RE: [registrars] Credit Card Proposal
Please read my previous post. This still does not help those situations
where fraudsters register multiple 1 years domain names
Almost all registrar interfaces allow check availability on multiple
options in the ordering process. It is quite common for fraudsters to
select 3-6 domain names at a time and register them all for 1 year, thus
making us lose the equivalent of 6 years of selling price plus a hefty
$25 chargeback processing fee if that transaction is discovered to be
fraudulent after 5 days. And it is quite difficult (next to imposible)
to verify every transaction within a 5 day period.
The best way to alleviate this would be if the registry could charge a
minor fee (such as $1-$2) for deletion of a domain name, but refund the
entire amount if deletion is done within 60 days.
This works best for everyone - ie
* gaming of the system is not possible
* it is not TOO difficult to implement at the registry level
* it allows registrars to combat ALL KINDS of cc fraud
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com] On Behalf Of Michael D. Palage
> Sent: Monday, February 24, 2003 11:09 PM
> To: firstname.lastname@example.org
> Subject: [registrars] Credit Card Proposal
> Unfortunately we did not have the opportunity to discuss
> credit card fraud during Friday's meeting. One of the reasons
> for Friday's joint meeting was to identify common positions
> between registries and registrars when possible.
> Additionally, in the case where a common position cannot be
> found, hopefully through intelligent discussion a middle
> ground could be found on controversial issues.
> With regard to credit card fraud this is how I see the
> various perspectives, please excuse any over simplifications:
> Defrauded Credit Card Holder: Someone stole my credit card
> and I want to be made whole, remove the charges.
> Registry: Registrar is required to obtain reasonable
> assurance of payment per the ICANN Registrar Accreditation
> Agreement. They added a registration to the registry database
> for x years, after the 5 day grace period, they are required
> to pay for what they requested. This is a cost of doing
> business, and registries are not in the best position to
> combat credit card fraud since they are prohibited from
> having contact with the registrant.
> Registrars: The majority of ICANN accredited registrars are
> small to mid-size businesses trying to make a living in a
> highly competitive market. In the case of credit card fraud,
> they are the ones left bearing the full cost of the fraud.
> The card holder is made whole; the registry keeps all the
> funds for services it may/may not have to provide; and the
> credit card company access penalties to the merchant. One of
> the interesting statistics from last weeks FTC meeting was
> the fact that there are over a 100 million charge backs a
> year with a $10 to $20 fee imposed by the credit card companies. WOW
> I would submit that a potential middle ground in this
> dispute, would be the following approach.
> In the case of a fraudulent multi-year credit card charge,
> the registry would refund all registry fees in excess of the
> first year. Therefore, in connection with a 10 year
> fraudulent registration, the registry keeps $6 and the
> registrar is refunded $54 dollars. An additional requirement
> for the registrar to obtain this refund would be the
> demonstration that the registrar employs a certain minimum
> level of fraud prevention mechanism, i.e. CVV2, address
> verification, etc. Although these mechanisms are not 100%
> reliable, the registry and other registrars should not have
> to bear the burden of those registrars that refuse to employ
> reasonable fraud prevention safeguards.
> Obviously, registries and registrars could come up with more
> extreme positions, but I believe this proposal is not
> unreasonable and would help to alleviate some of the
> inequities that registrars must bear in the current credit
> card fraud scenario.
> Any thoughts?