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.

Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Access the latest issues of the industry's leading trade publications in digital form. View online or download for offline viewing.


XBIZ.net Paysite Meetup

May 04 - May 04
Prague, Czech Republic

Eurowebtainment 2017

May 17 - May 20
Majorca, Spain

XBIZ Retreat

May 30 - Jun 03
Miami, Florida

XBIZ Miami 2017

May 30 - Jun 02
Miami, Florida
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!