ICANN/DNSO
DNSO Mailling lists archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [registrars] DECENT SIZE ISSUE: Credit Card Proposal - SUMMARY


Bhavin,

What I was trying to point out is that we can't have our cake and eat it
too. If the registries provide a refund option then I believe registrars
will be expected to delete any name that payment is charged back for. Your
suggestion that it be the registrar's choice is having our cake and eating
it too. I don't think we'll get away with that for long.

In fact, if we discover fraud on day 70 I think there may be those who will
expect those domains to be deleted as well. I think we need to have some
foresight about the result of what we are asking, and be willing to accept
consequences.

Also, I don't think the registries can help us "combat fraud." What we are
asking them to do is to assume some of the risk of fraud while relying on
us to combat it. Trying to see their side of it, I could understand their
hesitation since a refund policy could easily be abused and possibly result
in some registrars being less vigilant.

Don't get me wrong, I am on board with the general idea here. I think the
best course of action at this point would be to prepare a letter detailing
our concerns, and perhaps include some of the ideas we have had thus far,
and ask VeriSign (and perhaps the other gTLD registries) for a meeting to
discuss the issue.

Tim

 -------- Original Message --------
   Subject: [registrars] DECENT SIZE ISSUE: Credit Card Proposal - SUMMARY
   From: "Bhavin Turakhia" <bhavin.t@directi.com>
   Date: Mon, February 24, 2003 9:53 pm
   To: "'Registrar Constituency'" <registrars@dnso.org>


   There have already been 48 + 27 posts on this topic in the past week
   (previously under the post Canceling renewals and then under Credit
   Card Proposal). I mention this for CHUCK's benefit :) - indeed this
   issue is significant and should be treated so by the Registry :). Here
   are what I believe the final summary points

   * Registrars are in consensus that fraud exists, and currently the
   Registrars are bearing full brunt of the same

   * Registrars are in consensus, that Registry should assist us to a
   certain feasible and practical extent to combat this fraud

   * Registrars with a large number of resellers agree that this is a
   problem that is faced by their entire Reseller chain too. (I know many
   of our resellers who primarily stopped accepting credit card payments
   for this very reason. Infact we have a Credit Car payment gateway
   option built into our API for resellers unlike tucows. I know many
   resellers who turned this option off after facing significant fraud
   losses due to a SINGLE transaction). In that sense actually
   experiences of registrars who are small, as well as registrars who
   have a large number of
   resellers may shed more light on the subject. Especially
   registrars/resellers whose selling price allows an extremely low
   margin

   POSSIBLE SOLUTIONS I
   ====================
   Michael suggested that the Registry refund ALL BUT ONE domain year on
   deletion. This was infact suggested by me as a solution long ago too,
   however I have since changed that from a while because of the fraud
   patterns that I have been through since a long tie now. Lets look at
   the issues with this solution -

   * Firstly and most importantly it does not help in fraud transactions
   which consist of MANY ONE YEAR Registrations together. From data
   accumulated in the past 4 months, almost 65% of fraudulent
   transactions are of this type. I need a bigger data set to get more
   accurate
   statistics. There is a reason for this however. Typically the people
   who are transacting fraudulently for domain names (and I can guarantee
   tha most of these fraudsters are from indonesia ;) ) are doing so NOT
   to buy a domain name, but to verify a card and see if it works. A
   domain name is a very easy and tiny amount transaction that can be
   performed which gives immediate results of verification. If someone
   obtains a fraudulent card on the itnernet, the easiest way to check it
   is to go to a low cost registrar and register a domain name. Its
   instant verification for them. This is why most of these kinds of
   fraudsters will register many 1 year domain names with many different
   card to check them out.

   * Secondly, if this were an appropriate solution, the Registry really
   has to do nothing. The registrar can simply register the name for a
   single year and explain to the customer that the balance yewars will
   be added to the account after a credit check is performed within 60
   days. Though this solution was suggested by chuck, and while I
   personally feel it is not the right approach, because every registrar
   will make a
   different implementation out of it thus confusing the customer.
   However Chuck claims that if this proposal is put forward, the
   Registry will come back saying this is handelable at the Registrar
   side


   POSSIBLE SOLUTIONS II
   =====================
   I suggested that if the domain name is deleted within 60 days a FULL
   REFUND ought to be made, alongwith charging a fixed fee for the
   deletion. Many people have mixed up this solution of mine with their
   own aspects, thus confusing the entire issue here. So I am specifying
   what my solution exactly entails and why

   * Firstly the 60 day figure was not chosen arbitrarily. As of today a
   transfer of a domain name is not allowed within 60 days. 60 days are
   typically enuf tyo do a credit check, and 950%+ of chargebacks occur
   within 60 days. 5 days (which is the current period) is in most cases
   not even enough to CALL A CUSTOMER up if required.

   * Secondly the amount was chosen with care too. If the domain name is
   deleted within 30 days (after 5 days) the registry should charge a fee
   of $1, and if deleted within 60 days it should charge a fee of $2.
   Anything more than this would be inappropriate as this fee has been
   calculated as TWICE the normal pro-rata fee that that period should
   apply. Michael came up with an alternative figure of $3, where he
   states that $2 should be given as an extra fee to verisign for a
   manual process of deletion. Michael what you need to understand here
   is we are not asking verisign to change anything or do anything extra.
   By changing the deletion grace period logic from 5 to 60 days, there
   is NO RECURRING EXTRA WORK BURDEN on Verisign after it is implemented.
   Therefore a fee of TWICE THE standard PRO-RATA value more than covers
   their cost. After all I doubt verisign intends to make profits on
   registrar chargebacks. At this fee they are already making twice the
   standard amount on the DNS entry in the registry.

   * Thirdly, Tim stated, that a policy like this would then require a
   registrar to delete a name. I do not know where this stems up from. My
   concept is quite simple actually. I am simply extending the deletion
   grace period to the same period as the registry has put for the ADD
   TRANSFER BLOCK. If a Registrar deletes a name between this time he
   gets a refund less the one-off charge. If the registrar DOES NOT
   delete the name, he gets to keep it and do whatever he chooses to.


   Basically to me, SOLUTION II seems more feasible, because it allows us
   to prevent 95% of the fraud at a low cost to us and practical/feasible
   for the Registry.

   Best Regards
   Bhavin Turakhia
   Founder, CEO & Chairman
   Directi
   ----------------------------
   Tel: 91-22-26370256 (4 lines)
   Fax: 91-22-26370255
   http://www.directi.com
   ----------------------------





<<< Chronological Index >>>    <<< Thread Index >>>