Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How do I fight ecommerce crime (chargebacks)?

edited July 2007 in Vanilla 1.0 Help
I will surely google the topic after this post is online, but I wanted to get to know your opinions. I believe many of you are in Internet commerce, or at least somehow connected to it, so I wanted to know your thoughts on the issue. The question is, how do I prevent clients from charging their money back AFTER they had received the product?

I run an ecommerce site, and the products are digital, so no shipping is required (they are simply sent via email). Thus, I do not have any signature of delivery. Therefore, clients theoretically (and practically, unfortunately) can pretend to have never received the product, and charge back the funds after they receive the product. Fortunately, this is a rare occasion with us, but it just happened again and we are sick with it. Any ideas about how we can fight this crime?

However, I understand that increasing security may deter potential cleints, and might lead to losing sales, which would results in a greater gross loss. So another way of looking at this phenomenon is that it is the cost of doing business.... maybe..


  • Options
    When you send via email, why not use the "read receipt" option?
  • Options
    "read receipt" is not a standard. it's implemented in some clients like outlook. that's all.
  • Options
    lechlech Chicagoland
    The "read receipt" option is rather pointless as it too can be simply disabled so you don't get any kind of notification. The question I have is what exactly is the product? If it's an application you should be able to create some kind of authorization to act as a receipt of delivery and activation when the user first uses it.

    However, I'd have to say that email isn't the best delivery method or record you can use in a dispute with a client who pulls this kind of fraudulent crap. Obviously you keep your own record to no longer service these people but it's likely a one-time thing so probably don't get many repeaters.

    I would say look into services which handle the hosting and transaction for a small fee that can guarantee that the product is delivered and the transaction is final. Preferably one which keeps a record of activity so that the product is flagged as being delivered the moment the user logs in and begins to download it and you get paid properly for it. I can't think of any of these services off the top of my head but I know there's a few out there which specialize in software distribution as I've come across them in the past.
  • Options
    Getting a third party would probably be the best alternative. However, maybe a download manager would be an alternative.
  • Options
    I like the idea of the download manager. Send them an email and direct them to the download site. from the download site they can download the media. You would have an audit trail that they accessed the download site and downloaded the content. You could even include a check-the-check-box that they have read the terms and conditions. This enforces the point that they did indeed access the side and are in receipt of the content.
  • Options
    edited July 2007
    I like the download manager idea--One example I heard of, but can't remember was a company that will create a unique URL for your customer, and as soon as the first download occurs from that URL, a timer starts that will expire further downloads from that URL in 48 hours. Basically, you then write your terms to say that the download act constitutes acceptance of delivery, and it must be evaluated for defects within the first 48 hours of download, and if any it must be re-downloaded or forever hold your peace. On the flip side, offer a 30 day no questions asked money-back guarantee. Any unsatisfied customers (and, unfortunately, a few satisfied ones) will take advantage of that rather than bother with the credit card company for a chargeback.
  • Options
    thanks guys... thats really helpful.. the download manager idea is the best in my case... the products are simply files, not applications... the only thing that bothers me with download manager is how do i prove that the unique link had been clicked by the client, and not my secret agent or me? by tracing IP? that's one question, and the second is, how do I provide the evidence to my credit card processing company? i guess they will need an access to logs or something... i could also falsify the fact of download and input a ficticious IP theoretically.. so, I will need to take care of these questions first, and of course contact my retailer (CC processor) to inquire about this security measure... thanks guys
  • Options
    take a look at this wonderful and very promising sentence from my retailer's knowledge base:
    According to credit card association rules, Internet merchants must accept credit card fraud as part of the normal risk of doing business on the Internet.
  • Options
    edited July 2007
    Just remembered the company. Looks like they went under at the start of the year. If they handle the transaction, then you will never see the URL.
  • Options
    edited July 2007
    Have a look at escrow. The buyer send the money to, you send the product to the buyer and if he is happy and send you the money.
  • Options
    Simpler than that, issue unique username/password pairs, and then log the use of the "FTP' site to verify the
    download for each customer.

    Putting a strict policy of "no refunds for claimed inability to download", and making them agree to the
    policy to be able to place an order is another approach. If you have a "no refunds" policy, and it is
    impossible to ignore, you can offer this policy as proof to the credit card company that the chargeback
    is an bogus attempt by a cheapskate to try to ride free.

    Clearly, you need to offer a whole pile of support for those who claim no ability to download, but
    a simple FTP log is the basic step here, so you can verify, username/password, bytes transferred,
    and "successful transfer" or "lots of retries". Don't be an ass, and be ready to mail a CD to the
    ones than claim that they can't get your stuff.

    Example - my mom can't look at some pdf files on her dial-up line. Dunno why, but she just can't
    get the darn things downloaded. If she were your customer, she might ask for a CD to be mailed.
  • Options
    Yup, that's my policy, words to this effect; " you will understand, due to the digital nature of the product, no refunds are possible so please be sure to check the Product Disclosure Statement before availing yourself of our services..."

    It hasn't failed me yet, but yes I've had to resort to shipping a physical CD at times, for a substantial added cost to the client of course, so I'm pretty sure they had a valid reason for requesting it.

    Posted: Wednesday, 11 July 2007 at 11:52AM

  • Options
    i have the similar statement, but it does not protect from fraud.. Wanderer, our target audience could be different, and the audience does affect the percentage of credit fraud.. I have this, "Since our products can be easily copied, we grant no refunds"
This discussion has been closed.