RE: [registrars] Credit card fraud and transfers

["tom" <tom@encirca.biz>]

Bruce,

Thanks for the response,

I can see how Melbourne IT's experience of relying on large resellers has
shaped your perspective.  It certainly allows you to take alternate forms of
payment and therefore are not experiencing the same sort of problems as
registrars with a retail model.

But there is certainly nothing typical about retail domain name "customer
not present" sales when it comes to protection against charge-backs and
other credit card fraud.  Especially, when you factor in that registries
keep full payment even if the domain name is cancelled with years still
remaining on the registration.

You say that "At this stage I do not support the increase on restrictions on
the vast majority of registrants that do the right thing.  I think that it
is a normal business risk to have a certain level of credit card fraud, and
you need to manage that risk."

While this may be true, this is obviously your personal opinion. I trust
that you do not advocate this view as a representative of the Registrar
constituency without having first solicited input to form a concensus view.

Of course, I may be misconstruing your role.  Given the recent discussion on
what we expect of our various representatives, I think it would be useful to
hear your view on this.

In your various roles within ICANN, when do you think it would be
appropriate to gather input from the Registrar constituency to form a
concensus view as opposed to advocating Melbourne IT's or your own personal
view?

Perhaps your answer would vary according to each role?  I'm not trying to be
combative.  I'm just trying to understand.

I look forward to your response.

Sincerely,

Tom Barrett
EnCirca






-----Original Message-----
From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org] On Behalf
Of Bruce Tonkin
Sent: Friday, March 21, 2003 11:13 AM
To: tom; registrars@dnso.org
Subject: RE: [registrars] Credit card fraud and transfers


Hello Tom,

It would be good to get statistical evidence of the amount of fraud and
whether there are other things you could do to protect yourself.

We need to weigh up the benefits to some registrars for a longer period
where no transfers occur, against giving the freedom of choice to
registrants.  I lean towards freedom of choice for registrants unless there
is very strong evidence to support anything different.

Most businesses need to accept a certain level of risk associated with
receiving credit card payments.  The cost of a domain name is quite small,
and in aggregate you should be aiming to make a profit assuming a certain
level of fraud.  Most small retail stores work on this model (including
taking into account shop lifting as well as credit card fraud).  If your
level of fraud is preventing this - you might want to shift to other payment
methods - particularly for longer periods of registration.

At this stage I do not support the increase on restrictions on the vast
majority of registrants that do the right thing.  I think that it is a
normal business risk to have a certain level of credit card fraud, and you
need to manage that risk.

You may still undertake normal commercial debt collection against a customer
that has provided a fraudulent credit card - but that of course requires
accurate registrant details :-)

Overall it partly depends on the quality of the customer base.  You can
either go for a lower volume of customers that pay a larger registration fee
and are more likely to be legitimate customers, or you can go for a very
high volume of domains at very low registration fees.  Some of these
customer may well be purchasing a domain name for speculation purposes and
cancel the payment if they have not been able to onsell the domain name, but
the volume of transactions makes up for this.

Regards,
Bruce Tonkin
 


-----Original Message-----
From: tom [mailto:tom@encirca.biz] 
Sent: Wednesday, 19 March 2003 1:14 PM
To: registrars@dnso.org


One of the problems with credit card fraud is that customers can charge back
a registration up to six months after a registration.  Since the 60-day
transfer restriction could have elapsed, the domain could already be
transferred by the time the charge back occurs.

I would like to offer a motion to extend the 60-day transfer window to
something like 120 days as a way of cutting down on fraudulent charge-backs.

Comments?

Tom Barrett
EnCirca Inc.