Credit cards vs. digital cash
Steve Bellovin raises some good points about the function of credit cards. A couple responses:
...in these cases, customers have the potential to run up a large bill -- that is, a debt -- between interactions with the provider... A vendor possessing a credit card number *will* be paid, with minimum hassle. If the customer skips town, the card issuer eats the charge.
Vendors should be able to get the equivalent protection by buying insurance against customers skipping town, for a similar price. That, and collection enforcement, via local jurisdictions which have been lobbied to pass credit card fraud laws, are two of the main functions served by credit card companies. A third is collection of dossiers on customers, which we would like to put under customer control. For online services, where the customer can be billed in near real-time, the case where a large bill approaches the credit limit is at least exceptional, and might be eliminated entirely. Where the largest bill is much smaller than the credit limit, the customer is put at much smaller risk by putting up a deposit then by exposing their entire credit rating to both the vendor and snoopers who intercept the number. Furthermore, the deposit can be made with a neutral third party which serves the arbitrator function for disputes. In this particular case, phone billing could be done in very small increments, in near real-time, with digital cash.
But there's one more important point to consider: U.S. law on disputed credit card purchases.
This company was operating internationally; one of their customers who posted lives in Kuwait. Do all Internet jurisdictions have laws protecting credit card customers? How are these laws enforced? On whom lies the burden of evidence, legal costs, etc.? I agree that the issue of customer vs. vendor assumption of risk deserves much more attention than we have given it. A major goal is to minimize dependence on the maze of Internet jurisdictions to resolve conflicts. One interesting idea is an online escrow services that holds a customer deposit equal to the amount of the largest possible bill, and uses the escrow to resolve disputed billings. The challenge is minimizing leakage of private information, via the escrow. Nick Szabo szabo@netcom.com
Nick Szabo writes:
For online services, where the customer can be billed in near real-time, the case where a large bill approaches the credit limit is at least exceptional, and might be eliminated entirely.
I run a national network of public-access email systems. We do not validate anything about our callers and when they run a credit card charge, all we ask for is the name on the card -- we don't check that against anything. We have 50% more subscribers than the Well and we're making buckets of money. Even though our callers are anonymous we still see a chargeback rate of less than 0.5%, which we consider to be an acceptable cost of doing business. It's my opinion that we have four things working in our favor: 1. Most people are honest. When you start analyzing the different ways that people can screw you, you can quickly forget this point. 2. People buy their time in advance. We "see" these people on a regular basis so we can partially "recover" by shutting off an account operating on fraud-based monies. 3. We limit people to buying only what they need for the short term and do not give them the opportunity to charge up a card. 4. We have a long memory for bad card numbers and shady customers. :-) I say these things because I've noticed that there is a general assumption that anyone doing commerce in a more anonymous environment like cyberspace is going to be Under Siege at All Times by People in Black Hats. That's an appropriate attitude to take in order to set the context for the discussion of ways to prevent fraud, etc. But! don't be surprised that when you present the results of your efforts to people who are looking to do business on the net, that they will tell you that your solutions are too complicated and too paranoid for their situation. Most people will be too busy running their business and counting their money to really care about that 0.5% Jon
participants (2)
-
jon@balder.us.dell.com -
szabo@netcom.com