|
Grex > Coop11 > #232: Summary of Grex's Credit Card Experiment | |
|
| Author |
Message |
| 25 new of 98 responses total. |
flem
|
|
response 20 of 98:
| 
Feb 13 19:52 UTC 2001 |
A couple of things. First, I am of the opinion that we should drop
CardService. If (when?) we go after credit cards again, I think more
research is called for than we had this time, and I don't see us
coming to a reasonable solution involving CardService within the next
few months; that is, soon enough for keeping the CardService account
to save us money. Also, Mark, you may want to call CardService up and
find out exactly what the timeline is for closing the account. I
don't remember dates exactly, but my feeling is that we'd best hurry
or we'll find ourselves in for another six months whether we like it
or not.
Second, folks who dislike PayPal because it's too complicated should
check out the updated membership page,
http://www.cyberspace.org/member.html
I hacked this together with srw's help about a month ago, using
Paypal's web accept feature. It should be much simpler than the
process I outlined earlier. It will still leave you with a Paypal
account, but with no hassle I'm aware of.
I think that, in spite of the logistical difficulties of PayPal, we
should seriously consider sticking with it, at least for a while.
It's cheap, it protects us from chargebacks in most cases, and it's
low-maintenance for the treasurer. The most serious drawback to
PayPal, as far as I'm concerned, is that it doesn't support
international transactions very well.
|
flem
|
|
response 21 of 98:
|
Feb 13 19:56 UTC 2001 |
resp:19 slipped in.
Emailing credit card numbers is a Bad Idea.
Our contract with CardService (or maybe Charge Solutions, I don't remember)
prohibited us from charging more for people who pay with credit cards. I get
the impression that this is pretty much universally the case; Visa may require
it, or it may be required by law, or something like that. I'd be disinclined
towards it anyway, though.
|
gull
|
|
response 22 of 98:
|
Feb 13 20:40 UTC 2001 |
Re #19: Emailing credit card numbers without encryption is a bad idea
and I'd never do it. There's just too many opportunities for someone
unsavory to get the number along the way.
|
scg
|
|
response 23 of 98:
|
Feb 13 21:24 UTC 2001 |
If it were just my lazyness, it wouldn't be a big deal. I'm assuming,
however, that my lazyness is probably somewhat typical.
|
scg
|
|
response 24 of 98:
|
Feb 13 21:25 UTC 2001 |
I don't think I've checked out the member.html page lately. I'll take a look
at it.
|
scg
|
|
response 25 of 98:
|
Feb 13 22:00 UTC 2001 |
Ok, that interface does work pretty well. I just renewed my membership. I'm
sorry for complaining without looking at it.
|
aruba
|
|
response 26 of 98:
|
Feb 13 22:10 UTC 2001 |
Re #23: Heh. I know, I was just teasing you - thanks for being a good
sport.
|
prp
|
|
response 27 of 98:
|
Feb 13 22:14 UTC 2001 |
Grex could put up a form, used to request the treasure to snail-mail a charge
slip and reply envelope. This would verify an address and get a signature.
This could cut chargebacks enough to make it worthwhile. It also solves the
other problem.
I'll also repeat my question: were the chargebacks people who changed their
mind, or frauduent?
|
aruba
|
|
response 28 of 98:
|
Feb 13 22:29 UTC 2001 |
Re #27: Well, we could do that, certainly. Do you think there are people
who would rather go through that procedure than write a check? I suppose I
could just send them a SASE, and they could send me a check. Maybe with a
$1 surcharge for the postage.
Sorry I didn't answer your question before. All three of the transactions
were fraudulent, according to the real cardholders.
|
mdw
|
|
response 29 of 98:
|
Feb 14 11:38 UTC 2001 |
We certainly have the technical expertise to set up a secure server.
That's just https, no big deal. The biggest nuisance is the verisign
certificate - if we're willing to go with a self-signed certificate even
that can be skipped. The big obstacle to doing this historically was
the patent - which has now expired.
|
prp
|
|
response 30 of 98:
|
Feb 14 17:01 UTC 2001 |
I thought one of the main reasons for taking credit cards was non-US
residents, for whom checks are a problem.
|
aruba
|
|
response 31 of 98:
|
Feb 14 18:25 UTC 2001 |
That's true. It still might be easier for people in other countries to use
PayPal than for me to send them a SASE and have them return it. (But then,
they still have to send ID.) (PayPal now seems to work in most (if not all)
European countries. Indian credit cards don't work here anyway.)
It might be worth considering appointing a "SASE-czar", who sends SASEs to
people on request. It could get out of hand, if people start asking for
lots of SASEs. But it would probably work OK.
|
krj
|
|
response 32 of 98:
|
Feb 14 20:32 UTC 2001 |
I'm sort of lost in this discussion, but my vague recollection is that
one of the advantages of the original, disastrous credit card implementation
is that Grex never handled anyone's credit card number, and that the
motivation for this was that the potential liabilities if Grex handled
card numbers were enormous. Does this ring a bell with anyone?
Or am I way off the mark here?
|
keesan
|
|
response 33 of 98:
|
Feb 14 23:28 UTC 2001 |
How many overseas members joined grex by credit card?
|
aruba
|
|
response 34 of 98:
|
Feb 15 05:10 UTC 2001 |
Re #32: Actually, it's PayPal that doesn't let us see the card number, and
our old system that did.
Re #33: 15 overseas users became members using credit cards.
|
cmcgee
|
|
response 35 of 98:
|
Feb 15 07:27 UTC 2001 |
Just for the record, SASEs don't work in other countries. US postage is not
valid for mailing letters from other countries.
|
aruba
|
|
response 36 of 98:
|
Feb 15 14:33 UTC 2001 |
Right. I guess we could send "SAE"s to people in other countries. :)
|
scott
|
|
response 37 of 98:
|
Feb 15 14:57 UTC 2001 |
Maybe with a fridge magnet as a bonus... although we'd risk getting some bogus
requests.
|
prp
|
|
response 38 of 98:
|
Feb 15 16:05 UTC 2001 |
Going back to response 0 and adding up the columns under summary gives:
+1602.00 Credits
-1027.04 Other ChSol+CS+ChargeBack+Min+Other
-404.80 Auth Auth+AVS Valid+Invalid
-64.29 Discount Disc+NQ+Batch
-------
+105.87
The $0.03 descrepency with Marks total is from the Sep-00 Disc figure. 2.66
v 2.63. The various other colums add up as:
49 Count
1296.00 New
252.00 Rewnew
54.00 Misc
48.89 Disc
7.35 NQ
8.05 Batch
354.55 Auth Valid+Invalid
50.25 AVS Valid+Invalid
311.06 ChSol
120.00 CS
202.69 Chargebacks
127.34 Min
265.95 Other A+B+C
Which can be broken down some
17.15 Auth Valid
337.40 Auth Invalid
2.45 AVS Valid
47.80 AVS Invalid
175.00 Other A Appication
75.00 Other C 25/chargeback
15.95 Other B ???
And combined some
19.60 Auth+AVS Valid
385.20 Auth+AVS Invalid
Leading to
1296.00 New
252.00 Renew
54.00 Misc
+1602.00 Credits
-202.69 [+6.31=209.00] Chargebacks
--------
+1399.31 [1393.00] Real Credits
385.20 Auth+AVS Invalid
75.00 Other C 25/chargeback
-460.20 Fraud Related Charges
-311.06 ChSol
-175.00 Other A Application
-127.34 Min
-120.00 CS
-56.24 [-6.31=49.93] Discount Disc+NQ
-15.95 Other B ???
-19.60 Auth+AVS Valid
-8.05 Batch
-------
+105.87
This is not as bad as it looks. The application fee was a one time charge
and the Min and CS fees cover twelve months even though the service was only
used for less than six and thus most likely did not get up to full speed.
Clearly though Charge Solutions and the fraud costs have to go.
Is there any breakdown for the Charge Solutions fee? My guess is that most
of that could go into Fraud Related, as it was high in August.
|
aruba
|
|
response 39 of 98:
|
Feb 15 18:17 UTC 2001 |
Nice work, Paul. No, sorry, I have no breakdown on the charges from Charge
Solutions. They didn't send us paper statements. Maybe Greg has more info.
|
keesan
|
|
response 40 of 98:
|
Feb 15 20:26 UTC 2001 |
You seem to be assuming that all new members who paid by credit card would
not otherwise have paid by check. 15 overseas members is impressive - I
forgot how many total new members paid by credit card.
|
mdw
|
|
response 41 of 98:
|
Feb 16 10:02 UTC 2001 |
The "old" system was primarily designed around the pecularities of the
traditional credit card processing system, and the way it evolved in
response to the various restrictions (legal & patent) on cryptographic
systems. There were 4 parts, if I remember right:
the central credit card "brand" (almost completely out of the picture,
except for setting the standards)
the various processing banks
intermediate systems that provided the secure hookup to the bank
(and we have an agreement with one of them through feb)
the secure web server that talks to the intermediate system (which
failed very disastrously for us)
We could probably still set up a system talking directly to the
intermediate system and running our own web server; I'm not sure just
what's involved there, but it may be nothing more than a shared secret.
|
gull
|
|
response 42 of 98:
|
Feb 16 20:24 UTC 2001 |
Re #35: No, but IRCs (International Reply Coupons) do. They're more
expensive, though.
|
other
|
|
response 43 of 98:
|
Feb 16 21:19 UTC 2001 |
Can we see a breakdown with one-time or annual charges prorated over the
time the experiment has been in effect? That would give us a more
accurate (and positive) view of the cost/benefit of the endeavor.
|
aruba
|
|
response 44 of 98:
|
Feb 16 21:57 UTC 2001 |
The only one time charge is the $175 setup fee. How long a period do you
want to prorate it over?
I like prp's breakdown into fraudulent and nonfraudulent charges.
I have some bad news. I called Card Service International, and found out we
missed our window to close our account, and we are on the hook for another
6 months, until August 4th. We would have had to send them a letter by
January 5th to cancel our account on Feb 4th. As it is, we have to send
them a letter between May 6th and July 5th.
So, all of you who think we should be accepting credit cards directly,
here's your chance to make it happen. You have until July 5th to come up
with an idea and implement it.
|