Filing claims on a merchant's insurance for credit card fraud leads to higher insurance premiums for the merchant.
Not filing claims leaves the merchant SOL and out $fraud_amount that they must make up elsewhere.
Either way means higher expenses for the merchant. Merchants don't just accept that, they charge higher prices to make up for the difference. Who pays those prices? You do. In a roundabout way, we are ALL victims of credit card fraud, by means of higher prices.
DreamHost puts that on their front page - try USING 5 terabytes and see what happens to your account. Web hosts routinely oversell their capacity, some more than others.
For a reality check do some math. A server with a 10 mb/s connection (fairly standard for a shared hosting server) can put through a theoretical maximum of 3300 mb (3.3 terabytes) in a 30 day month. Even with a 100 mb/s connection that's 33000 (33 terabytes) in that same 30 day month. Shared hosting servers usually have anywhere from dozens to hundreds of sites on a server. It's not possible for them to all use more than a few hundred megabytes on average.
Go check prices on some dedicated servers and then rethink your math.
Consider your average home with a much smaller pipe - we'll say 5 mb/s for easy math, but I think that's much higher than "average" (it certainly is in my area). With a 5 mb/s connection from your house to the outside network you have a theoretical maximum of roughly 1600 gb in a 30 day month. That's assuming you're using your connection to its full potential 24x7.
In reality, I'll bet that most users don't go anywhere near that 40 GB cap. If I wasn't working as a web programmer I don't think I would. If my local provider introduces something like this I can guarantee I'll change the way I do things - I would have to make more use of my local testing server for one, rather than uploading every little change to a remote server for testing. I would also have to rethink my VOIP system and the closet server that runs nightly backups from my office to my home. Those things probably push me up or over that cap. Providers base their prices on an "average" user. If there's a huge disparity between the "average" user and someone like me, then I deserve to pay more for my connection.
Maybe $1/GB isn't the right number, but comparing home access to a web host that's known for overselling their servers isn't fair by any means. If home broadband worked like Dreamhost does we'd all have cheap connections with theoretical caps of 100 terabytes on our 10 mb connections but we'd only be able to use 768k on a good day.
I wish I had mod points today. Whoever modded that down needs to get a clue. If you don't get the joke, Google for "les paul." I'll give you a virtual mod to +5 funny.
Do you really expect drug dealers and homeless people to go that far through the legal system? More likely they'll just kick it over and watch the wheels spin helplessly in the air.
In many IT jobs you have to be ready to answer that page at any time of day/night. In the military if your base is attacked, you are expected to be ready to get your uniformed butt to your post right-effing-now. In the civilian world coming in stoned/drunk/high will probably get you fired. In the military world there's a very real chance that doing the same could get people killed.
If your business had a legitimate use for such a big TV it could easily be a 100% deduction. I'm sure sports bars don't worry about it, they just deduct the entire expense (or depreciate it, but that's another conversation altogether). Churches are in the business of entertainment, of a sort. Call it "community outreach" if you want. Unless the church-bought TV is in the pastor's house I doubt that any IRS agent would question the deduction.
Typically it's a projector and a blank wall/screen, not a 6 foot LCD - used for displaying notes for the teaching (much the same as many college professors do) or words to songs. It just happens to be a great way to watch a football game or play video games.
If the criminals were breaking into people's paypal accounts, your analogy might hold water. I'm not saying that doesn't happen, but that's not what this story is about.
It's more like a drop-shipping scenario.
Imagine you buy an iPod on eBay. The seller doesn't actually have an iPod, but he has an agreement with the dropshipping house. You pay the seller, the seller pays the shipper, the shipper ships your iPod...but this time the shipper skips town. Who are you going to call when the iPod doesn't arrive? The seller's agreement with the dropshipper is not your business or your problem - you paid money to the seller, expecting an iPod, the seller didn't deliver. I'm sure you'll want your money back from the seller. He'll have to take that up with the dropshipper, but again, not your problem.
The story really is about the same thing. The customer sent money to the victim for a computer. The victim sent most of that money on to the criminal, expecting that the criminal would ship the computer. The criminal disappeared. The customer is now angry at the victim and wants his money back - he doesn't care about the victim's arrangements with the criminal. Not his problem.
Yes, I also realize that the victim didn't know what the money was for or where it came from. I don't care, that's just stupid - if someone wrote me a check for $2000 I would definitely want to know what the heck that money was for before I did anything with it.
The fact remains that the customer is not at fault here - he paid money, expecting something in return. The person to whom the customer paid the money is obligated (morally if not legally) to return the money if he can't provide that something. The same goes for the transaction between the victim and the criminal - the victim paid money, expecting the criminal to provide something in return. The burden is on the victim to get the money back from the criminal (good luck with that).
Regardless of who is morally obligated to whom, the PayPal terms of service govern the entire transaction. PayPal's TOS are scary - they can effectively take money from your PayPal account whenever they want to for any reason they can come up with. Anyone who accepts PayPal accepted these terms and conditions.
I'm too lazy to look up a citation at 7:30 in the morning, but the last time I looked over the PayPal TOS it pretty much said "we reserve the right to take money out of your account whenever we want to, and your only recourse is to ask us nicely to have it back. Say 'please' and we might consider it."
Don't ever leave more money in your PayPal account than you can afford to lose.
For what it's worth, I think a court of law would have agreed in this case that the woman was responsible. It's impossible to really say without details of the eBay auction in question, but she took the customer's money. What she did with it after that is not the customer's problem. If she took his money in exchange for a service/product that she could not provide, she owes the customer his money back.
I've done a lot of work with VOIP both for myself and for a few clients. In a business situation look at setting up an Asterisk server (very easy with TrixBox). For home use there are lots of similar providers. You can look up some information at http://www.voip-info.org/ and the forums at http://www.trixbox.org./
I've had good experience with Vitelity and VoicePulse. I use their services to connect to my Asterisk box, so that doesn't directly transfer over. Based on what I've seen a few of my friends go through I can recommend that you NOT go with SunRocket.
Yes, retailers are complaining about the costs involved in this.
This letter, however, is more complaining that it's necessary in the first place - if retailers were not required to store this data for so long, they would not have any need to protect the data. The card companies have the data already, why does the retailer need a copy as well?
In your particular example, you're correct - Blizzard should have recognized that a charge from the other side of the world might be fraud. Consider some other situations.
How many times have you ordered something online to be shipped somewhere else? My grandmother orders all of her Christmas gifts over the internet. She pays with her credit card and ships it straight to her grandkids. Great for her, she doesn't have to mess with packing boxes. The only information those store can possibly validate is the card number, the three-digit code off the back and the credit card billing address. My grandmother lives in Florida and ships me stuff in Texas. How do those websites know that it's not me shipping myself stuff with a stolen credit card number? They don't.
Credit card companies don't give merchants much to go with. But if the merchant accepts a bad card, it's all his fault - and he's guilty until proven innocent. When you call your card company to say there's been a fraudulent charge they immediately issue you a credit. Where does that money come from? The merchant's checking account. He'll find out why money suddenly left his account when he gets the packet in the mail in a few days.
THAT is why a credit card number is sensitive information. It's too easy to commit fraud, often very hard to trace the criminal, and the responsibility lies with the merchant 100% unless they can conclusively prove that the card holder actually made the charge.
My business sells items on eBay, in an online store and in a physical storefront. Many times we have a very unique item - for example, a vintage musical instrument - that's available for sale in all three places at once. We put similar disclaimers in every auction we post and on our site.
Normally if we put it up for auction on eBay it will sell for far less than if we were to sell it to someone in the store (or even on our own website) so it does not make good business sense for us to take it off the sales floor or down from the website until it's sold. The salesmen in the store don't have access to our eBay system and not all of them can access the website back end. If they sell the item, they notify the web people who take it down, but that process may take a few hours (or days, on the weekend). This can also happen with commodity items also, if someone comes in and buys the last box of reeds. We're working on a solution that will integrate our in-store sales with the website database but that still won't cover eBay auctions. I won't even get into the issues of synchronizing the database with real life - we take inventory on a regular basis and always have to adjust something in the computer.
The disclaimer about "may be sold in the store" also encourages people to come into the store. More traffic in the store means more money coming in, whether they buy that specific item or something else. When we list auctions like that we get many phone calls asking what the in-store price is, and some of those end up in sales. eBay's "but it now" feature disappears when the first bid is made, so the "may be sold in store" feature acts as another backup "buy it now." That also saves on eBay fees (which can be ridiculous) if we can get more than one sale out of one auction or sell the item in the store (if we cancel the auction, eBay doesn't charge a final value fee). We are VERY careful to make sure the auctions are canceled before they end if we sell the item elsewhere.
There's nothing random about it. I'll sell a saxophone to anyone with the money to pay for it, whether it's online or in the store. We've told a few people not to come back because they have a history of being poor customers (bounced checks, rude to salespeople, break things then return them) but that happens rarely and only after a long history of the same garbage. We don't arbitrarily decide that this guy looks black/white/jewish/muslim/shifty-eyed/scuzzy so we won't sell to him. I see nothing un-fair about it either - you have just as much opportunity as the next guy to come in the store if you're local or order over the phone if you're not.
Rude, stupid? Not really. I think it would be more rude to let you bid on the auction or buy online without letting you know that the item might have already sold. It comes down to having multiple simultaneous sales channels (which is just good business) for the same item without a centralized database. If you REALLY want the item, buy it now or risk losing it. That's life.
Your step 8 is incorrect.
The bank does not eat the charges - instead it's the MERCHANT(S). I'm in business for myself helping others be in business for themselves and I see this all too often. The burden for the fraudulent transaction lies with the merchant, who, in addition to losing the amount of the original transaction, is also out whatever merchandise was sold, will still have to pay the fees on the original transaction, will almost always be hit with a chargeback fee (of $30-35) and may have his rates increased by his processor if this happens too often.
I just ran into a similar situation today, actually - from the ISP side. I run a small web services company. Most of our business is in web design and programming, but we offer the hosting mostly as a convenience to customers (only one contact person, one bill, etc).
I got a call from one of my clients' employees asking for a password reset on his email account. He's moving to a new office in the same building, doesn't know his password, wants to set up Outlook. No big deal, usually, but this is a guy I've never talked to or met. He argued with me a bit about it - said he's been an employee there for years, the boss is a personal friend, etc etc. Regardless, I don't know him from Adam so I refuse to give him the new password, instead offering to email it to the boss (the only contact email we have on file). He eventually accepts this.
Then we find out the boss is out of town somewhere and can't check his email. The guy's password has already been reset, so he can't check mail on his old computer either. He's SOL for the rest of the day until the boss checks his email from the hotel.
I hate to make things hard, but I have to - otherwise I could find myself featured in an article like this.
How about some time after 3 PM? That's when school lets out around here - most businesses are open until at least 5.
The motion also specifically noted that the student was supposed to take the TAKS test today. TAKS is our statewide standardized test which must be passed for promotion to the next grade or for graduation at the end of high school. If he misses the TAKS test he'll have to make it up at some point, forcing him to miss another day of school. TAKS days are only ~5 days out of the school year depending on grade level. Asking for a deposition on a non-TAKS day would be much less of a burden.
To continue your scenario, imagine you didn't check the line items, you just read the total and agreed to pay it. The waiter swipes your card and you leave the restaurant. The next day, the restaurant order calls you and tells you to either bring back your takeout box (hope you didn't take it for lunch) or pay the difference.
I run an online store - I've shipped merchandise before without charging the customer enough because my automated system screwed up. There was a moral choice on the table. I ate the losses, it was my mistake. Amazon's charging the customers' cards without authorization. Who's the better man?
Nope, this hasn't changed. My state of residence happens to be the state where I'm stationed, and has no state income tax. I know plenty of folks who list their parents, grandparents, whoever happens to live in an income-tax-free state as their "state of residence." I've heard of some crackdowns on that, it has to be more than just a PO box that you're renting, but as long as you can prove some sort of connection to that state you're free and clear.
Slashdot Mirror
Not victimless.
Filing claims on a merchant's insurance for credit card fraud leads to higher insurance premiums for the merchant.
Not filing claims leaves the merchant SOL and out $fraud_amount that they must make up elsewhere.
Either way means higher expenses for the merchant. Merchants don't just accept that, they charge higher prices to make up for the difference. Who pays those prices? You do. In a roundabout way, we are ALL victims of credit card fraud, by means of higher prices.
DreamHost puts that on their front page - try USING 5 terabytes and see what happens to your account. Web hosts routinely oversell their capacity, some more than others.
For a reality check do some math. A server with a 10 mb/s connection (fairly standard for a shared hosting server) can put through a theoretical maximum of 3300 mb (3.3 terabytes) in a 30 day month. Even with a 100 mb/s connection that's 33000 (33 terabytes) in that same 30 day month. Shared hosting servers usually have anywhere from dozens to hundreds of sites on a server. It's not possible for them to all use more than a few hundred megabytes on average.
Go check prices on some dedicated servers and then rethink your math.
Consider your average home with a much smaller pipe - we'll say 5 mb/s for easy math, but I think that's much higher than "average" (it certainly is in my area). With a 5 mb/s connection from your house to the outside network you have a theoretical maximum of roughly 1600 gb in a 30 day month. That's assuming you're using your connection to its full potential 24x7.
In reality, I'll bet that most users don't go anywhere near that 40 GB cap. If I wasn't working as a web programmer I don't think I would. If my local provider introduces something like this I can guarantee I'll change the way I do things - I would have to make more use of my local testing server for one, rather than uploading every little change to a remote server for testing. I would also have to rethink my VOIP system and the closet server that runs nightly backups from my office to my home. Those things probably push me up or over that cap. Providers base their prices on an "average" user. If there's a huge disparity between the "average" user and someone like me, then I deserve to pay more for my connection.
Maybe $1/GB isn't the right number, but comparing home access to a web host that's known for overselling their servers isn't fair by any means. If home broadband worked like Dreamhost does we'd all have cheap connections with theoretical caps of 100 terabytes on our 10 mb connections but we'd only be able to use 768k on a good day.
Actually, that's about the way it is now.....
I wish I had mod points today. Whoever modded that down needs to get a clue. If you don't get the joke, Google for "les paul." I'll give you a virtual mod to +5 funny.
Do you really expect drug dealers and homeless people to go that far through the legal system? More likely they'll just kick it over and watch the wheels spin helplessly in the air.
In many IT jobs you have to be ready to answer that page at any time of day/night. In the military if your base is attacked, you are expected to be ready to get your uniformed butt to your post right-effing-now. In the civilian world coming in stoned/drunk/high will probably get you fired. In the military world there's a very real chance that doing the same could get people killed.
...as would any other nonprofit.
If your business had a legitimate use for such a big TV it could easily be a 100% deduction. I'm sure sports bars don't worry about it, they just deduct the entire expense (or depreciate it, but that's another conversation altogether). Churches are in the business of entertainment, of a sort. Call it "community outreach" if you want. Unless the church-bought TV is in the pastor's house I doubt that any IRS agent would question the deduction.
Typically it's a projector and a blank wall/screen, not a 6 foot LCD - used for displaying notes for the teaching (much the same as many college professors do) or words to songs. It just happens to be a great way to watch a football game or play video games.
If the criminals were breaking into people's paypal accounts, your analogy might hold water. I'm not saying that doesn't happen, but that's not what this story is about.
It's more like a drop-shipping scenario.
Imagine you buy an iPod on eBay. The seller doesn't actually have an iPod, but he has an agreement with the dropshipping house. You pay the seller, the seller pays the shipper, the shipper ships your iPod...but this time the shipper skips town. Who are you going to call when the iPod doesn't arrive? The seller's agreement with the dropshipper is not your business or your problem - you paid money to the seller, expecting an iPod, the seller didn't deliver. I'm sure you'll want your money back from the seller. He'll have to take that up with the dropshipper, but again, not your problem.
The story really is about the same thing. The customer sent money to the victim for a computer. The victim sent most of that money on to the criminal, expecting that the criminal would ship the computer. The criminal disappeared. The customer is now angry at the victim and wants his money back - he doesn't care about the victim's arrangements with the criminal. Not his problem.
Yes, I also realize that the victim didn't know what the money was for or where it came from. I don't care, that's just stupid - if someone wrote me a check for $2000 I would definitely want to know what the heck that money was for before I did anything with it.
The fact remains that the customer is not at fault here - he paid money, expecting something in return. The person to whom the customer paid the money is obligated (morally if not legally) to return the money if he can't provide that something. The same goes for the transaction between the victim and the criminal - the victim paid money, expecting the criminal to provide something in return. The burden is on the victim to get the money back from the criminal (good luck with that).
Regardless of who is morally obligated to whom, the PayPal terms of service govern the entire transaction. PayPal's TOS are scary - they can effectively take money from your PayPal account whenever they want to for any reason they can come up with. Anyone who accepts PayPal accepted these terms and conditions.
I know, replying to my own post is bad form - but I failed to mention that eBay now owns PayPal, so they are effectively one and the same.
....since you agreed to their Terms of Service.
I'm too lazy to look up a citation at 7:30 in the morning, but the last time I looked over the PayPal TOS it pretty much said "we reserve the right to take money out of your account whenever we want to, and your only recourse is to ask us nicely to have it back. Say 'please' and we might consider it."
Don't ever leave more money in your PayPal account than you can afford to lose.
For what it's worth, I think a court of law would have agreed in this case that the woman was responsible. It's impossible to really say without details of the eBay auction in question, but she took the customer's money. What she did with it after that is not the customer's problem. If she took his money in exchange for a service/product that she could not provide, she owes the customer his money back.
I've done a lot of work with VOIP both for myself and for a few clients. In a business situation look at setting up an Asterisk server (very easy with TrixBox). For home use there are lots of similar providers. You can look up some information at http://www.voip-info.org/ and the forums at http://www.trixbox.org./ I've had good experience with Vitelity and VoicePulse. I use their services to connect to my Asterisk box, so that doesn't directly transfer over. Based on what I've seen a few of my friends go through I can recommend that you NOT go with SunRocket.
....but that information is already there in that central database.
I read that as "We recognize that Visa already has this information on file, so rather than create another possible target we'll just use their copy."
I think you missed the point.
Yes, retailers are complaining about the costs involved in this.
This letter, however, is more complaining that it's necessary in the first place - if retailers were not required to store this data for so long, they would not have any need to protect the data. The card companies have the data already, why does the retailer need a copy as well?
In your particular example, you're correct - Blizzard should have recognized that a charge from the other side of the world might be fraud. Consider some other situations. How many times have you ordered something online to be shipped somewhere else? My grandmother orders all of her Christmas gifts over the internet. She pays with her credit card and ships it straight to her grandkids. Great for her, she doesn't have to mess with packing boxes. The only information those store can possibly validate is the card number, the three-digit code off the back and the credit card billing address. My grandmother lives in Florida and ships me stuff in Texas. How do those websites know that it's not me shipping myself stuff with a stolen credit card number? They don't. Credit card companies don't give merchants much to go with. But if the merchant accepts a bad card, it's all his fault - and he's guilty until proven innocent. When you call your card company to say there's been a fraudulent charge they immediately issue you a credit. Where does that money come from? The merchant's checking account. He'll find out why money suddenly left his account when he gets the packet in the mail in a few days. THAT is why a credit card number is sensitive information. It's too easy to commit fraud, often very hard to trace the criminal, and the responsibility lies with the merchant 100% unless they can conclusively prove that the card holder actually made the charge.
My business sells items on eBay, in an online store and in a physical storefront. Many times we have a very unique item - for example, a vintage musical instrument - that's available for sale in all three places at once. We put similar disclaimers in every auction we post and on our site.
Normally if we put it up for auction on eBay it will sell for far less than if we were to sell it to someone in the store (or even on our own website) so it does not make good business sense for us to take it off the sales floor or down from the website until it's sold. The salesmen in the store don't have access to our eBay system and not all of them can access the website back end. If they sell the item, they notify the web people who take it down, but that process may take a few hours (or days, on the weekend). This can also happen with commodity items also, if someone comes in and buys the last box of reeds. We're working on a solution that will integrate our in-store sales with the website database but that still won't cover eBay auctions. I won't even get into the issues of synchronizing the database with real life - we take inventory on a regular basis and always have to adjust something in the computer.
The disclaimer about "may be sold in the store" also encourages people to come into the store. More traffic in the store means more money coming in, whether they buy that specific item or something else. When we list auctions like that we get many phone calls asking what the in-store price is, and some of those end up in sales. eBay's "but it now" feature disappears when the first bid is made, so the "may be sold in store" feature acts as another backup "buy it now." That also saves on eBay fees (which can be ridiculous) if we can get more than one sale out of one auction or sell the item in the store (if we cancel the auction, eBay doesn't charge a final value fee). We are VERY careful to make sure the auctions are canceled before they end if we sell the item elsewhere.
There's nothing random about it. I'll sell a saxophone to anyone with the money to pay for it, whether it's online or in the store. We've told a few people not to come back because they have a history of being poor customers (bounced checks, rude to salespeople, break things then return them) but that happens rarely and only after a long history of the same garbage. We don't arbitrarily decide that this guy looks black/white/jewish/muslim/shifty-eyed/scuzzy so we won't sell to him. I see nothing un-fair about it either - you have just as much opportunity as the next guy to come in the store if you're local or order over the phone if you're not.
Rude, stupid? Not really. I think it would be more rude to let you bid on the auction or buy online without letting you know that the item might have already sold. It comes down to having multiple simultaneous sales channels (which is just good business) for the same item without a centralized database. If you REALLY want the item, buy it now or risk losing it. That's life.
Your step 8 is incorrect. The bank does not eat the charges - instead it's the MERCHANT(S). I'm in business for myself helping others be in business for themselves and I see this all too often. The burden for the fraudulent transaction lies with the merchant, who, in addition to losing the amount of the original transaction, is also out whatever merchandise was sold, will still have to pay the fees on the original transaction, will almost always be hit with a chargeback fee (of $30-35) and may have his rates increased by his processor if this happens too often.
I just ran into a similar situation today, actually - from the ISP side. I run a small web services company. Most of our business is in web design and programming, but we offer the hosting mostly as a convenience to customers (only one contact person, one bill, etc).
I got a call from one of my clients' employees asking for a password reset on his email account. He's moving to a new office in the same building, doesn't know his password, wants to set up Outlook. No big deal, usually, but this is a guy I've never talked to or met. He argued with me a bit about it - said he's been an employee there for years, the boss is a personal friend, etc etc. Regardless, I don't know him from Adam so I refuse to give him the new password, instead offering to email it to the boss (the only contact email we have on file). He eventually accepts this.
Then we find out the boss is out of town somewhere and can't check his email. The guy's password has already been reset, so he can't check mail on his old computer either. He's SOL for the rest of the day until the boss checks his email from the hotel.
I hate to make things hard, but I have to - otherwise I could find myself featured in an article like this.
How about some time after 3 PM? That's when school lets out around here - most businesses are open until at least 5. The motion also specifically noted that the student was supposed to take the TAKS test today. TAKS is our statewide standardized test which must be passed for promotion to the next grade or for graduation at the end of high school. If he misses the TAKS test he'll have to make it up at some point, forcing him to miss another day of school. TAKS days are only ~5 days out of the school year depending on grade level. Asking for a deposition on a non-TAKS day would be much less of a burden.
...but you've missed half the point.
To continue your scenario, imagine you didn't check the line items, you just read the total and agreed to pay it. The waiter swipes your card and you leave the restaurant. The next day, the restaurant order calls you and tells you to either bring back your takeout box (hope you didn't take it for lunch) or pay the difference.
I run an online store - I've shipped merchandise before without charging the customer enough because my automated system screwed up. There was a moral choice on the table. I ate the losses, it was my mistake. Amazon's charging the customers' cards without authorization. Who's the better man?
Nope, this hasn't changed. My state of residence happens to be the state where I'm stationed, and has no state income tax. I know plenty of folks who list their parents, grandparents, whoever happens to live in an income-tax-free state as their "state of residence." I've heard of some crackdowns on that, it has to be more than just a PO box that you're renting, but as long as you can prove some sort of connection to that state you're free and clear.