RE: [registrars] Credit Card Proposal

["Michael D. Palage" <michael@palage.com>]

Bhavin:

I did read your post. I am just trying to come up with a range of ideas to
move the ball forward. Inaction is our biggest enemy. I have quietly been
talking about credit card charge backs for over 6 months. That is why I
tried to schedule the Registrar meeting with the FTC Work Shop on cross
boarder fraud.

I believe that charge backs represent the biggest threat to registrars' long
term viability. Unlike transfers we can wait two years for a proposed
solution. A number of registrars will simply not be in business if we have
to wait that long.

Expanding upon your original proposal, the 60 day window you request
represents 16% of a domain name year (365/60) which equates into a pro-rate
$1 for a fee for a .com, .org, .net name. I believe the registries would
have to receive some type of premium to cover the expense of this manual
process. Allowing a delete command without proof of a credit card charge
back could subject this process to gaming.

Based on this financial model, would a $3 fee be viewed as unreasonable. $1
for the registry fees associated with resolving the domain name for up to 60
days, and $2 for the manual process of allowing the name to be deleted and
the registrar account being credited.

Again, I am just trying to brain storm for a series of ideas to resolve the
problem. As Chuck stated in his previous post to the list, registries are
not totally unsympathetic to our position. I think the more options we
present them with the better the chances of finding a mutually agreeable
solution.

Mike


> -----Original Message-----
> From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org]On
> Behalf Of Bhavin Turakhia
> Sent: Monday, February 24, 2003 1:20 PM
> To: registrars@dnso.org
> Subject: RE: [registrars] Credit Card Proposal
>
>
> Hi michael,
>
> Please read my previous post. This still does not help those situations
> where fraudsters register multiple 1 years domain names
>
> Almost all registrar interfaces allow check availability on multiple
> options in the ordering process. It is quite common for fraudsters to
> select 3-6 domain names at a time and register them all for 1 year, thus
> making us lose the equivalent of 6 years of selling price plus a hefty
> $25 chargeback processing fee if that transaction is discovered to be
> fraudulent after 5 days. And it is quite difficult (next to imposible)
> to verify every transaction within a 5 day period.
>
> The best way to alleviate this would be if the registry could charge a
> minor fee (such as $1-$2) for deletion of a domain name, but refund the
> entire amount if deletion is done within 60 days.
>
> This works best for everyone - ie
>
> * gaming of the system is not possible
> * it is not TOO difficult to implement at the registry level
> * it allows registrars to combat ALL KINDS of cc fraud
>
> bhavin
>
> > -----Original Message-----
> > From: owner-registrars@dnso.org
> > [mailto:owner-registrars@dnso.org] On Behalf Of Michael D. Palage
> > Sent: Monday, February 24, 2003 11:09 PM
> > To: registrars@dnso.org
> > Subject: [registrars] Credit Card Proposal
> >
> >
> > Unfortunately we did not have the opportunity to discuss
> > credit card fraud during Friday's meeting. One of the reasons
> > for Friday's joint meeting was to identify common positions
> > between registries and registrars when possible.
> > Additionally, in the case where a common position cannot be
> > found, hopefully through intelligent discussion a middle
> > ground could be found on controversial issues.
> >
> > With regard to credit card fraud this is how I see the
> > various perspectives, please excuse any over simplifications:
> >
> > Defrauded Credit Card Holder: Someone stole my credit card
> > and I want to be made whole, remove the charges.
> >
> > Registry: Registrar is required to obtain reasonable
> > assurance of payment per the ICANN Registrar Accreditation
> > Agreement. They added a registration to the registry database
> > for x years, after the 5 day grace period, they are required
> > to pay for what they requested. This is a cost of doing
> > business, and registries are not in the best position to
> > combat credit card fraud since they are prohibited from
> > having contact with the registrant.
> >
> > Registrars: The majority of ICANN accredited registrars are
> > small to mid-size businesses trying to make a living in a
> > highly competitive market. In the case of credit card fraud,
> > they are the ones left bearing the full cost of the fraud.
> > The card holder is made whole; the registry keeps all the
> > funds for services it may/may not have to provide; and the
> > credit card company access penalties to the merchant. One of
> > the interesting statistics from last weeks FTC meeting was
> > the fact that there are over a 100 million charge backs a
> > year with a $10 to $20 fee imposed by the credit card companies. WOW
> >
> >
> > I would submit that a potential middle ground in this
> > dispute, would be the following approach.
> >
> > In the case of a fraudulent multi-year credit card charge,
> > the registry would refund all registry fees in excess of the
> > first year. Therefore, in connection with a 10 year
> > fraudulent registration, the registry keeps $6 and the
> > registrar is refunded $54 dollars. An additional requirement
> > for the registrar to obtain this refund would be the
> > demonstration that the registrar employs a certain minimum
> > level of fraud prevention mechanism, i.e. CVV2, address
> > verification, etc. Although these mechanisms are not 100%
> > reliable, the registry and other registrars should not have
> > to bear the burden of those registrars that refuse to employ
> > reasonable fraud prevention safeguards.
> >
> > Obviously, registries and registrars could come up with more
> > extreme positions, but I believe this proposal is not
> > unreasonable and would help to alleviate some of the
> > inequities that registrars must bear in the current credit
> > card fraud scenario.
> >
> > Any thoughts?
> >
> > Mike
> >
> >
>