Slashdot Mirror
FTC Cracks Down On Porn Site Billing Scams
This story perhaps should hit home with many Internet wonks, not just in terms of getting illegitimate charges on our credit cards from porn sites, but from any web site, or from having our card numbers lifted while we are online. I have been fighting with my bank for at least a couple years trying to dispute one illegitimate charge after another. In my opinion, the problem doesn't just lie with the companies making the fraudulent charges, but also with the banks, who are too cheap to create a security process for credit card utilization that 1) blocks particular merchants chosen by the cardholder (I call it "merchant block"), and 2) disallows usage without a password that the cardholder chooses and can change at any time."
Those both sound like reasonable ideas; would any credit card companies like to "add stockholder value" by implementing them? Maybe providing a list of "merchants our customers frequently ask to have blocked" as a default would be a good start.
The biggest threat to profits in online porn industry right now isn't fraud from people who steal numbers, it's what's known as the 'Gak factor'.
Typically, this works like this:
1. Guy visits goatporn website.
2. Guy pays for goatporn.com on his credit card.
3. Guy gets off and loves the website.
(camera pans, one month later)
4. Wife opens credit card bill and sees charge to goatporn.com.
5. Wife confronts husband while weeping, convinced she's not satisfying him and that the marriage is about to end.
6. Guy decides that (after a quick 'GAK!') rather then explain that he loves his wife and just needs some goatporn once in a while, instead claims 'Gosh, I never made those charges!'
7.Under her watchful eye, he calls the bank and disputes the charges.
I doubt there's a real industry wide problem with fraudulent charges. In actuality, I suspect it's almost 100% legit charges that get reported as fraud because the significant other is flipping out.
Credit card company calls livegoatporn.com and says "This guy says he never bought that goat porn."
livegoatporn.com digs up its records and calls dude's ISP. They match dude's user ID to the originating IP at the time and day of the charges.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
And if someone must buy wanking material because the stuff available free on Usenet just isn't hard core enough, he (or she) should consider buying a Webcertificate. It's a MasterCard number based gift certificate, that also would work nicely as a throwaway credit card number. For $10 (plus a $2.95 service fee), someone could sign up with 10 "Adult Verification Services" in one day, the Webcertificate would be out of money, and no further charges could be made to it. Send the Webcertificate to a throwaway email address for a small degree of anonymity (certainly better than using one's own card). Time to see more? Just get a new Webcertificate. No troubles, except for possibly going blind or insane.
Accually if I sign my check D. Duck it should clear. In fact courts have held that unsigned checks can clear, so long as there is reason to belive the owner of the checking account intended to sign the check but forgot. Courts have also held that I can write out and sign my dads checks (I don't have power of atterny or any such thing) so long as dad would have wrote out that check had he been there - ie if dad always writes a check for the phone bill and I pay the bill one month with his checks).
Some of the above examples depend more on the mood of the judge then others. I would expect an unsigned or miss signed check to hold up in court (so long as the rest is in my hand writing!) much more likely then someone else writing one of my checks for something that I always buy.
I have learned to sign my credit card with my right hand, and then sign the recipts with my left. I've only had one clerk ask for further ID, and those signatures are very different.
I don't understand why people pay for porn sites. I mean, There's so much good free porn out there (www.thehun.net) (www.asstr.org), why don't people just go there and grab some, rather then falling for the obvious "Give us you're credit card number to access free porn" BS.
The online porn industry is for the most part a disgusting crass system. I don't have a problem with porn in and of itself, but seeing the commercialization of sex like this is disturbing.
How generous, offering to give a refund.
Imagine you have been operating a car theft ring for several years. Then you get caught. So you offer to return all the cars which you borrowed without authorization to their owners.
Pardon me, but isn't charging someone's credit card without authorization a felony? I'm thinking "federal wire fraud".
Also features in the British mini-series "Eureka Street". I think its been around longer than either.
Simon
Really. The first thing to realize is that your credit card is your *friend*. And so is the credit company *as long as you pay up!*.
The fine print on my card says that if my *card* is stolen, I must report it immediately, and that I may be responsible for all charges in between when my card was stolen and when I reported it stolen (or up to $50, I forget the details).
The fact is.. if my card is still in my wallet, then my card is not stolen. So.. if someone elses gets the number, somehow, and uses it.. I have no problem. Call company, tell them I didn't do it, and they refund it. IT' sup to the merchant to *prove* that I used my card to charge something. If he has no signature, and no other identifying info (shipping address, etc..) he's out of luck.
As for these sneaky porn charges, the fact is...
Even if there is fine-print, you can call your credit company and say 'they said nothing about blah-blah-blah'. The fact that you didn't see something is not directly relevant. You did not agree to those charges. You were under the impression that you would pay $X and that's why you did it. If it was otherwise, that's their problem. Your credit card company *will* cancel the debt and take it back to the merchant.
Oh man, what a conversation in the bathroom this would be...
"Hey man, I've been hunting around for some good sources pr0n and I ran across this awesome site. You ever been there? How're their credit ratings?"
"Yep, in fact, the boss is also a major client... that's how I found out about it."
"So that's why he's always in his office... Any problems with them?"
"Not really... once they double billed me for a show with twin sluts, but other than that, they're on the up and up. "
Humorless sig goes here.
I work in customer service for a very large ISP. At least once a week I have to deal with a call from an irate person who has found a charge on their credit card that they never expected to be there. Normally I post a refund to the credit card and get the person off the phone. If it was a hacked account submit it to the fraud department.
Here is where I begin to loose track of the situation. In the case of one individual, 17 monthly charges had been posted before they decided to call in and discuss the situation. It is obvious by looking at the usage that the account was never used, but 17 monthly charges before it ever clicked to me seems idiotic. I calmly inform the individual that I am only able to refund two months back. The next thing said is usually "I'll get my credit card company in on this." To which I respond that "As far as credit cards are concerened, all charges are valid unless disputed within the fist 60 days."
Read the fine print on your credit card statements. If you don't dispute that charge within 60 days the credit card company isn't going to do anything for you. Consumers seem to forget all that legal mumbo jumbo they sign when they sign up for credit cards. You are legealy and financially responsible for that card. Every single charge. If you were an idiot and didn't read your monthly statements for the past 17 months, PLEASE do not yell at me telling me that we've been stealing your money.
I think truthfully that credit cards are a much bigger and deeper problem in this country (the US) than just hacked cards being used on the internet. It strikes right at the heart of consumerism in America. I like to say this country was built on the backs of plastic.
Ok enough preaching.
----
"War doesn't determine who's right, just who's left"
"War doesn't determine who's right, just who's left"
Steven Wright
So all those flights I book over the phone by credit card can be refunded? Cool! Even though I had to present photo ID to pick up the tickets, and the airline has a record of me being on the flight? Even cooler!
Open Source. Closed Minds. We are Slashdot.
Its not like pr0n is ever unprofitable when the provider is honest and scrupulous
....I thought I'd never see that money back!
I'm not sure, but I thought I saw a commercial on television here recently about Discover coming up with some idea on cracking down on fraudulant charges.
Anyways, if people would take a few precautions, there would be a lot less hassle over this entire matter. Checkout their SSL Certificates. If you have any questions, read their privacy policy and research them through friends or other online sites that might rate the vendor.
Of course, with porn, it might be a little bit harder to find or access this information, but attempting this is a lot better than fighting with the bank/credit card companies over charges you did not place.
MunITioN
MunITioN
"A mind is a terrible thing to lose"
The FTC also said the company charged some consumers who never visited Xpics' sites, but it did not explain how that occurred.
Script Kiddies
Wouldn't you just love to see a script kiddy thrown in jail for credit card fraud? Man... that'd be great. "733+ hax0r, meet your new cell mate Bubba."
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
In order to keep an orderly society, nobody should have a problem if laws are passed that require merchants to be *clear* and *concise* with regards to the money their fees and prices.
This is required of phone companies now, that they have a clear and concise way of explaining the increasingly complex phone billing structures.
In normal business, it is considered fraud in some cases to 'mislead' people into purchasing something, even if there is fine print..
Why shouldn't a porn merchant be held accountable for misleading poeple? They make their sites purposely misleading because they *know* people will fall into the trap, and not dispute it afterwards. They are therefore making money off of *deceit*, which is fraud.
Every time I saw that "this is a free trial, your cc will not be billed" I thought, yeah right, why do you need it, then? Bottom line, you can't trust people in certain industries, like porn, drugs (including pharmaceuticals), tobacco, cars, etc. And the seedier the industry is, the more likely you will be ripped off outright. I would imagine that the company was banking (pun not intended) on the fact that people would be afraid to dispute the charges lest they be known as "perverts" or worse, being charged with a crime. (In many states, the laws are vague enough and far-reaching enough that Playboy and Penthouse, to say nothing of Hustler, could be considered illegal if they did not have big bad lawyers...)
Maximum Pc had a short segment on this, their answer was that the bank has nothing to do with crimes, and with hundreds of millions of dollars being spent on porn annually in the US, no one is alone despite the denial. (Everyone knows the Us is comprised of a populace of teetotaling virgins who never use that horrible language those Hollywood liberals from canada use, right?)
Oh and the same pornography sites that were doing this were among the worst in creating the pop-up hell (browser hijack expliot.. kill one window and two more come up). It was done through a javascript though, so a word to the wise, set javascript off or set it to "prompt" if you think you will need it for a site. No JS, no hijack!
there's money! And where there's money, there's credit card scams and the like. Nowadays anybody will do anything to make some money - after all, it's just "capitalism!"
Honestly, there's some really shitty people out there; I got to see a lot of them as a Comptroller. My favorite scam was the "rich person using disputing charges as a cash flow management technique." Which I saw numerous people do. My personal favorite incident was the guy who flew his family to Switzerland on his American Express. First class, about $20k bucks. Had a grand time. Got home, disputed the charges. So the travel agency (of which I was the Comptroller) gets out not only their 10% commission (or whatever it was on that particular flight, I've forgotten), but the 90% they paid to the airline. For eight months. I just wish businesses had the ability to prosecute people like that. Do losers like that REALLY think the airline didn't record their passports? But no, he had a legal right to contest it BUT THERE WAS NO PENALTY FOR LYING. I think another poster has it right: probably most of this "fraud" wasn't fraud at all. _Deirdre
move to another back.
This is usually harder than getting the bank to give you money. Me, I've got all my cash stuffed in my matress. Must get a combination lock for it some time.
For some reason, people are surprised when you buy a brand new car with cash.
Thankyou for contacting us regarding the incorrect charges to your credit card from Porn-O-Matic Inc.
According to the new code of conduct aggreed to by the internet sex industry, you should only have been charged for six hours viewing, and not the seven hours charged.
We trust that the matter has been resolved to your expectations.
May we also take this oppertunity to inform you of our member discounts from Grabbit, Floggit, and Leggit partners, Divorce lawyers.
I will be at IA2000 again this in September, in New Orleans, once-again telling Adult providers about a payment system that will allow them to get paid and STAY paid, with NO CHARGEBACKS (my mantra for Miami's IA2000 last year).
/. reader who sends me an account number will get a spot of e-gold to try, it's useful for more than just adult stuff or really-cool gambling sites, especially if you folks'd take advantage of it.
Still, this article brings up an important reason why I haven't been too successful with the adult industry so far, IMO (it's certainly not for lack of trying!!!). They want to automagically charge people who didn't even visit their (stale, in many cases) sites this month, and with e-gold they'd have to work harder, and not all of them want to work very hard, since they've been used to this mint (er...goldmine?) of automatic-charging. Using a medium where their customers see what they'll pay every month might cause those customers to want them to do something every month. IMO, this rant probably doesn't apply to all pron-sites, YMMV, etc.
As usual, any
JMR
Try e-gold - (contact me). I'm NOT e-
back in the early 90's I was a bill collector for 900 and 976 phone sex companies. we represented several of those co's, and it was common knowledge that they'd gouge the prices like this, usually with a $2.99/minute ad, and $2.99 a minute front end msg, then a disclaimer 'subject to change', then the menu of chat rooms, then the addendum latest price of $4.99/minute (which was the maximum allowable price). Hundreds of phone sex lines followed this practice, and suckered them in by the 10,000's.
It gets worse, see. First, usage of the service automatically signed you up for a credit account, and half the charges were applied to that account, to obfuscate the scam. nearly everyone was shocked to recieve a bill from the phone sex company, some paid withouta peep, others tried to complain in vain.
Also, early on it was realized that there was enormous latitude in the collection process, with the outfit I was involved in acting as a 'first party' collection agency to circumvent normal FTC regulations, plus the looming threat of exposure to friends and family and reportings to Trans Union and TRW.
I was young and impressionable, this activity was all couched in phrases that suggested legitimacy and legality, but once I realized the full extent of the evil, I fled forthwith. These guys are bad, bad people. My prediction is that they will pull a stunt like the one mentioned in 'Lock, Stock and Two Smoking Barrels' and send refund checks with an account name like 'Dildo Lovin' Ass Sluts Incorporated', which nobody in they're right mind will cash. Toooooo sad...
-=(V)0(V)0cr0(V)=-
From the net...
Australian Police have been unable to recommend a prosecution for the following scam:
A company takes out a newspaper advertisement claiming to be able to supply imported hard core pornographic videos. As their prices seem reasonable, people place orders and make payments via check. After several weeks, the company writes back explaining that under the
present law they are unable to supply the materials and do not wish to be prosecuted. So they return their customers' money in the form of a company cheque. However, due to the name of the company, few people will present these checks to their banks. The name of the company:
"The Anal Sex and Fetish Perversion Company"
--- if y cn rd ths y cn gt a gd jb n cmptr prgmmng!
If you're worried about what your children are doing online, why don't you take some action to prevent them from becoming "subversive maniacs." This is not the role of the government, but the role of the parent to decide when the child is old enough to make decisions about concerning "harmful materials like pornography, bomb making plans, drugs"
In my opinion, the problem doesn't just lie with the companies making the fraudulent charges, but also with the banks, who are too cheap to create a security process for credit card utilization.....
Although they probably deny it... but if you look at it this way the banks are not being "cheap".
Whenever a chargeback happens, not only does the bank get 100% of the charge back from the merchant, they also charge the merchant a $10-25 charge for each chargeback.
So if the credit card company makes 1% on a normal charge ($1 on a $100 charge).. that same company will end up making 10 times that much on a chargeback.
Granted there are administrative costs the credit card company has to pay for in order to process the chargeback.. but I doubt its $10 a chargeback.
--
-- Slashdot sucks.
The International Internet Commerce Act (IICA) of 1994 actually does provide for the billing of American Express credit cards, even if consent is not given. This is covered under section II-4D.
"The vendor, upon recieving the method of payment, shall gain full access to provision good to this card with or without given consent of buyer"
This clause has not yet been ammended, the IICA of 1999 will fix this, but is still being negotiated.
I am not sure about the value of blocking specific merchants.
1) It would seem that few merchants would accept future charges from a customer who had disputed charges.
2) Most bad merchants will be fined heavily and probably lose their merchant acounts.
3) It would seem to create oportunities to rip off legitamate merchants. Forinstance merchants who verified credit cards at purchase but didn't bill them until the product shipped. (a bad customer could simply ban the merchant between the two acount accesses)
IMHO a system which banned most merchants in problem catagories but allowed specific merchants to be quickly unbaned
I would propose a system as follows:
1) Allow banning of certain types of business (or all busniess) (Porn, Ebusiness, Mail order, 1-800 number, ALL, etc.)
1a) require a one day waiting period for this to prevent scam in (3) above
2) Allow banning of merchants who you had contested charges with instantly.
3) Allow banning of other specific merchants with a 7 day waiting period to help prevent problem 3.
4) Allow instant unbanning of any merchant or catagory by calling an 800 number or by going to a website and entering a password.
5) Allow a customer to set a price threshold below which authoriztion is not required (in some or all catagories).
Hmmm, you detest the christian right, and yet you claim that I am inaccurately stereotyping. Hmmm, antiabortion protestors chain themselves in front of abortion clinics, and therefore effectively deny services. Why is it such a stretch to believe they wouldn't do something similar to porn sites?
Using the "christian right" is much simpler to foster discussion than to post my message with the subject line of "Could the (insert your favorite far right wing organization here) DOS porn sites?"
matt, registered republican
Most of these porn companies rely on the embarrassment factor to be able to get away with this.
In other words, most of their customer are too embarrassed to complain either to the company in question, or to the their own card company.
The dialogue might go something like this:-
Card company: What is the nature of your complaint, sir?
Customer: I was billed without my authorisation by a company called "Wank-o-matic"
Card company: [stifles giggle] I see. Do you know how they obtained your card details.
Customer: Yes. I gave my card details to them to get a free preview of their "Jugs-o-rama" web site, but I cancelled my membership before the deadline.
Card company: [explodes into laughter] but did you have a good wank, sir?
Mass Debate
a story that's REALLY targeted towards slashdot readers.
Name: infinite porn loop
Description: Machine is compromised when end user attempts to close a pornographic page. This pops up two new pornographic pages. Each of these subsequently pops up two more pages until a stack or buffer overflow occurs. This compromises the system and allows root access on port 69.
OS's affected: ALL. Using Nescape or Internet Explorer can be compromised
Solution: Until patches for Netscape and IE are available, it is recommended that users browse with Lynx, although this will interfere with legitimate pornographic viewing.
- My password is slashdot
The industry site for this topic is ccwatch.net. Another good article on the "Gak" factor is in the Seattle Times.
-- I have a private email server in my basement.
Haven't these people ever heard of alt.binaries.erotica? Why pay for porn?
Not that I would know, of course...
Why should the government be deciding whether you and your children can see naked women on the Internet, and yet shouldn't be deciding whether or not they show naked women in schools?
(Oh, and while we're here, may I point out that over the years there have been any number of scams involving religion, apparently proving the point that religion is bad for everyone. As a matter of fact, when groups of pornographic zealots start a civil war somewhere, or kill themselves and their children with poisoned Kool-Aid, pornographers will have begun to catch up with religion as a force for good).
This next song is very sad. Please clap along. -- Robin Zander
To put the most important part of the post here, by federal law, you do NOT have to pay any more than $50 of fraud whenever your card or credit card is compromised. Most banks are smart enough to absorb the first $50 of fraud anyways and not charge the consumer. Otherwise there'd be thousands of people a month having to pay $19.95 to Plymouth Phone (an adult phone company that was... popular).
This means, then, that the financial responsibility for covering fraud falls on banks, not consumers. Even if consumers wereto pay the first $50 in fraud charges to their account, a bank still has to provide the personnel to investigate fraud. Fraud / Loss Control is a very important part of the agenda of most banks.
Now, mind you, it is going to be rather difficult for banks to institute a 'merchant-blocking' system in your account. This is because of several reasons:
Currently, the system really isn't all that bad. There's a lot of nightmares, certainly, with the major credit reporting bureaus (TransUnion, etc.), but the average national, well-established credit card bank is on yourside when it comes to fraud, mainly because essentially it's their money and their business that's being affected.
The best thing you can do to prevent fraud to your account is basic common sense: Guard your number. Don't trust every merchant online (for the same reasons you wouldn't trust every offline merchant). And, if you are the victim of fraud, report it as soon as possibe to the bank and, for your sake, write down and save everything. Amounts, dates, times, names of people you talked to. The more informed you are as a consumer the easier it is for the banks to help you.
Finally, remember that there are a lot of reputable adult merchants out there. One time we had an older woman call in saying that there were $150 in calls to an adult service. She said she lived alone and would not make such calls. Sure enough, it wasn't her. We called the adult service, they still had the caller's number on record, as well as the time of the call. It happened one time while her 12-yr old grandson was visiting for a few days.
Small potatoes make the steak look bigger.
Hey!
If I ran a credit card company, I'd have options of:
1) All merchants
2) All merchants except blacklisted
3) No merchents except whitelisted
4) Authorise
You'd have a choice, a normal credit card, a credit card that couldn't be used at companies that had a record of mischarging customers, a credit card that only works at popular shops that have a good trade record, and a card where you telephone before buying anything and say 'I'd like to authorise 'Jon's Pr0n-o-rama' to take $15 per month from my card', or 'I'm going shopping. I'd like to authorise the spending of $150 on my card, within the next 2 hours'.
This could be a good cash safety feature, or it could just be annoying... more likely annoying, after a while.
Some peer review might be in order?
Michael Tandy
...another insightless comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
Yes, this would be a crime. Taking funds with no intention of providing anything in return and hoping to exploit embarrassment so as to keep the funds is definitely an offence of deception.
No, it wouldn't work. It's perfectly simple to present a cheque for payment without having to meet someone in person: in the UK, we have automated deposit boxes that are quite anonymous. Since the poor sods who process the cheques haven't time to read much more than the amount written on them, they aren't going to even notice that the cheque is drawn on an embarrassingly-named account.
And even if they did, they're processing a cheque every second and a half or similar, so they don't even have time to snigger even if they do notice - and anyway, they don't know the poor sap who's presenting the cheque for payment anyway.
-- AndrewD
A Maze of Twisty Little Laws, All Different.
... is a humorous exploit of the banks' (and I mean all of them) policy regarding the relative cost of policing cheque signatures as against the cost of processing and paying claims.
A cheque without a valid signature ought not to be paid, and the bank is liable if it does pay it. On the other hand, most cheques are properly drawn - the vast majority of their customers are honest and careful with their cheques.
So they don't trouble to check signatures. That means the operator only needs to read off and type the amount on the cheque, and can do forty cheques a minute. Anything more, and the rate would drop and more people would have to be employed and paid for.
So try this next time you're collecting your poker debts: offer a double or nothing bet that a cheque signed "D. Duck" or similar will clear. Easy enough to do - the mark writes the cheque for double the amount and you agree that if it's queried you won't quibble. The odds are thousands to one against you losing - the bank reckons that a few claims each year are going to be cheaper than hiring four or five times the number of people to clear cheques.
-- AndrewD
A Maze of Twisty Little Laws, All Different.