|
Grex > Coop11 > #204: Cyberspace Communications finances for August 2000 |  |
|
| Author |
Message |
flem
|
|
Cyberspace Communications finances for August 2000
| 
Sep 26 16:11 UTC 2000 |
Here is the treasurer's report on Cyberspace Communications, Inc. finances
through 8/31/2000:
Beginning Balance $6,057.84
Credits $336.00 Member contributions
$ 20.00 Magnet fund contributions
$ 5.00 TOP fund contribution
$ 5.00 Auction proceeds
------------
$ 366.00
Debits $69.46 Pumpkin Rent for September
$54.34 Electricity for August
$345.46 Phone Bill
$47.10 CardService fee for July
$19.50 Charge Solutions fee for July
------------
$481.42
Ending Balance $5,942.42
Our balance as of 7/31 breaks down as follows:
$5,481.65 General Fund
$139.86 Silly Hat Fund
$60.00 Spare Parts Fund
($39.09) TOP sponsorship fund
$300.00 Refrigerator magnet fund
There was no activity in the Grex Store this month, so the balances remain:
Cash Stock
--------- ---------
($26.60) $281.60
We had 14 new members (mrmat, kkell, anand, jwhitebr, uranium,
gurab, amar1980, ruizlo, cat5, saadalgh, chevelle, loopye, mosey,
normanx) and one returning member (mju) in July and August.
We are currently at approximately 123 members, 86 of whom are paid
through at least September 15th. (The rest expired recently and are in a
grace period.)
Notes:
- Note the large number of "recently" expired members in the membership
summary above. This is because I've been just as timely about nagging
people to renew their memberships as I have been about entering
treasurer's reports. And I just can't bring myself to drop people
without nagging them a time or three first. Much nagging will take
place in the next weeks. (Incidentally, this lack of nagging also
helps account for the somewhat low credit total this month.)
- Not a great deal happened in August, or so one might conclude from the
numbers above. Unfortunately, this was not the case. We had some
rather serious trouble with credit cards, the impact of which will show
up in the September report. I'll also discuss it at the September board
meeting, and enter something about it here afterwards.
Thanks to everyone who contributed in August:
anderyn, chevelle, coyote, kdkd, loopye, mosey, normanx, otaking,
quail, remmers, and valerie.
Thanks everyone!
If you or your institution would like to become a member of Grex, it only
costs $6/month or $60/year. Send money to:
Cyberspace Communications
P. O. Box 4432
Ann Arbor, MI 48106-4432
If you pay by cash or money order, please include a photocopy of some
form of ID. I can't add you to the rolls without ID. (If you pay
with a personal check that has your name pre-printed on it, we consider
that a good enough ID.) Type !support or see
http://www.cyberspace.org/member.html
for more info.
|
| 48 responses total. |
flem
|
|
response 1 of 48:
|
Sep 26 16:42 UTC 2000 |
About the credit card trouble I mentioned.
In late August, someone decided to have a little fun with a credit card
number generator at our expense. Before I and the Charge Solutions support
people managed to block him (her, it), he managed to run up some $150 in
authorization fees. Charge Solutions charges us $0.50 per authorization, and
CardService charges $0.35. This guy got about 200 authorizations before we
stopped him. Fortunately, no credit cards were actually charged, so
there won't be any chargeback fees. This was why the credit card
processing was turned off briefly in August.
That was chapter one. Things were quiet for a month or so, but last
week, they got, ah, interesting again. Another person with a card number
generator started working on us. This person was smarter. The first guy
we were able to stop because he used the same (presumably false) email
address for each transaction, and we were able to block that. This
second person switched email addresses, ip address, name, etc. regularly.
To make matters worse, this person was only active late at night, when
I wasn't watching my email, so I wasn't able to react quickly to the
situation. The kind of blocking that Charge Solutions provides turned
out not to be effective, and this person ran up some 500-odd authorizations,
which will (in September) cost us around $300. (You'd think it would be
an easy 500 * $0.85 = $425, but it's not. For one thing, I got Charge
Solutions to take off about 120 of those authorizations, because they
would have been blocked if their staff had been more on the ball. Also,
not all of this person's requests were made with valid credit card numbers,
which I think doesn't cause an authorization, but I'm not sure...
Anyway, $300 is my semi-educated guess.)
I have suspended the credit card processing account with Charge
Solutions, so we're safe at the moment. But clearly we can't continue
to accept credit cards if it introduces that kind of vulnerability. I've
been talking with the Charge Solutions support people to see if there
might not be a way to handle this, but we haven't come up with anything yet.
So, credit cards might be down for a while. :(
|
bruin
|
|
response 2 of 48:
|
Sep 26 18:05 UTC 2000 |
BTW, flem, did you receive the two checks I sent you in August and
September respectively?
|
krj
|
|
response 3 of 48:
|
Sep 26 19:21 UTC 2000 |
Is there something unique about Grex's credit card arrangement which
makes it vulnerable to this attack, or are all Charge Solutions
customers vulnerable?
|
mdw
|
|
response 4 of 48:
|
Sep 27 01:33 UTC 2000 |
I don't believe there's anything unique about us, except perhaps the
business we're in. Presumably there's some vandal out there who
*really* wants telnet access via us and a stolen credit card #.
|
krj
|
|
response 5 of 48:
|
Sep 27 03:23 UTC 2000 |
It may be time to bring up my proposal about ending telnet-through,
then, or else requiring additional validation for it.
(My previous item was item:coop,186)
|
gull
|
|
response 6 of 48:
|
Sep 27 03:32 UTC 2000 |
It could just be some vandal who wants to cost us money, too. Disabling
telnet-through might not help.
|
keesan
|
|
response 7 of 48:
|
Sep 27 15:17 UTC 2000 |
Re #3, if it is possible that this sort of credit card loss can happen again,
I propose voting on whether it is worth staying in the credit card business.
We seem to have at most 25 new members because of it (some of them may have
joined because of the TOP movie instead). After the first three months, what
will be the actual costs of accepting credit card payments from this many
people (how many pay monthly, how many annually, etc.)? It sounds like about
$2 charge per payment - is this right?
|
krj
|
|
response 8 of 48:
|
Sep 27 16:26 UTC 2000 |
I would like to suggest that as an interim measure we look into
receiving credit card payments through PayPal. My understanding is that
PayPal now will serve business customers, and that their system would
not make Grex liable for these sorts of charges. This would at least
allow USA users to continue using credit cards for payments to Grex.
|
flem
|
|
response 9 of 48:
|
Sep 27 16:28 UTC 2000 |
I'd agree that we can't afford to be in the credit card business with the
possibility of this kind of loss. OTOH, I think that if it's at all possible
to avoid that risk, even at a higher monthly cost, it would be to our
advantage to be accept credit cards.
As to whether there's something unique about us... I get the impression that
most companies don't have this particular problem, but they have other
problems. The Charge Solutions support guy seemed to think that sites who
only automate the authorization and do the charge manually, like we do, are
more vulnerable to this kind of attack, because nobody's card gets
fraudulently charged, so there is less incentive to catch the perpetrator.
On the other hand, sites that do automate the charge are much more vulnerable
to fraud.
|
flem
|
|
response 10 of 48:
|
Sep 27 16:28 UTC 2000 |
#8 slipped in, and isn't a bad plan at all.
|
tpryan
|
|
response 11 of 48:
|
Sep 28 00:38 UTC 2000 |
If the TOP fund is in the hole, does that mean the pledges have
yet to come in, or that we still owe TOP money?
|
other
|
|
response 12 of 48:
|
Sep 28 01:37 UTC 2000 |
We fulfilled our obligation to Summer Fest by borrowing from the general
fund. Unfortunately, the delinquency of those who pledged to the TOP fund
and have not delivered required this.
|
ea
|
|
response 13 of 48:
|
Sep 28 02:10 UTC 2000 |
I remember sending a check to cover my TOP donation. Please let me know
if it never arrived.
|
flem
|
|
response 14 of 48:
|
Sep 28 14:52 UTC 2000 |
Yes, the TOP fund being in the red is much like the store being in the red.
We don't actually owe anyone any money, it's just a convenient way to keep
track of a subset of our funds. There are still some pledges out.
|
sno
|
|
response 15 of 48:
|
Sep 28 15:48 UTC 2000 |
Automated credit card processing for GREX?
All I can say is why?
Even if you get ten requests in a day, a 24-48 hour processing lag is
certainly not unacceptable.
Sometimes whiz-bang high tech is far too easy.
|
flem
|
|
response 16 of 48:
|
Sep 28 18:57 UTC 2000 |
We can certainly do without automated technology -- if we can find a service
that allows us not to use it.
|
krj
|
|
response 17 of 48:
|
Sep 28 20:37 UTC 2000 |
I just looked at the Conditions of Use at www.paypal.com.
"You must be a resident of the United States to use the Service.
International accounts will be available soon."
When we first heard about PayPal, they were for individuals only,
no businesses. They have expanded to include service for businesses.
I wonder if it's likely that PayPal will get international service
up and running before Grex can solve its credit card security issues?
|
flem
|
|
response 18 of 48:
|
Sep 29 04:12 UTC 2000 |
Worth a call.
|
prp
|
|
response 19 of 48:
|
Sep 29 04:47 UTC 2000 |
Can Charge Soutions change the order from:
1. Collect Data
2. Validate Card
3. E-mail Cyberspace
4. Get OK from Cyberspace
5. Charge Credit Card
to:
1. Collect Data
2. E-mail Cyberspace
3. Get OK from Cyberspace
4. Validate Card
5. Charge Credit Card
|
arianna
|
|
response 20 of 48:
|
Sep 29 05:38 UTC 2000 |
19 sounds viable; PayPal is generating enough interest, as well, so I agree
that it would be an option in the very near future.
|
bdh3
|
|
response 21 of 48:
|
Sep 29 09:36 UTC 2000 |
Lots of 'ebay businesses' use paypal. Surely grex is on par if not
similar to 'ebay sellers'? Heck, get a member to agree to clear
'international' charges through their business in return for an 'advert'
or something. To pay these kind of charges is foolish.
|
gull
|
|
response 22 of 48:
|
Sep 29 14:58 UTC 2000 |
I think Paypal business accounts charge a cut of the proceeds, but I think
it's pretty small. I haven't investigated, though. There are also sites
that use Paypal to do credit card processing directly, though there are some
small annoyances; for example, if someone who has a Paypal account attempts
to charge something, Paypal will reject the charge and tell you to ask them
to use their existing account.
|
twinkie
|
|
response 23 of 48:
|
Sep 29 20:54 UTC 2000 |
The business model relies heavily upon interest. If you make a transaction
today, it takes 48 hours for the recipient to have access to the money, then
another 48 hours for the money to be transferred to their checking account.
(And this assumes that the recipient transfers the money immediately.
As far as international accounts go, I *think* it's perfectly fine for people
to use credit cards to pay for things, but they can't recieve money, because
international checking accounts are much different than American ones.
|
yargo
|
|
response 24 of 48:
|
Oct 4 11:03 UTC 2000 |
I haven't been active yet in conferences, so I hope this doesn't
create too much garbage. :)
You might be interested in knowing that when payment by credit card
isn't available soon again, you might not get money from me soon again
either... I'm one of those whose membership expired lately.
Now I don't need the telnet and additional things as a member, I just
think, free computer and web services are a great thing; I have my own
computer at my office connected to the web, and have cheap access to
the internet from home. I'm just believing it's worth to support a
system like grex.
Therefore I don't want to do too much work for my membership, and
since I never use checks and all that other things (I'm in
Switzerland, btw), I won't take the effort to bother about it. The
credit card payment probably is the only way for me...
|