opinion

Why VISA/MC Drives Me Nuts!

Tired of being manipulated, penalized, and discriminated against by the major credit card companies simply because you are an online merchant - and worse yet - in the porn business? Well, so is Doug, and if you’re like him, you’re shaking your head and wondering why…

I think at this point that anyone who is not scrubbing for fraud in transactions is asking for severe trouble. And it makes no sense that VISA/MC will not share their data on stolen cards with the processing gateways. But what we have seen this year for fraud is quite a bit more disturbing, and points in my mind to a fundamental need for better general security in cards and an end to the conflict between card companies and legitimate webmasters through finding win-win solutions that benefit and grow both parties' business. Virtual VISAs are one good solution... But the reality is, while the concept of virtual VISA is great, 99.99% of users will rely on their tried and true plastic.

The adult industry is in the spotlight as being a "bad risk" in their eyes, but I strongly disagree. If you eliminate the "friendly fraud" incidents and factor in that (unlike I suspect most of the "traditional" online processors) adult merchants almost unilaterally use fraud scrubbing/negative databases, require CVV2, and billing address verification, that says we've taken steps to the maximum possible limit under current technology. We stop thousands of dollars of suspicious transactions weekly because of these checks (believe me, I've checked, it's a depressingly high number). Our affiliate program has gone one step further; I've written a fraud scrubbing database for our webmasters which runs numerous checks and will not activate webmasters' accounts if there is something fishy.

So what happens in a real-world situation where we find clear-cut fraud and try to thwart it? I'll give you one recent example. We began receiving a high number of chargebacks linked to one affiliate. I immediately cancelled the affiliate and refunded every single transaction that they processed that had not been charged back. There was no question upon detailed review of the transaction that they were not legitimate, though nothing in looking at daily signups would have aroused suspicion.

Conversions looked a little good, but then again, lots of our webmasters whom I know are legitimate were converting just as well. But they still made it through our gateway's fraud database and address verification, and, much more disturbingly, almost all of them had CVV2. Coming across a hundred transactions designed to bypass every defense disturbed me greatly, especially since they had CVV2 in most cases... to me this smacked of an organized operation with a database of stolen information. I immediately contacted VISA and told them I had strong evidence that someone had a database of cards including CVV2, address, phone number, and that none of the cards were cancelled. I gave them the name and address of the webmaster responsible and told them they had successfully cashed their affiliate check, as well as the social security number.

They transferred me to Internet Support who wanted to walk me through my network settings! Obviously the persons I spoke with had no clue what any of what I described - fraud scrubbing, etc. - meant, and had a reaction of "well, it sounds like something internetish so I'll forward them there." I got transferred to someone else after that who told me, "Well, that's interesting, we can't really do anything, you'd need to go to the issuing banks." I asked how to do that and the response was vague - there was probably a different issuing bank for every card, I'd have to somehow determine what bank issued the card, and different banks had different procedures for handling this, but there was nothing VISA/MC could do. They did not even seem concerned about it! I offered them every assistance - IP addresses (there were actually only two, from a broadband ISP in Brooklyn), even going so far as to get a photocopy of one of the checks he cashed.

If they were so concerned about fraud, why would they not consider nailing this scumbag a major victory? We're a small program and I would be willing to bet he ran this scam on dozens of other affiliate programs, and probably hit quite a few of the major third party billers with lots of chargebacks as well, and those guys processing hundreds of thousands of transactions a day would have real difficulty detecting and stopping the source.

We actively tried to pursue a clear-cut case of fraud with lots of evidence supporting it and there is no way even with all of this to do what we supposedly as adult webmasters are not concerned with, stopping fraud. Who wants a fishy transaction much less a series of them? We lose the cost of the transaction plus fees and chargebacks. We even failed to reverse some of the chargebacks in cases where we had refunded the original transaction! Stopped at every turn.

The card companies need to look hard - not at adult merchants, but at the reality that *all* online merchants are in a paperless environment and that is the future of credit cards. CVV2 does not cut it. What happened to SET?

I know for a fact I can go into any store in my town and buy something with a credit card without ID. Pretty much everywhere that is the case. How is this much more secure? Because they get a signature? Offline merchants are in reality no more secure in their nature than online – they may have fewer chargebacks maybe because the perception is that they are though. Carbon copies with complete credit info thrown in the trash, clerks making $4 an hour handling hundreds, even thousands of dollars a day where they could easily get information necessary to steal that card. Compare buying books at the local bookstore with buying them through one of the online e-tailers:

Offline. Hand them your card. They have signature and date, usually no confirmation of ID. If it's not swiped, then they have a nice carbon of your card which probably is thrown in the trash by a minimum wage clerk without being shredded, then it's handed off to trash where anyone could sift through and find it.

Online. Date, originating internet address (which ISPs can in most cases easily use to track back the exact location of the transaction), customer's complete billing address, CVV2, we even get originating country as reported by the browser, language of the customer who is browsing. The only card number record is stored in a secured database behind an encrypted administrative interface along with this information.

Much more documentation online to intelligently re-examine if need be later. Just because you can look a person in the eye when they buy from you does not mean you can trust them. Jeffrey Dahmer seemed like a nice person to most people who met him, you know?

I would suggest that there be an automated internet response set up by card companies that webmasters can submit fraudulent transaction details - as many as we have to offer, which is usually substantial - and have them research it. Not just for adult but for all online businesses. Perhaps create an additional incentive for webmasters actively using the service in cutting a half-percentage point off of their rate or factoring this into their chargeback percentage scoring in their favor as a way of saying, "Hey, we were wrong about these internet sites, I can see from all the data they're giving us that they really do believe in being ethical merchants."

Stopping "friendly fraud" is a more daunting task but that also could be worked into the reporting system. Instead of putting us under review, put customers who chargeback excessively under review. "Uhm, Mr. Smith, we realize you may have a valid reason to charge this back, but we'd like to talk with you because we can see from your file that this is beginning to be a pattern." Ethics are a two-way street. Suspend customers' cards if they exceed 1% chargeback volume in a month!

Get rid of the whole reason code scheme for the most part as it applies to online. Sure, I can see fraudulent transaction, but "card not present"? "Cancel recurring billing"? If a customer can't find how to cancel when it's on our main members' page, the page they joined the site with, a customer service site, and an automated responder, most of which are in as many as ten languages, how on earth can that be my fault? How can this person find food at night? Is it reasonable to expect that when the system is 99.99% automated for cancellation that I have to walk every single person through a painfully simple process or do it for them?

And someone stop these foreign banks from charging back dollar transactions in Euros. I didn't feel quite as annoyed about that until Euro and dollar switched positions in exchange rates – Sorry about the book, these things drive me NUTS! ~ Doug

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Unpacking the Payment Card Industry's Latest Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements and guidelines that apply to all businesses that accept credit card payments, and is designed to ensure the security of those transactions.

Jonathan Corona ·
opinion

Compliance With State Age Verification Laws

During the past year, website operators have faced a slew of new state age verification laws entailing a variety of inconsistent compliance obligations.

Lawrence Walters ·
opinion

Merchants in Spotlight With Visa's VIRP

By now, most merchants know about the Visa Integrity Risk Program (VIRP) rolled out in spring 2023. The program is designed to ensure that acquirers and their designated agents — payment facilitators, independent sales organizations and wallets — maintain proper controls and oversight to prevent illegal transactions from entering the Visa payment system.

Cathy Beardsley ·
opinion

How to Know When Hosting Upgrades Are Really Needed

I was reminded about an annoyingly common experience that often frustrates website owners: upgrades. Sometimes, an upgrade of physical system resources like CPU, RAM or storage really is required to solve a problem or improve performance… but how do you know you’re not just being upsold?

Brad Mitchell ·
profile

WIA Profile: Natasha Inamorata

Natasha Inamorata was just a kid when she first picked up a disposable camera. She quickly became enamored with it and continued to shoot with whatever equipment she could afford. In her teens, she saved enough money to purchase a digital Canon ELPH, began taking portraits of her friends, shot an entire wedding on a point-and-shoot camera and edited the photos with Picnik.

Women in Adult ·
trends

Collab Nation: Top Creators Share Best Practices for Fruitful Co-Shoots

One of the fastest ways for creators to gain new subscribers and buyers, not to mention monetize their existing fan base, is to collaborate with other creators. The extra star power can multiply potential earnings, broaden brand reach and boost a creator’s reputation in the community.

Alejandro Freixes ·
opinion

Bridging Generational Divides in Payment Preferences

While Baby Boomers and Gen Xers tend to be most comfortable with the traditional payment methods to which they are accustomed, like cash and credit cards, the younger cohorts — Millennials and Gen Z — have veered sharply toward digital-first payment solutions.

Jonathan Corona ·
opinion

Legal and Business Safety for Creators at Trade Shows

As I write this, I am preparing to attend XBIZ Miami, which reminds me of attending my first trade show 20 years ago. Since then, I have met thousands of people from all over the world who were doing business — or seeking to do business — in the adult industry.

Corey D. Silverstein ·
opinion

Adding AI to Your Company's Tech Toolbox

Artificial intelligence is all the rage. Not only is AI all over the headlines, it is also top of mind for many company leadership teams, who find themselves asking, “How can this new tool help our company?”

Cathy Beardsley ·
opinion

The Ins and Outs of IP Addresses: What Website Owners Should Know

Think about your home address, the place you live. It is unique. That’s important because when you decide to invite someone over, they will need directions to find you. It’s even more important if you want a lot of visitors.

Brad Mitchell ·
Show More