Nick Szabo writes:
For online services, where the customer can be billed in near real-time, the case where a large bill approaches the credit limit is at least exceptional, and might be eliminated entirely.
I run a national network of public-access email systems. We do not validate anything about our callers and when they run a credit card charge, all we ask for is the name on the card -- we don't check that against anything. We have 50% more subscribers than the Well and we're making buckets of money. Even though our callers are anonymous we still see a chargeback rate of less than 0.5%, which we consider to be an acceptable cost of doing business. It's my opinion that we have four things working in our favor: 1. Most people are honest. When you start analyzing the different ways that people can screw you, you can quickly forget this point. 2. People buy their time in advance. We "see" these people on a regular basis so we can partially "recover" by shutting off an account operating on fraud-based monies. 3. We limit people to buying only what they need for the short term and do not give them the opportunity to charge up a card. 4. We have a long memory for bad card numbers and shady customers. :-) I say these things because I've noticed that there is a general assumption that anyone doing commerce in a more anonymous environment like cyberspace is going to be Under Siege at All Times by People in Black Hats. That's an appropriate attitude to take in order to set the context for the discussion of ways to prevent fraud, etc. But! don't be surprised that when you present the results of your efforts to people who are looking to do business on the net, that they will tell you that your solutions are too complicated and too paranoid for their situation. Most people will be too busy running their business and counting their money to really care about that 0.5% Jon