On Thu, 30 Dec 2004 17:04:45 -0600, Mikus Grinbergs <mikus@bga.com> wrote:
For the second time in a month, I've had an on-line purchase denied. When I ask my credit card company, they say the refusal did not originate with them. And when I ask the merchant, they say they have contracted out the credit verification, and do not know what criteria are being used.
The only potential explanation that I can think of is that my e-mail address points to an ALIAS of my ISP. Thus if the credit verification process attempts to reverse-lookup the (DYNAMIC!!) IP-address I used in requesting the purchase, the domain-name returned for that IP-address would not match the e-mail domain-name I told the merchant. [But that *is* my correct e-mail address; I've used it for many years in making many many on-line purchases.]
Being told in effect "you're not good enough to buy from us" seems a strange approach towards gaining new customers.
But from the merchant's perspective, it's very difficult to know whether or not you're a customer, or a thief. Admittedly, that's not a very friendly posture to adopt relative to new business. However, if you're trying to buy something physical that the merchant is supposed to ship, a failed transaction is much worse than no transaction. If a bad guy orders something with a bad credit card number, and it gets shipped, the merchant is out-of-pocket for their wholesale cost for the item, order processing costs, shipping costs, a chargeback fee from their credit card processor, and a bunch of administrative time spent dealing with the bad order. (And, if you want to be really picky, they also may have lost the profit they'd have made if they were able to sell the same item to a real customer, if the item is in short supply.) If the order never happens, they haven't lost a thing - and, worst case, return the unsold merchanidse to their supplier, or sell it at a reduced price. That's a lot better than the outcome described above. The credit card payment system is set up so that the selling merchant loses if the transaction fails. (It is theoretically possible for them to shift the risk onto the bank(s) involved - but the rules to be followed are complicated enough, and burdensome enough, that it's easier to conceptualize them as "merchant loses".) Thus, merchants become relatively conservative about the transactions they'll accept - they might refuse a transaction if the source IP for the transaction doesn't seem reasonable relative to the shipping address, if the shipping address doesn't match the card's billing address, if the buyer can't provide the three-digit verification code printed on the back of the credit card, or if the shipping address is to a country known for being the source of a lot of fraudulent activity. This makes life difficult for honest people in those countries to order things over the Internet - but the current setup also makes life difficult for honest people to sell things without getting screwed. So far, there's no easy answer, either. You could look at transaction systems where the risk of failure is allocated to the buyer, not the merchant, such as E-gold; or systems such as Paypal, where there's an intermediary who attempts to police everyone's behavior to make transactions work reasonably. (although those attempts are imperfect, like most things in this world.) This difficulty is an unavoidable consequence of legislation intended to, ironically, protect consumers - primarily the body of federal legislation controlling consumer credit and consumer debt collection, together with the FTC's regulations implementing the same. If a merchant believes that the cost of failure multiplied by the likelihood of failure is greater than the expected profit on the transaction, they'll decline to enter into the transaction. If you change the rules so that consumers and vendors can contract around the rules allocating risk, then riskier transactions are economically feasible, but bad things will happen, and sometimes they will happen to innocent consumers who will complain to their legislators .. and so on. -- Greg Broiles, JD, EA gbroiles@gmail.com (Lists only. Not for confidential communications.) Law Office of Gregory A. Broiles San Jose, CA ********************************************************************** For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot Need more help? Send mail to: Cyberia-L-Request@listserv.aol.com ********************************************************************** --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'