DNSO Archives: [registrars]

ICANN/DNSO DNSO Mailling lists archives

[registrars]

<<< Chronological Index >>> <<< Thread Index >>>

RE: [registrars] Credit card fraud and transfers

To: "'Monte'" <monte@domainsystems.com>, "'Bruce Tonkin'" <Bruce.Tonkin@melbourneit.com.au>, "'tom'" <tom@encirca.biz>, <registrars@dnso.org>
Subject: RE: [registrars] Credit card fraud and transfers
From: "Tim Ruiz" <tim@godaddy.com>
Date: Fri, 21 Mar 2003 14:54:17 -0600
Importance: Normal
In-Reply-To: <HAEAJCOJIKNDKLLEJDHPGEMGEOAA.monte@domainsystems.com>
Sender: owner-registrars@dnso.org

Monte and all,

I agree in general. But what we need to keep in mind is that when a
business takes on additional risk, or agrees to share new risk, it is
not usually without cost to their customers, as others have pointed out
in this thread.

We are the registries' customers. However we approach this, let's be
sure to weigh all the potential costs and benefits.

Tim


-----Original Message-----
From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org] On
Behalf Of Monte
Sent: Friday, March 21, 2003 2:26 PM
To: Bruce Tonkin; tom; registrars@dnso.org
Subject: RE: [registrars] Credit card fraud and transfers

All,

I feel strongly about doing what ever we can as an industry to protect
the
small, medium and large registrars against credit card fraud.  When
running
a virtual business such as a registrar, risk is much greater than the
"normal" business.  We cannot check identity of the purchaser by looking
at
their picture or check their ID as you can an a regular retail
environment.
Granted, you can put in CVV2 and AVS as extra protection however, only 2
countries support these two methods of extra security checking.  In
summary,
fraud is much greater on the internet than it is in brick and mortar and
if
we put some extra time on the domain transfer process, it can only help.

The next and more important step (mountain) will be to change the way
the
registry handles this.  The 5 day grace period after registration for
all
circumstances is a problem when it comes to fraudulent domain
registrations.
If you cannot rectify or if the domain is registered for more than 5
days
until banks clear and records are looked at, then the only one that wins
is
the registry because your organization just bought the domain.

I would like to propose that this be a key issue of discussion and
change in
the very near future.

Monte Cahn

Moniker Online Services LLC

O: 954.984.8445

F: 954.969.9155

monte@moniker.com <mailto:monte@moniker.com>



 <?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />
<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />



-----Original Message-----
From: owner-registrars@dnso.org [mailto:owner-registrars@dnso.org]On
Behalf Of Bruce Tonkin
Sent: Friday, March 21, 2003 11:13 AM
To: tom; registrars@dnso.org
Subject: RE: [registrars] Credit card fraud and transfers


Hello Tom,

It would be good to get statistical evidence of the amount of fraud and
whether there are other things you could do to protect yourself.

We need to weigh up the benefits to some registrars for a longer period
where no transfers occur, against giving the freedom of choice to
registrants.  I lean towards freedom of choice for registrants unless
there is very strong evidence to support anything different.

Most businesses need to accept a certain level of risk associated with
receiving credit card payments.  The cost of a domain name is quite
small, and in aggregate you should be aiming to make a profit assuming a
certain level of fraud.  Most small retail stores work on this model
(including taking into account shop lifting as well as credit card
fraud).  If your level of fraud is preventing this - you might want to
shift to other payment methods - particularly for longer periods of
registration.

At this stage I do not support the increase on restrictions on the vast
majority of registrants that do the right thing.  I think that it is a
normal business risk to have a certain level of credit card fraud, and
you need to manage that risk.

You may still undertake normal commercial debt collection against a
customer that has provided a fraudulent credit card - but that of course
requires accurate registrant details :-)

Overall it partly depends on the quality of the customer base.  You can
either go for a lower volume of customers that pay a larger registration
fee and are more likely to be legitimate customers, or you can go for a
very high volume of domains at very low registration fees.  Some of
these customer may well be purchasing a domain name for speculation
purposes and cancel the payment if they have not been able to onsell the
domain name, but the volume of transactions makes up for this.

Regards,
Bruce Tonkin



-----Original Message-----
From: tom [mailto:tom@encirca.biz]
Sent: Wednesday, 19 March 2003 1:14 PM
To: registrars@dnso.org


One of the problems with credit card fraud is that customers can charge
back a registration up to six months after a registration.  Since the
60-day transfer restriction could have elapsed, the domain could already
be transferred by the time the charge back occurs.

I would like to offer a motion to extend the 60-day transfer window to
something like 120 days as a way of cutting down on fraudulent
charge-backs.

Comments?

Tom Barrett
EnCirca Inc.

References:
- RE: [registrars] Credit card fraud and transfers
  - From: "Monte" <monte@domainsystems.com>

<<< Chronological Index >>> <<< Thread Index >>>