[CYBERIA] On-line Purchase Denied

Greg Broiles gbroiles at GMAIL.COM
Thu Dec 30 16:19:51 PST 2004 

On Thu, 30 Dec 2004 17:04:45 -0600, Mikus Grinbergs <mikus at bga.com> wrote:
> For the second time in a month, I've had an on-line purchase
> denied.  When I ask my credit card company, they say the
> refusal did not originate with them.  And when I ask the
> merchant, they say they have contracted out the credit
> verification, and do not know what criteria are being used.
>
> The only potential explanation that I can think of is that
> my e-mail address points to an ALIAS of my ISP.  Thus if
> the credit verification process attempts to reverse-lookup
> the (DYNAMIC!!) IP-address I used in requesting the purchase,
> the domain-name returned for that IP-address would not match
> the e-mail domain-name I told the merchant.  [But that *is*
> my correct e-mail address;  I've used it for many years in
> making many many on-line purchases.]
>
> Being told in effect "you're not good enough to buy from us"
> seems a strange approach towards gaining new customers.

But from the merchant's perspective, it's very difficult to know
whether or not you're a customer, or a thief.

Admittedly, that's not a very friendly posture to adopt relative to
new business.

However, if you're trying to buy something physical that the merchant
is supposed to ship, a failed transaction is much worse than no
transaction. If a bad guy orders something with a bad credit card
number, and it gets shipped, the merchant is out-of-pocket for their
wholesale cost for the item, order processing costs, shipping costs, a
chargeback fee from their credit card processor, and a bunch of
administrative time spent dealing with the bad order. (And, if you
want to be really picky, they also may have lost the profit they'd
have made if they were able to sell the same item to a real customer,
if the item is in short supply.)

If the order never happens, they haven't lost a thing - and, worst
case, return the unsold merchanidse to their supplier, or sell it at a
reduced price. That's a lot better than the outcome described above.

The credit card payment system is set up so that the selling merchant
loses if the transaction fails. (It is theoretically possible for them
to shift the risk onto the bank(s) involved - but the rules to be
followed are complicated enough, and burdensome enough, that it's
easier to conceptualize them as "merchant loses".)

Thus, merchants become relatively conservative about the transactions
they'll accept - they might refuse a transaction if the source IP for
the transaction doesn't seem reasonable relative to the shipping
address, if the shipping address doesn't match the card's billing
address, if the buyer can't provide the three-digit verification code
printed on the back of the credit card, or if the shipping address is
to a country known for being the source of a lot of fraudulent
activity. This makes life difficult for honest people in those
countries to order things over the Internet - but the current setup
also makes life difficult for honest people to sell things without
getting screwed.

So far, there's no easy answer, either. You could look at transaction
systems where the risk of failure is allocated to the buyer, not the
merchant, such as E-gold; or systems such as Paypal, where there's an
intermediary who attempts to police everyone's behavior to make
transactions work reasonably. (although those attempts are imperfect,
like most things in this world.)

This difficulty is an unavoidable consequence of legislation intended
to, ironically, protect consumers - primarily the body of federal
legislation controlling consumer credit and consumer debt collection,
together with the FTC's regulations implementing the same. If a
merchant believes that the cost of failure multiplied by the
likelihood of failure is greater than the expected profit on the
transaction, they'll decline to enter into the transaction.

If you change the rules so that consumers and vendors can contract
around the rules allocating risk, then riskier transactions are
economically feasible, but bad things will happen, and sometimes they
will happen to innocent consumers who will complain to their
legislators .. and so on.

--
Greg Broiles, JD, EA
gbroiles at gmail.com (Lists only. Not for confidential communications.)
Law Office of Gregory A. Broiles
San Jose, CA


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com
**********************************************************************

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list