opinion

Why VISA/MC Drives Me Nuts!

Tired of being manipulated, penalized, and discriminated against by the major credit card companies simply because you are an online merchant - and worse yet - in the porn business? Well, so is Doug, and if you’re like him, you’re shaking your head and wondering why…

I think at this point that anyone who is not scrubbing for fraud in transactions is asking for severe trouble. And it makes no sense that VISA/MC will not share their data on stolen cards with the processing gateways. But what we have seen this year for fraud is quite a bit more disturbing, and points in my mind to a fundamental need for better general security in cards and an end to the conflict between card companies and legitimate webmasters through finding win-win solutions that benefit and grow both parties' business. Virtual VISAs are one good solution... But the reality is, while the concept of virtual VISA is great, 99.99% of users will rely on their tried and true plastic.

The adult industry is in the spotlight as being a "bad risk" in their eyes, but I strongly disagree. If you eliminate the "friendly fraud" incidents and factor in that (unlike I suspect most of the "traditional" online processors) adult merchants almost unilaterally use fraud scrubbing/negative databases, require CVV2, and billing address verification, that says we've taken steps to the maximum possible limit under current technology. We stop thousands of dollars of suspicious transactions weekly because of these checks (believe me, I've checked, it's a depressingly high number). Our affiliate program has gone one step further; I've written a fraud scrubbing database for our webmasters which runs numerous checks and will not activate webmasters' accounts if there is something fishy.

So what happens in a real-world situation where we find clear-cut fraud and try to thwart it? I'll give you one recent example. We began receiving a high number of chargebacks linked to one affiliate. I immediately cancelled the affiliate and refunded every single transaction that they processed that had not been charged back. There was no question upon detailed review of the transaction that they were not legitimate, though nothing in looking at daily signups would have aroused suspicion.

Conversions looked a little good, but then again, lots of our webmasters whom I know are legitimate were converting just as well. But they still made it through our gateway's fraud database and address verification, and, much more disturbingly, almost all of them had CVV2. Coming across a hundred transactions designed to bypass every defense disturbed me greatly, especially since they had CVV2 in most cases... to me this smacked of an organized operation with a database of stolen information. I immediately contacted VISA and told them I had strong evidence that someone had a database of cards including CVV2, address, phone number, and that none of the cards were cancelled. I gave them the name and address of the webmaster responsible and told them they had successfully cashed their affiliate check, as well as the social security number.

They transferred me to Internet Support who wanted to walk me through my network settings! Obviously the persons I spoke with had no clue what any of what I described - fraud scrubbing, etc. - meant, and had a reaction of "well, it sounds like something internetish so I'll forward them there." I got transferred to someone else after that who told me, "Well, that's interesting, we can't really do anything, you'd need to go to the issuing banks." I asked how to do that and the response was vague - there was probably a different issuing bank for every card, I'd have to somehow determine what bank issued the card, and different banks had different procedures for handling this, but there was nothing VISA/MC could do. They did not even seem concerned about it! I offered them every assistance - IP addresses (there were actually only two, from a broadband ISP in Brooklyn), even going so far as to get a photocopy of one of the checks he cashed.

If they were so concerned about fraud, why would they not consider nailing this scumbag a major victory? We're a small program and I would be willing to bet he ran this scam on dozens of other affiliate programs, and probably hit quite a few of the major third party billers with lots of chargebacks as well, and those guys processing hundreds of thousands of transactions a day would have real difficulty detecting and stopping the source.

We actively tried to pursue a clear-cut case of fraud with lots of evidence supporting it and there is no way even with all of this to do what we supposedly as adult webmasters are not concerned with, stopping fraud. Who wants a fishy transaction much less a series of them? We lose the cost of the transaction plus fees and chargebacks. We even failed to reverse some of the chargebacks in cases where we had refunded the original transaction! Stopped at every turn.

The card companies need to look hard - not at adult merchants, but at the reality that *all* online merchants are in a paperless environment and that is the future of credit cards. CVV2 does not cut it. What happened to SET?

I know for a fact I can go into any store in my town and buy something with a credit card without ID. Pretty much everywhere that is the case. How is this much more secure? Because they get a signature? Offline merchants are in reality no more secure in their nature than online – they may have fewer chargebacks maybe because the perception is that they are though. Carbon copies with complete credit info thrown in the trash, clerks making $4 an hour handling hundreds, even thousands of dollars a day where they could easily get information necessary to steal that card. Compare buying books at the local bookstore with buying them through one of the online e-tailers:

Offline. Hand them your card. They have signature and date, usually no confirmation of ID. If it's not swiped, then they have a nice carbon of your card which probably is thrown in the trash by a minimum wage clerk without being shredded, then it's handed off to trash where anyone could sift through and find it.

Online. Date, originating internet address (which ISPs can in most cases easily use to track back the exact location of the transaction), customer's complete billing address, CVV2, we even get originating country as reported by the browser, language of the customer who is browsing. The only card number record is stored in a secured database behind an encrypted administrative interface along with this information.

Much more documentation online to intelligently re-examine if need be later. Just because you can look a person in the eye when they buy from you does not mean you can trust them. Jeffrey Dahmer seemed like a nice person to most people who met him, you know?

I would suggest that there be an automated internet response set up by card companies that webmasters can submit fraudulent transaction details - as many as we have to offer, which is usually substantial - and have them research it. Not just for adult but for all online businesses. Perhaps create an additional incentive for webmasters actively using the service in cutting a half-percentage point off of their rate or factoring this into their chargeback percentage scoring in their favor as a way of saying, "Hey, we were wrong about these internet sites, I can see from all the data they're giving us that they really do believe in being ethical merchants."

Stopping "friendly fraud" is a more daunting task but that also could be worked into the reporting system. Instead of putting us under review, put customers who chargeback excessively under review. "Uhm, Mr. Smith, we realize you may have a valid reason to charge this back, but we'd like to talk with you because we can see from your file that this is beginning to be a pattern." Ethics are a two-way street. Suspend customers' cards if they exceed 1% chargeback volume in a month!

Get rid of the whole reason code scheme for the most part as it applies to online. Sure, I can see fraudulent transaction, but "card not present"? "Cancel recurring billing"? If a customer can't find how to cancel when it's on our main members' page, the page they joined the site with, a customer service site, and an automated responder, most of which are in as many as ten languages, how on earth can that be my fault? How can this person find food at night? Is it reasonable to expect that when the system is 99.99% automated for cancellation that I have to walk every single person through a painfully simple process or do it for them?

And someone stop these foreign banks from charging back dollar transactions in Euros. I didn't feel quite as annoyed about that until Euro and dollar switched positions in exchange rates – Sorry about the book, these things drive me NUTS! ~ Doug

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
Show More