Fog Creek Software
Discussion Board

Question for Joel regarding e-commerce

Some time ago you mentioned that you had dumped Digital River (or DigiBuy, don't remember which) as your ESD provider and started processing your own credit card orders via a secure form with your own merchant account.

My question is - how has this impacted your fraud rate?  When you sign up with Digital River, one of the things you are supposed to be "buying" is their extensive experience with fraud screening.  I'm wondering how your experience has been so far handling this yourself.

I'd like to hear from anyone else who has dumped an ESD (electronic software delivery) provider and started processing the orders with your own merchant account - how are you handling the fraud screening?

Many thanks for sharing any experiences, good or bad.

Woodrow Stool
Tuesday, July 9, 2002

Just a hunch, but there probably aren't many people ordering sophisticated bug tracking software using a stolen VISA card.  And if there are, so what - the cost of fulfillment is small and they aren't going to buy anyway.

Point taken, though, the middlemen often do serve some purpose there...

Bill Carlson
Wednesday, July 10, 2002

The "so what" issue is this: if you process a fraudulent transaction and never realize it until the rightful cardholder disputes the charge, you get hit with a "charge-back" from your merchant processing company, and too many of these will cause your merchant account to be revoked, in addition to the hefty charge-back fees.

Woodrow Stool
Wednesday, July 10, 2002

Good point, Woodrow.  My old company had a merchant account and sold low-priced ($25)educational software via an 800 number as well as on-line.  This is considered fairly "risky" by banks and we had a pretty high merchant fee.

We had one instance of someone putting the charge into dispute because they didn't like the software, but it was easily resolved by refunding the money.  No fraud there.

Mostly, it was a pretty good experience.  The banks expect a certain percentage of fraud (more or less depending on the account holder).  If you're within that band of what's expected, I think you'd be okay.

Your chargeback history is like your personal credit report.  You don't need a credit score of 850 to buy a house.  The occasional resolved chargeback won't break you as long as you remain profitable to the bank...

Bill Carlson
Wednesday, July 10, 2002

Having been responsible for creating many different types of e-commerce applications and working with a number of merchant accounts here's my two cents.

There are a number of methods to handle e-commerce and how you protect yourself from each method differs significantly.

Custom Software with internet access - This is the best scenario possible, I've used this process many times and it is very effective.  The customer can download your software, install it and run a trial for 30 days.  After 30 days the software disables and the customer must purchases license to continue use.  When the license is entered it enables the software, contacts your business severs and registers the valid software account.  The software checks periodically that the account is valid. If the card is fraudulent, disable the account and when the software runs its periodic check it can disable itself.  You’re not fully protected in this case, you still lose the merchant processing charges but your software is not being illegally used.  It’s also a great deterrent and should be mentioned on the checkout pages.

Internet B2C - Here’s an example of how handles their orders and what they had to do to stop fraud.  All orders run through a credit card check from the website.  This process only checks the credit card number is a possible valid number, also called a MOD10 check, no merchant processing has happened.  All orders are processed in batch at a later time.  The system will run all orders through and flag orders that may be fraudulent.  Things that could cause fraudulent orders would be different bill to and ship to's, next day air service, ordering many times and multiple quantities of a specific item, etc.  Orders that are considered to be fraudulent get flagged for review. customer service physically contacts the buyer by phone to verify the order is valid.  Does it sound time consuming and expensive to build your e-commerce solution this way?  Well take this into account; Wired Lounge's fraud rate for the last year is 0%.  That’s right, not a single fraudulent charge has gotten by with this process.  How much is that worth to your company?

Harvey Orloff
Sunday, July 14, 2002

Or you can just use PayPal.

Tuesday, July 16, 2002

*  Recent Topics

*  Fog Creek Home