[registrars] DECENT SIZE ISSUE: Credit Card Proposal - SUMMARY

["Bhavin Turakhia" <bhavin.t@directi.com>]

There have already been 48 + 27 posts on this topic in the past week
(previously under the post Canceling renewals and then under Credit Card
Proposal). I mention this for CHUCK's benefit :) - indeed this issue is
significant and should be treated so by the Registry :). Here are what I
believe the final summary points

* Registrars are in consensus that fraud exists, and currently the
Registrars are bearing full brunt of the same

* Registrars are in consensus, that Registry should assist us to a
certain feasible and practical extent to combat this fraud

* Registrars with a large number of resellers agree that this is a
problem that is faced by their entire Reseller chain too. (I know many
of our resellers who primarily stopped accepting credit card payments
for this very reason. Infact we have a Credit Car payment gateway option
built into our API for resellers unlike tucows. I know many resellers
who turned this option off after facing significant fraud losses due to
a SINGLE transaction). In that sense actually experiences of registrars
who are small, as well as registrars who have a large number of
resellers may shed more light on the subject. Especially
registrars/resellers whose selling price allows an extremely low margin

POSSIBLE SOLUTIONS I
====================
Michael suggested that the Registry refund ALL BUT ONE domain year on
deletion. This was infact suggested by me as a solution long ago too,
however I have since changed that from a while because of the fraud
patterns that I have been through since a long tie now. Lets look at the
issues with this solution -

* Firstly and most importantly it does not help in fraud transactions
which consist of MANY ONE YEAR Registrations together. From data
accumulated in the past 4 months, almost 65% of fraudulent transactions
are of this type. I need a bigger data set to get more accurate
statistics. There is a reason for this however. Typically the people who
are transacting fraudulently for domain names (and I can guarantee tha
most of these fraudsters are from indonesia ;) ) are doing so NOT to buy
a domain name, but to verify a card and see if it works. A domain name
is a very easy and tiny amount transaction that can be performed which
gives immediate results of verification. If someone obtains a fraudulent
card on the itnernet, the easiest way to check it is to go to a low cost
registrar and register a domain name. Its instant verification for them.
This is why most of these kinds of fraudsters will register many 1 year
domain names with many different card to check them out.

* Secondly, if this were an appropriate solution, the Registry really
has to do nothing. The registrar can simply register the name for a
single year and explain to the customer that the balance yewars will be
added to the account after a credit check is performed within 60 days.
Though this solution was suggested by chuck, and while I personally feel
it is not the right approach, because every registrar will make a
different implementation out of it thus confusing the customer. However
Chuck claims that if this proposal is put forward, the Registry will
come back saying this is handelable at the Registrar side


POSSIBLE SOLUTIONS II
=====================
I suggested that if the domain name is deleted within 60 days a FULL
REFUND ought to be made, alongwith charging a fixed fee for the
deletion. Many people have mixed up this solution of mine with their own
aspects, thus confusing the entire issue here. So I am specifying what
my solution exactly entails and why

* Firstly the 60 day figure was not chosen arbitrarily. As of today a
transfer of a domain name is not allowed within 60 days. 60 days are
typically enuf tyo do a credit check, and 950%+ of chargebacks occur
within 60 days. 5 days (which is the current period) is in most cases
not even enough to CALL A CUSTOMER up if required.

* Secondly the amount was chosen with care too. If the domain name is
deleted within 30 days (after 5 days) the registry should charge a fee
of $1, and if deleted within 60 days it should charge a fee of $2.
Anything more than this would be inappropriate as this fee has been
calculated as TWICE the normal pro-rata fee that that period should
apply. Michael came up with an alternative figure of $3, where he states
that $2 should be given as an extra fee to verisign for a manual process
of deletion. Michael what you need to understand here is we are not
asking verisign to change anything or do anything extra. By changing the
deletion grace period logic from 5 to 60 days, there is NO RECURRING
EXTRA WORK BURDEN on Verisign after it is implemented. Therefore a fee
of TWICE THE standard PRO-RATA value more than covers their cost. After
all I doubt verisign intends to make profits on registrar chargebacks.
At this fee they are already making twice the standard amount on the DNS
entry in the registry.

* Thirdly, Tim stated, that a policy like this would then require a
registrar to delete a name. I do not know where this stems up from. My
concept is quite simple actually. I am simply extending the deletion
grace period to the same period as the registry has put for the ADD
TRANSFER BLOCK. If a Registrar deletes a name between this time he gets
a refund less the one-off charge. If the registrar DOES NOT delete the
name, he gets to keep it and do whatever he chooses to.


Basically to me, SOLUTION II seems more feasible, because it allows us
to prevent 95% of the fraud at a low cost to us and practical/feasible
for the Registry.

Best Regards
Bhavin Turakhia
Founder, CEO & Chairman
Directi
----------------------------
Tel: 91-22-26370256 (4 lines)
Fax: 91-22-26370255
http://www.directi.com
----------------------------