amazonaws.com?
Joel Jaeggli
joelja at bogus.com
Thu May 29 13:08:47 UTC 2008
Dorn Hetzel wrote:
> There is a really huge difference in the ease with which payment from a
> credit card can be reversed if fraudulent, and the amount of effort
> necessary to reverse a wire transfer. I won't go so far as to say that
> reversing a wire transfer is impossible, but I would claim it's many orders
> of magnitude harder than the credit card reversal.
To paraphrase one of my colleagues from the user interaction world:
"The key to offering a compelling service is minimising
transaction hassles."
I encourage all my competitors to implement inconvenient hard to use
payment methods....
> A mere "court subpoena" wouldn't even be remotely sufficient. The person
> wanting their money back would pretty much have to sue for it and win.
> Heck, people that get scammed and send their money via western union can't
> even get their money back... People who sell physical goods that get
> shipped internationally to places where they can't get them back from have
> been dealing with irrevocable payment forms for a long, long time, and those
> are generally wire transfers.
>
> Once that guy in Frackustan has my widgets, I need to make darn sure he
> can't take his money back :)
>
> So, yeah, there would be some customers for whom the couple of business
> hours it take their wire to go through (that's a pretty typical time from my
> actual experience) would be longer than they would want to wait for their
> port 25 or other "risky" service to be enabled, but really, how many is that
> going to be. We're not talking about the wait for ordinary customers who
> don't need those particular services that tend to be problem children, and
> we're not talking about existing accounts of long standing, just about a
> barrier for the drive-by customer who wants to use services and then not pay
> the cost when they violate the AUP...
>
> On Wed, May 28, 2008 at 11:53 PM, Peter Beckman <beckman at angryox.com> wrote:
>
>> On Wed, 28 May 2008, Barry Shein wrote:
>>
>> On May 28, 2008 at 21:43 beckman at angryox.com (Peter Beckman) wrote:
>>>> On Wed, 28 May 2008, Dorn Hetzel wrote:
>>>>
>>>>> I would think that simply requiring some appropriate amount of
>>> irrevocable
>>>>> funds (wire transfer, etc) for a deposit that will be forfeited in the
>>> case
>>>>> of usage in violation of AUP/contract/etc would be both sufficient and
>>> not
>>>>> excessive for allowing port 25 access, etc.
>>>> Until you find out that the source of those supposedly irrevocable
>>> funds
>>>> was stolen or fraudulent, and you have some sort of court subpoena to
>>> give
>>>> it back.
>>>>
>>>> I don't believe there is a way for you to outwit the scammer/spammer
>>> by
>>>> making them pay more of their or someone elses money. If you have
>>> what
>>>> they need, they'll find a way to trick you into giving it to them.
>>> Are you still trying to prove that Amazon, Dell, The World, etc can't
>>> possibly work?
>>>
>> Amazon and Dell ship physical goods. Amazon Web Services sells services,
>> as do I. Services are commonly enabled and activated immediately after
>> payment or verification of a valid credit card, as is often expected by
>> the customer immediately after payment. Shipment of physical goods will
>> almost always take at least 24 hours, often longer, enabling more thorough
>> checks of credit, however they might do it.
>>
>> And even with the extra time to review the transaction and attempt to
>> detect fraud, I'm confident Amazon and Dell lose millions per year due to
>> fraud. The reality is that the millions they lose to fraud doesn't affect
>> us because a Blu-Ray player purchased with a stolen credit card doesn't
>> send spam or initiate DOS attacks.
>>
>> At least not yet; those Blu-Ray players do have an ethernet port.
>>
>> By your reasoning why don't the spammers just empty out Amazon's (et
>>> al) warehouses and retire! Oh right, they'd have to sell it all over
>>> the internet which'd mean taking credit cards...
>>>
>> Now you're just being rediculous. Or sarcastic. :-)
>>
>> I am a big, big fan of assessing charges for AUP abuse and making some
>>> realistic attempt to try to make sure it's collectible, and otherwise
>>> make some attempt to know who you're doing business with.
>>>
>> Charging whom? The spammer who pays your extra AUP abuse charges with
>> stolen paypal accounts, credit cards, and legit bank accounts funded by
>> money stolen from paypal accounts and transferred from stolen credit
>> cards?
>>
>> If you are taking card-not-present credit card transactions over the
>> Internet or phone, and not shipping physical goods but providing services,
>> in my experience the merchant gets screwed, no matter how much money you
>> might have charged for the privilege of using port 25 or violating AUPs.
>> That money you collected and believed was yours and was in your bank
>> account can be taken out just as easily 6 months later, after the lazy
>> card holder finally reviews his credit card bill, sees unrecognized
>> charges and says "This is fraudulent!" And there you are, without your
>> money.
>>
>> Getting someone to fax their ID in takes extra time and resources, and
>> means it might be hours before you get your account "approved," and for
>> some service providers, part of the value of the service is the immediacy
>> in which a customer can gain new service.
>>
>>
>> Beckman
>> ---------------------------------------------------------------------------
>> Peter Beckman Internet Guy
>> beckman at angryox.com
>> http://www.angryox.com/
>> ---------------------------------------------------------------------------
>>
>>
>
More information about the NANOG
mailing list