Unauthorized Payments / Electronic Fund Transfer Chargebacks

[Instacoins]

I have been conducting due dilligence lately on the prospect of creating an e-currency exchange in Canada, taking in Canadian dollars and distributing BTC and other cryptocurrencies. However, I have found one detail which seems to bother the BTC community, and I see a lot of heated discussion about it, but no solutions, which is the problem of chargeback liability.

As I understand it, the process works like this: VISA/Paypal/Interac E-Transfers all have a basic feature which is that the customer cannot be held liable for 'unauthorized transactions'. These unauthorized transactions are the result of alleged phising or otherwise malicious use of the customer's payment system, resulting in a financial burden that, contractually, the customer has no liability for (and thus the vendor must accept).

I see a lot of people angry with Paypal here, but Interac E-transfers and Credit Cards have the exact same feature. However, I certainly do not believe that this is an issue that cannot be resolved.




As I understand it, when a customer wishes to make a claim that the transfer was unauthorized, i.e. was conducted by a party other than themselves and operated without their permission, (called a dispute in Paypal's terminology), an investigation is then launched by the payment service to understand whether or not this is a case of fraud (which is what is trying to prevented here of course).

Another phrase buried in PayPal's Terms Of Service is the phrase 'a purchase that did not benefit the customer' (I'm paraphrasing). I bring this up because I think it may be helpful evidence in creating a solution.



As I see it, a simple solution to our fear of facing an unrightful 'chargeback' (or at least being subjected to bear the pain of the fraud), is to cover our ass in terms of the 'unauthorized' in 'unauthorized payment'. I think certainly it would not be impossible to create a system, working with employees of Paypal/VISA/Interac, that proves identification and thus authorization of a payment. I do believe that if you could mount a strong case, built with verifiable evidence, that in fact the person who made the transaction was making it themselves and in a manner that benefitted them, that you could eliminate the fear of chargebacks.

For example, if you had someone designate a long-term Bitcoin address, that would serve as their only destination point for funds, and you as a vendor would accept transferring their funds to that address, I believe you could begin to find the outline of a secure payment system. Furthermore, if you used some type of video communication software to verify identity, perhaps coupled with a type of password/reference verification, that you could really start to lock up security. Even if you had a secure transfer of only $15 of CAD, and could verify the I.P. address, I think you could build a very strong case that it is in fact the person who they are claiming to be when they make larger requests in the future.


The point I am trying to make is that justice is in the eye of the beholder, and in this instance it is the payment processing companise. They want to eliminate fraud, but they also want to incentivize customers using Visa et al., and are therefore more than happy to reapropriate your funds to cover their customer's liabilities. However, if presented with a strong case, built on evidence and a system that was tailored to their needs/wishes, I feel that a solution can certainly be borne out of this present-moment issue of chargeback exposure. If we work together I am sure we can create a foolproof secure system that can cover us from the liability in these transactions.

Cheers,
Anthony

[1714845545]

1714845545

[1714845545]

1714845545

[1714845545]

1714845545

[1714845545]

1714845545

[Stephen Gornick]

For example, if you had someone designate a long-term Bitcoin address, that would serve as their only destination point for funds, and you as a vendor would accept transferring their funds to that address, I believe you could begin to find the outline of a secure payment system.

If you are trying to find a way to let a buyer prove that payment was sent to the seller, then you might want to know about the payment protocol being built into the Bitcoin-Qt/bitcoind client.
 - https://bitcoinfoundation.org/blog/?p=85

[DeathAndTaxes]

The problem is a contractual one not a technical one.  The entire CC (and indirectly PayPal) model is built around the CC is a service to the customer.  CC companies barrange consumers to sign up.  Once consumer has signed up and has credit they need to spend somewhere.  VISA/MC/PayPal could careless if you don't accept CC.  If you don't then that customers funds will go to a merchant who does.

The CUSTOMER of the CC is the cardholder not the merchant.  Thus the entire dispute model is built around the customer being protected.  Do you honestly think VISA/MC/PayPal don't know so called "friendly fraud" doesn't occur?  Of course they do.  They just don't give a crap.  They get all the benefit and all the cost gets unloaded on the merchant.  Why do you think CC purchases are "free" for consumer?  Why does the merchant pay fee the fee for a payment method so heavily stacked in the consumer favor.  Everything about the model is designed to make it as easy for the consumer.  Hell their is no "$0 fraud liability".  I could print copies of my credit card and pass it around to a crowd and it costs me $0.  It cost VISA $0.  It costs the merchant banks $0.  All the cost goes to the merchant.

It is called a racket.  The entire system is designed to make it painfully easy for the consumer to spend money with no consequences, no responsibility, no requirements.  All the costs are borne by the merchant and if they don't want to accept it ... well they are locked out of the system of consumers who increasingly have a negative net worth (and thus can ONLY pay for things with credit cards and other debt financing).

They want to eliminate fraud

Lolz.  That is where your logic fails, no they don't.  The vast majority of fraud occurs in "card not present transactions" and VISA, the customer, merchant banks, and processors have an explicit 0% liability in those circumstances.  Why would VISA et all want to eliminate something that has absolutely no cost to them.  Hell they even bill the defrauded merchant $35+ to cover their processing costs from the fraud.  VISA makes a profit on fraud (they never refund their discount rate, not even on fraudulent transactions).  Even when merchants (semi-futility) attempt to spend increasingly amounts of money on fraud prevention services that cost is borne by the merchants.  VISA provides no compensation for anti-fraud measures, no reduced rate, no "good merchant" discount.  Why would they?  Fraud costs them nothing.

Still as a hypothetical even if you could eliminate "friendly fraud", third party fraud is rampant and organized crime can quickly rack up millions in fraudulent transactions before you see the tidal wave of chargebacks reported.  Bitcoin for better or worse "IS the perfect money".  As opposed to using CC for stolen goods which need to be fenced for pennies on the dollar, has a physical component and is risky, Bitcoin keeps its full value, is easier, and less risky.  The perfect "good" to purchase with stolen credit cards.


TL/DR: Don't expect the system to change.  The "broken" system isn't broken, it is stacked against the merchant for a reason and has made the processors insanely (beyond even their own wildest dreams) wealthy.

[Instacoins]

Well even with Interac E-transfers, which are a debit of one account and a funding of another (of already existing funds, i.e. no credit is involved), they still have the stipulation that the vendor, not the customer must bear the cost of 'unauthorized payments'. But even if Visa/other CCs/Paypal are stacking the system heavily against the merchant, there is no reason that a law-abiding citizen couldn't prove their identity securely beyond a shadow of a doubt to a law-abiding business. And there is no reason why PayPal et al. would rule against a merchant if they could openly and easily prove beyond a shadow of a doubt that the transaction was in fact authorized.

This is what I am trying to open a dialogue on: How can we create a security system that proves identity beyond a shadow of a doubt, so that we can win any disputes we have, thereby allowing for the processing of certain e-payments and opening up the spigots of cryptos to the laypeople! That's what I think is at stake and completely able to be accomplished here.

[DeathAndTaxes]

My point is ... you can't as it would require assistance by the payment processor.  Assistance that would increase their cost with absolutely no benefit.  They get paid the same regardless of how much fraud costs you absorb.

[gambitv]

I think he is right. The CC companies win, and the merchant is left hanging.

Why not create a system where if they want to use CC/PayPal they have to have 'cash' or bitcoin balance equal to the amount they want to use. If they re-neg on a transaction they forfeit the funds.

[fible1]

I think you are being a tad naive about how the payments industry works (no offense intended); I'd like to tell you a story that I think will illustrate my point:

1. Once upon a time I ran a Linden dollar exchange.
2. One day a customer comes and tells me he wants to buy 500 USD a day of Lindens to run his casino.
3. I was naive.
4. I got him to send me a letter stating that he authorised the transactions, a copy of the front and back of his credit card to prove that he had it, a copy of his electric an water bill, and a copy of his bank statement with the same address as his water bill. I also called him to the phone number on record for his credit card. I thought I was covered.
5. 12,000 USD later (almost two months) I cut him off, I had realised something was off about this earlier but I was greedy.
6. The next day I wake up to a full chargeback load.
7. I call PayPal and it takes me 5 DAYS to reach a manager.
8 I inform the manager of all my documentation and phone verification.
9. Manager treats me like shit and informs me that it doesn't matter that I have all that documentation because "they can not receive it from me as evidence of a lawful transaction," (I'm paraphrasing a bit, the exact words elude me right now).
10. They charge back EVERY CENT and never even bother to receive my evidence. A manager told me that my options were to pretty much sue or shut up.
11. I lost all that money.
12. I learned a VERY valuable lesson.

You have to keep in mind that that level verification is impossible to perform on EVERY customer in any exchange. And you also have to keep in mind that Bitcoin has a much more sophisticated and professional level of criminal beyond you every day "friendly fraud". The reasons behind why PayPal can not give a fuck and Credit Cards make you pay for friendly fraud have been better explained by others, but you have to keep in mind that there is no way around the system, they don't care about reducing fraud because they don't pay for it. Just don't use credit cards or PayPal, it will bite you in the ass.

Pablo.






[/quote]

[Instacoins]

Sure, I am naive. But I am also optimistic about finding a solution. Thank you for sharing your experience though.

However, the research I have been doing has been very enlightening. For example, Verified By Visa and Master SecureCode, both buried in the fine print, say that if these services are used the merchant has chargeback protection from 'unauthorized payments'. I have also found businesses that specialize in protecting against chargeback.

Definitely Card-Not-Present transactions have a high risk of fraud, and those trying to rip off merchants with Bitcoin transactions are a bit sharper than your average scamster. But I still think that, especially as a Canadian, a system can be created where it is either a) completely secure, or b) chargeback fraud is significantly reduced, and that which cannot be reduced is priced into the system.

(And I will definitely claim naivety in dealing with CC companies, Interac & Paypal for this, I do not have an illustrious career as a merchant to call back on as experience but I am a damn good researcher and moving in a good direction towards a solution everyday).

Nonetheless, here in Canada the regulators have taken less of an aggressive stance towards Bitcoin. Of course, I will still have to conduct due dilligence on figuring out the legal framework exactly, and covering my ass, but here in Canada there should be no reason why a Bitcoin sale cannot be approached as would be the sale of any other digital, nontangible good (downloads etc). I think the blockchain offers an even better legal case than would a digital download, because you can verify exact transactions. But if regulators plan on taxing Bitcoin like a regular good (which they do), and I plan on paying the taxes on Bitcoin like a regular good (which I do), there is no reason why I cannot have the extent of the law behind me to rally my case, especially if legal procedures are followed properly.

I am still going to bury myself into phone calls, fine print and legalese 'terms of service' today, and for a many a days to come, but the way I see things shaping up there is are two kinds of anti-fraud protection, protecting you from chargebacks (which can be served for far more than just an 'unauthorized payment'.) But specifically, to battle unauthorized payment I see:

1) The Mastercard/Visa/Interac terms and procedures: following their terms by the books, this includes utilizing Secure Code/Verified By Visa, which is in effect their solution against non-card-present transaction fraud. A business such as chargeback.com will help in this regard, (if you google chargeback protection, which I did before I went to sleep last night, you find a lot of businesses offering such a service).

2) Your personal comfort level. A phone call & all the lengthy procedures you went through is one way to deliver yourself comfort, even if, for example, a phone call could do nothing in the legal framework of Visa/Mastercard (I'm speculating, I don't know that for sure.) However, there are far more options to make you feel happy, and that you could potentially use to protect yourself. Off the top of my head, I think one is a video chat after seeing pieces of government ID and thus being able to tell you are speaking to the same person. Secondly, having a personal relationship, even on the way to friendship, with your clients I'm sure would go a long way in giving you personal comfort that you weren't susceptible to chargeback fraud (as opposed to legally knowing you are not susceptible to chargeback fraud).

Either way, non-card-present chargeback fraud is an issue that all busineses face and have to deal with. Big corporations have entire teams of people, who all they do is monitor chargeback fraud. It's not like this an issue secluded to only Bitcoin transactions. What I have in mind is an actual legitimate, registered company with clean books and taxes payed, transmitting an online good to customers. I want to play it as clean and by the books as humanly possible. Included with that is a strategy to minimize and price in possible chargeback fraud, but it is only a fraction of the overall things that must be dealt with. I certainly do not believe it is some 'Achilles heel' that can never be worked around. The fact is, if Canadians at large want to purchase cryptocoins, and we want laypeople possessing them, we are going to have to find something more user friendly than trade exchanges. People will need alternative, and easier payment methods, to pay directly for their Bitcoin, and I think that can be achieved legally and securely with a legitimate business.

Cheers, thanks for the healthy debate,
Anthony

[fible1]

Hey ,
   Just to compliment my post; when we ran the exchange (which was one of the larger ones), we were a legally established company and we took this and some of the early chargeback through several legal levels without much result. In the end it's cheaper to eat the chargeback than to fight PayPal or the credit card companies.

Again, this has just been my personal experience; I sincerely hope you find a solution to this issue. Buying Bitcoins today is way too complicated and if you find a good work around you will be doing a lot for increasing adoption as well as making a healthy profit .

Wish you the best .

Pablo.

[gambitv]

virwox allow credit card and paypal to buy bit coins.

They severely limit the amount you can use in the first 30 days. They are also a bit more expensive than mtgox prices. And to add to the complication, they ensure you buy 'linden dollars' first, before using them to purchase bitcoins.

They have both Verified By Visa and Master SecureCode, and ensure you become a verified user before increasing your monthly limits.

I still like my idea of asking customer to deposit twice the sum in cash as bond that they want to do in CC/Paypal/Electronic Transfer. In this internet age, not being able to use your direct payment option from online banking is a scandal.

Two services available in NZ only accept cash over the counter.

One that only allows you to buy coins accepts online banking, but you pay extra for the privilege.

[🏰 TradeFortress 🏰]

btcQuick does what you mention pretty much, they had 1 chargeback total and won it.

[Stephen Gornick]

virwox allow credit card and paypal to buy bit coins.

It is a minor technicality but that's not actually what happens.  VirWoX sells Second Life Lindens (SLLs) and accepts PayPal as payment.  You are then free to trade those SLLs for BTCs through them and withdraw the BTCs.   

Why not create a system where if they want to use CC/PayPal they have to have 'cash' or bitcoin balance equal to the amount they want to use.

Credit card chargebacks can occur months after the charge occurred (up to 6 months in most situations), so how long would the funds be parked in this bond before being returned to the customer?