<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [registrars] DECENT SIZE ISSUE: Credit Card Proposal - SUMMARY
Thanks Tim for the very useful observations. You have identified some of
the issues that we have to work internally and I plan to continue to do that
to see if we can come up something that helps registrars to some degree and
that our Corporate Finance and Risk Management teams will support.
Chuck
-----Original Message-----
From: Tim Ruiz [mailto:tim@godaddy.com]
Sent: Tuesday, February 25, 2003 12:49 AM
To: bhavin.t@directi.com
Cc: registrars@dnso.org; cgomes@verisign.com; michael@palage.com
Subject: Re: [registrars] DECENT SIZE ISSUE: Credit Card Proposal -
SUMMARY
Bhavin,
What I was trying to point out is that we can't have our cake and eat it
too. If the registries provide a refund option then I believe registrars
will be expected to delete any name that payment is charged back for. Your
suggestion that it be the registrar's choice is having our cake and eating
it too. I don't think we'll get away with that for long.
In fact, if we discover fraud on day 70 I think there may be those who will
expect those domains to be deleted as well. I think we need to have some
foresight about the result of what we are asking, and be willing to accept
consequences.
Also, I don't think the registries can help us "combat fraud." What we are
asking them to do is to assume some of the risk of fraud while relying on
us to combat it. Trying to see their side of it, I could understand their
hesitation since a refund policy could easily be abused and possibly result
in some registrars being less vigilant.
Don't get me wrong, I am on board with the general idea here. I think the
best course of action at this point would be to prepare a letter detailing
our concerns, and perhaps include some of the ideas we have had thus far,
and ask VeriSign (and perhaps the other gTLD registries) for a meeting to
discuss the issue.
Tim
-------- Original Message --------
Subject: [registrars] DECENT SIZE ISSUE: Credit Card Proposal - SUMMARY
From: "Bhavin Turakhia" <bhavin.t@directi.com>
Date: Mon, February 24, 2003 9:53 pm
To: "'Registrar Constituency'" <registrars@dnso.org>
There have already been 48 + 27 posts on this topic in the past week
(previously under the post Canceling renewals and then under Credit
Card Proposal). I mention this for CHUCK's benefit :) - indeed this
issue is significant and should be treated so by the Registry :). Here
are what I believe the final summary points
* Registrars are in consensus that fraud exists, and currently the
Registrars are bearing full brunt of the same
* Registrars are in consensus, that Registry should assist us to a
certain feasible and practical extent to combat this fraud
* Registrars with a large number of resellers agree that this is a
problem that is faced by their entire Reseller chain too. (I know many
of our resellers who primarily stopped accepting credit card payments
for this very reason. Infact we have a Credit Car payment gateway
option built into our API for resellers unlike tucows. I know many
resellers who turned this option off after facing significant fraud
losses due to a SINGLE transaction). In that sense actually
experiences of registrars who are small, as well as registrars who
have a large number of
resellers may shed more light on the subject. Especially
registrars/resellers whose selling price allows an extremely low
margin
POSSIBLE SOLUTIONS I
====================
Michael suggested that the Registry refund ALL BUT ONE domain year on
deletion. This was infact suggested by me as a solution long ago too,
however I have since changed that from a while because of the fraud
patterns that I have been through since a long tie now. Lets look at
the issues with this solution -
* Firstly and most importantly it does not help in fraud transactions
which consist of MANY ONE YEAR Registrations together. From data
accumulated in the past 4 months, almost 65% of fraudulent
transactions are of this type. I need a bigger data set to get more
accurate
statistics. There is a reason for this however. Typically the people
who are transacting fraudulently for domain names (and I can guarantee
tha most of these fraudsters are from indonesia ;) ) are doing so NOT
to buy a domain name, but to verify a card and see if it works. A
domain name is a very easy and tiny amount transaction that can be
performed which gives immediate results of verification. If someone
obtains a fraudulent card on the itnernet, the easiest way to check it
is to go to a low cost registrar and register a domain name. Its
instant verification for them. This is why most of these kinds of
fraudsters will register many 1 year domain names with many different
card to check them out.
* Secondly, if this were an appropriate solution, the Registry really
has to do nothing. The registrar can simply register the name for a
single year and explain to the customer that the balance yewars will
be added to the account after a credit check is performed within 60
days. Though this solution was suggested by chuck, and while I
personally feel it is not the right approach, because every registrar
will make a
different implementation out of it thus confusing the customer.
However Chuck claims that if this proposal is put forward, the
Registry will come back saying this is handelable at the Registrar
side
POSSIBLE SOLUTIONS II
=====================
I suggested that if the domain name is deleted within 60 days a FULL
REFUND ought to be made, alongwith charging a fixed fee for the
deletion. Many people have mixed up this solution of mine with their
own aspects, thus confusing the entire issue here. So I am specifying
what my solution exactly entails and why
* Firstly the 60 day figure was not chosen arbitrarily. As of today a
transfer of a domain name is not allowed within 60 days. 60 days are
typically enuf tyo do a credit check, and 950%+ of chargebacks occur
within 60 days. 5 days (which is the current period) is in most cases
not even enough to CALL A CUSTOMER up if required.
* Secondly the amount was chosen with care too. If the domain name is
deleted within 30 days (after 5 days) the registry should charge a fee
of $1, and if deleted within 60 days it should charge a fee of $2.
Anything more than this would be inappropriate as this fee has been
calculated as TWICE the normal pro-rata fee that that period should
apply. Michael came up with an alternative figure of $3, where he
states that $2 should be given as an extra fee to verisign for a
manual process of deletion. Michael what you need to understand here
is we are not asking verisign to change anything or do anything extra.
By changing the deletion grace period logic from 5 to 60 days, there
is NO RECURRING EXTRA WORK BURDEN on Verisign after it is implemented.
Therefore a fee of TWICE THE standard PRO-RATA value more than covers
their cost. After all I doubt verisign intends to make profits on
registrar chargebacks. At this fee they are already making twice the
standard amount on the DNS entry in the registry.
* Thirdly, Tim stated, that a policy like this would then require a
registrar to delete a name. I do not know where this stems up from. My
concept is quite simple actually. I am simply extending the deletion
grace period to the same period as the registry has put for the ADD
TRANSFER BLOCK. If a Registrar deletes a name between this time he
gets a refund less the one-off charge. If the registrar DOES NOT
delete the name, he gets to keep it and do whatever he chooses to.
Basically to me, SOLUTION II seems more feasible, because it allows us
to prevent 95% of the fraud at a low cost to us and practical/feasible
for the Registry.
Best Regards
Bhavin Turakhia
Founder, CEO & Chairman
Directi
----------------------------
Tel: 91-22-26370256 (4 lines)
Fax: 91-22-26370255
http://www.directi.com
----------------------------
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|