If anyone at stripe is reading this, I think this is golden opportunity for consumer focused payment service. One should be at least able to block a merchant from charging my card. I can do that for spammer email but can't do that for spam charge on my card - in 2020!
I believe the wording to be something like it has to be possible to cancel in a similar way you signed up.
In France, Le Monde (most famous daily newspaper) requires you to send a paper mail (and not a regular mail, but a registered mail, which costs around 5-10€) to cancel your subscription. Even if you subscribed on the website, for a 100% online subscription.
It's really shady.
What is it with French companies? BlueCity, the UK arm of the French "Autolib" car sharing service, had this same ridiculous "send us a letter in the post to cancel" policy. Since they charged to a credit card rather than use direct debit like most UK companies would, you couldn't easily cancel the payments through your bank either.
Since I'm quite lazy I never got around to sending them the letter and the £5/month continued (and I did use the service, occasionally). Finally a few months ago they went out of business and the charges stopped.
Reaaaaaally big smile on my face
In my case they froze the account preventing me from moving domains. I called support and they unfroze it. The next night the system it froze again. It became a race, manually moving 200 domains over in 12 hours. They don't allow bulk moves and you can't quickly open each domain for editing in a separate tab.
Fyi: Why move. There prices went up to some crazy amount $30 for a .org 60% more for[a .ca it ended up costing me hundreds extra one month. Glad I caught it...
I think I pay for everything online with my privacy cards now. It's just easier to keep track of stuff when you get alerts after a company charges a closed card, or tries to charge you more than your card limit that you set up.
I’ve been using this not only for subscriptions, but also when I’m making an online purchase at a store that I think may not have the best security in place.
Another comment actually says that he managed to create a virtual credit card, change the payment method, and delete the card. Quite clever. It's a shame that methods like this have to be used instead of just the click of a button.
Report the transactions as fraudulent, they'll soon stop.
I learned that you can request a replacement card with the same number, which I was initially very excited about. But when you get the new card it has a different expiration date, so it still needs to be updated most places.
On top of that it wasn't even activated because we'd stopped using Citibank to simplify our accounting and just hadn't cancelled entirely yet. Backdoors exist apparently for recurring charges that roll over onto new cards for "customer convenience" because you wouldn't want to miss your bills and lose access to Netflix.
"Hi, these are unauthorised, fraudulent transactions, please revert them and block future charges from that merchant"
That's all it takes with Amex and most others AFAICT.
They stopped last year after I wrote to them I considered I didn't own anything (a human probably read the file and dropped it).
Works every time.
And if you want to rub salt in the wound, request a detailed gdpr information about you and your account. gdpr even applies if it is not a european country based media company.
The court may struggle to apply it's judgements, especially if there isn't an applicable extradition situation, but all it takes is one representitive of the company to go to Europe and they are open to things like arrest for not following the judgement of the court
But if you do business in the EU - i.e. have advertising from EU companies inside your media website or you are already dealing with the EU AND you have readers/users in the EU that pay for your service, it makes you instantly responsible for being GDPR compliant if you like it or not.
This is why some media companies block EU ip-address ranges not to fall into that "trap".
Yes, that’s exactly what I said. I’m confused about what you’re think you’re clarifying.
And at the end of the day, all law fits into the cross-section of jurisdiction and motivation. If you’re a Singaporean company offering global services, there’s no jurisdiction and (unless your activities are especially egregious) no prospect of motivation.
If you’re struggling to cancel a subscription, contact your bank and ask them to block the subscription.
Washington Post gives you upfront yearly billing and cancellation is a few clicks, and I am a happy paying customer for them.
The signup page mentions canceling subscriptions several times, which isn't false, but it isn't what you expect from a subscription-based page in 2020. This is in my opinion a dark pattern today. It probably would have been ok...20 years ago!
Ironically they even shed light on these things a few years back, warning about different patterns: https://www.nytimes.com/2016/05/15/technology/personaltech/w...
But never the card. Reading such user horror stories, or Terms & Conditions, makes me turn around and never come back.
Not to say that Paypal won't screw you over, just that it doesn't do so all the time.
Relatively few monthly statements on it make anything funny stand out, and it's easy to just report/cancel the card.
Some banks have web/mobile banking where you can restrict actions/limits/transactions, so it's a good option too.
Others have virtual cards for this purpose, but these are not offered in a lot of countries (revolut, privacy, yandex money, etc).
You apply for the card online and get it in the post.
I want to resubscribe eventually, as they put out a lot of good journalism. But there is no way in hell I'm doing it until it's as easy to quit as to join.
In the end I just canceled the recurring payment contract at PayPal. A few weeks later I received a 'Sorry to see you go' email from them and that was it.
I'm not sure if credit cards also allow you to cancel recurring payment contracts, but sepa directdebit does (which is the payment method used if you used for example the Dutch iDeal payment method as initial payment.
Depending on the law if your jurisdiction, an email may be enough. Then cancel any future charges on your CC.
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
I cancelled my card and somehow they managed to rescind access.
In the end I took the offer of 25 cents a week for a year, waiting to see how they'll charge my PayPal.
On the other hand I cancelled and re-enabled netflix a number of times. I’m currently subscribed and happy that I can change it anytime.
I remember it didn't exist when I signed up a few years back, and they made a big deal about announcing that I could now cancel/change my subscription online when it launched.
Also, I live in California.
And credit cards do this other obnoxious thing where they update merchants when you get a new credit card. It would be great if they didn't do that because then you'd remember that you are paying for certain services you never use because you'd get a payment declined email. But nah credit card companies just let those scumbag merchants continue their shadow charges under the guise of it being more convenient. Certain services like energy bills, phone bills. Sure, update the merchant with the new credit card. But a gym!? Gtfo with that trash.
I also have it set up to send a text message to my phone any time my card is used.
Got charged some 40 Euro a year later. I was shocked. My first thought was a compromised card. But immediately afterwards I received invoice from VPS provider. I called the bank and asked them how did that happen. They said it's possible. Lucky for me the provider immediately reversed the charge.
The thing is I had cancelled that Amex card almost a year before that charge had happened. It was still charged! I was baffled. Coming from a country where literally every credit card payment has to be authorised via an OTP or password (since as long as I can remember) it was a whole new world for me.
Well, that cancelled card was charged again (almost a year after I had the last experience) when I shopped at AliExpress and forgot to switch to a new card while making the payment. This time I just paid the bill and went around Internet removing that cancelled card.
India did not have the OTP option, RBI made it mandatory to prevent fraud.
privacy.com seems like such a sleek solution.
It's a good compromise between protection and credit rewards.
Dodgy companies like the New York Times even do offline transactions to successfully charge canceled cards. I was able to cancel it by changing payment to Paypal.
I just swapped my subscription to Paypal, then blocked it in paypal. They then spent the next month sending me 8 emails asking me to fix my payment, which I all sent to the spam folder. I'm not a big fan of paypal, but definitely having control over your recurring payments is the best feature.
You can "log into" a London TFL "account" that is effectively just your credit/debit card. That means that, at least in theory, Stripe could let you log in to a "shadow" account as a card holder.
I think the problem is that Stripe (and others) don't want to upset merchants by making it possible for people to cancel "fixed term" subscriptions, where the merchant claims the customer has entered a contract to pay for X months.
Agreed entirely though - I would really like to see privacy.com style "limited authentication value/merchant card numbers" take off more and become a "default". This has added privacy benefits too, as it means for anyone other than the CC issuer, it will become very difficult to link digital transactions.
1. Citibank did this for a long time. They still might. I remember using this in the late 2000s for some online services at the time.
2. Apple and Google Pay both do this as well, though these are all one-time-use implementations.
It's sold as this pretty revolutionary feature that others have done (in some capacity) for quite a while now.
Apple didn't invent virtual numbers, but they have a better implementation than Citibank. It's Apple's MO.
I think privacy.com does a similar service, but I loved to have this feature for no extra cost. I assume it also benefits the CC company a bunch with happy customers and less labor costs since people will be calling less for this kind of situation.
We need to be empowered against these practices.
Btw, Very nice of Netflix to do this!
That's not quite true. The card network can refuse a merchant for any reason, constantly making bogus charges would probably be a good reason for the network to refuse them and that's likely to be the result. Of course you don't see if your bogus charge was reflective of 0.01% of the charges from this merchant or 99.9%
However as I've explained on HN a few times there's an important distinction between two separate payment card processes: Authorization and Settlement.
Authorization is the one with PINs and online referral and even getting a call from your bank about "possible fraud". Authorization protects the bank from fraud by customers (you're a necessary evil to them) and merchants by automatically collecting evidence that both authorized this to happen. Once upon a time that meant taking an "impression" and a few merchants still do that, today it may mean redirecting customers to a half-arsed HTTPS site or an EMV PIN terminal.
Settlement moves money. The merchant tells the network that they want $85.26 from card #1234567890 and usually that will just result in them receiving $85.26
These two systems aren't tied together. If there are two authorizations against your card this week for $20.00 and $35.26 but also three settlements for $19.86, $209.42 and $20.00 respectively, it's likely no alarm bells go off, this is fine, you pay $249.28
One reason it is this way is that while Settlement is essential to the idea in the first place (if the merchants don't get money what's the point?), Authorization is dozens of extra things tacked on over time and so each has to be optional or the system would fail.
This means important safeguards in Authorization don't actually safeguard you, only your issuer (in your case Amex)
For example: Modern Authorization schemes are replay resistant. When you pay with an EMV card the merchant gets a one-time "cryptogram" that isn't reusable. Buying a $5 product, walking out of the store, then realising you needed two, so you go back and buy another $5 product results in two entirely different cryptograms for the two Authorizations. The store can't present a third Authorization because it would need a new cryptogram.
BUT Settlement isn't replay resistant. When (not if, this really happens) an IT mistake results in running all the Settlement for a merchant twice, customers just all get charged twice, again no flags are raised automatically, it will take until either somebody confesses their error or more likely angry customers start calling their issuers to complain.
For individuals the only advice is: Check your statements, demand that line items you can't explain be reversed, and try to pick an issuer who is on your side.
1. Consumer should always be able to blacklist a merchant or provide a whitelist
2. Consumer should always be able to set limit how much a given merchant can ever charge him/her and during what time windows
3. Consumer should always be able to set total limit of charges he/she wants to have at any time
4. Consumer should always be able to get phone number, mailing address and correct full legal name of any merchant who puts charge
5. Consumer should always be able to generate new electronic card number for online usage and dispose off any previous one at will
"Check your statements" is an useless advice. My experience is that even when you find out bad charge, you have to go through hoops and appeals which may take weeks or even months. There are zero guarantees same charge from same merchant won't happen again. The only single case when CC companies are willing to take off charge immediately is when you say you don't recognize merchant at all and its 100% fraudulent. If you say you once authorized that merchants a decade ago, its suddenly your fault and you are looking at writing up justifications which will likely get rejected any way.
You're telling me how you think the universe ought to be but my advice was about how the universe is.
It's simply utterly bananas that all it takes is for someone to get a few numbers from me, and then they have the ability to arbitrarily take my money, making it my problem to dispute it. This goes for credit cards and ACH transfers (which only require routing number and account number). The company who figures out how to fix this will have it made.
To what extent they "have it made" is an open question, but I am curious what you have to say about their signup process.
Very helpful /s
As someone who shops online at a much wider diversity of vendors than amazon.com, My card actually gets compromised about once a year and needs its number changed. I don't mind the hassle because it forces me to update the payment method for my recurring charges. On more than one occasion when I re-evaluated whether I really still needed some random subscription, I decided that it wasn't worth it any more to me.
On that note, I'm amazed how many accounts with outstanding balances have been next to impossible to close out by simply sending a physical check to an address. On the phone, they insist, "If you'll just give us your new credit card number, we'll get this all taken care of now." I respond, "I'm not giving you my credit card number because I don't trust that you'll actually stop charging me. I'm happy to send you a check in the mail to pay off my balance." Then it's often, "Uhhhhh, I don't know how to do that. My computer program requires that I enter your credit card number in this field to process. Please just give me your credit card number and stop making my life so difficult."
By the time everything is said and done (and escalated), they always end up finding a way to accept a check in the mail.
I think the majority instead contacted customer services to manually cancel it. Some also did a chargeback, which companies hate as it is expensive.
But in the end, there were so many sleepers that every time there was a plan to email all customers about an offer, or new service, it was always raised that it might make a lot of customers aware that they have the subscription, or check with their kids if they still need it, so sometimes the mailshots were filtered to active members, or just skipped all together etc. It was an uneasy balance of "don't touch", and never felt nice.
Last year I was contracted back to that company to help sunset the product I worked on years before, writing tools to notify and cancel all recurring payments. A huge chunk of customers was then sleepers that had not logged for 7-9 years. I do wonder how many were surprised when they got the cancellation email! :)
It's beyond insane how, in the USA at least, you give someone a string of numbers and they basically get pull access to your money for what might as well be perpetuity. And that you have to use to a specific bank, Paypal, Apple Pay, etc. to have a system as simple as a list of entities authorized to bill you in the future. And the ability to terminate those permissions.
Just think how well most people would be served financially if everyone was receiving phone notifications when they were recur-rebilled. "$15 to 24-Hour Fitness" popups up on their homescreen. And they could cancel the permission. Or at least just think "hmm, what's that for? Ah, right, I do want to continue being billed."
It takes a lot of mental gymnastics and charity to imagine how this system wasn't expressly designed by and for the enrichment of grifters.
Is there any risk they'd sue you? Or other auto renew services, what do you, or others, think — do they sometimes sue their customers whose credit card expired?
That sounds annoying b.t.w., having to call them etc.
You need write an email with order date, current billing cycle, reference number and more.
All the while there you can manage parts of your subscription through a portal. They just try to make cancellation as laborious as possible.
"Hello sir, this is (collections agency). Can you confirm your address, please?"
"I'll have to end the call then."
I would feel awful if I caved in and paid money I don't owe just because a company told me to.
And those agencies are very happy to assist, since they get a % for their work, and when the money is big. Most of they time it's very productive. Letters and calls are just the first step. A debt of 300$ can get to x000 pretty fast (debt, fees, lawyers). And then they go to court, put financial blocking on your assets, there is a judiciary person in charge of evaluating your assets, bank accounts, they can even freeze your debt from your bank accounts if you are refusing to pay a legal debt.
If you are abroad they will happily wait for you when you will get back, or get in touch via one of their foreign agency and let you know they are near.
If they would really want to get you in trouble they can inform the foreign local authorities about your problems, so depending on the case they can create problems for you.
Have to admit RBDigital ain't the best reading experience but good enough to read The week and The Economist for free :)
I even have PressReader access so many magazines to read :))
I do think a $1 trial is incongruent with their overall pricing.
What are the reasons you feel safe? (Then maybe I could try this me too)
Netflix subscriptions are prepaid. What on earth would give them the idea to sue if your card is declined?
If your current month runs out and your renewal is declined, they just don't authorize you for a second month of service. There's no breach of contract, there's no debt for services rendered, I can't think of a single motivation to sue for this.
What am I missing here?
The latter would be fraud.
What seems more likely is that they would blacklist you if you're obnoxious.
If your rent autobill fails, I think everyone realizes it doesn't mean you don't have to pay. If the credit card for your gym membership expires, I think most people would likewise fear (and has been known to happen) that your bill would eventually be sent to collections. A $5/mo subscription? Not worth the time of the company to try to collect. A Salesforce or Adobe subscription on a card? I certainly wouldn't gamble on that, and would try to properly cancel the subscription.
Excuse me? If the bill is prepaid you bet your ass it means the subscription is cancelled. You can't pay, they don't continue to provide the service, end of story.
> If your rent autobill fails, I think everyone realizes it doesn't mean you don't have to pay.
The difference is that rent is paid after the fact and is typically part of a lease contract. What contract are you signing to get Netflix?
> A $5/mo subscription? Not worth the time of the company to try to collect.
Who's out here providing $5/month post-paid subscriptions? I have literally never heard of such a thing. Metered billing is a different story, but the discussion is lawsuits over Netflix subscriptions.
Actually when I asked, I had in mind subscriptions in general, not Netflix in particular
That's not a subscription, that's metered billing, where you are billed for what you have already used.
Customer marketing and reach out programs were net negatives. They lost more money than they did bring in by a large margin.
ISO 9001 requires to implement some kind of customer satisfaction feedback as to assess customer satisfaction for ongoing improvement.
When the ISO auditors/consultants said that they should do something about it such as sending surveys to subscribers to assess their satisfaction, the Sales & Marketing VP said that if ISO 9001 meant that they had to remind subscribers that they had a subscription they do not use, they would rather cancel the ISO 9001 certification project altogether.
Interestingly at some point they modelled what would happen if the premiums of the older customers was increased and they reckoned they could charge some customers double and they still wouldn't switch. This could have been used to offset price cuts for younger customers and generate much more profit overall, but it was decided to be unethical so they didn't follow the model.
I can't blame them for trying, but it's definitely not a good time to be running a gym.
I now a club once sent a simple questionaire to members who had not worked out in a long time.. just to gage why.. massive cancellations followed.
But it's not quite clear unfortunately how much protection they actually offer. A bad player could still try to enforce some hidden EULA small print that claims to empower them to ignore the cancellation and send bills the old fashioned way after cancellation on the intermediary. I really don't know if Apple or Google are taking effective steps against schemes like that or if they have just been lucky so far that those scammers are still finding enough prey outside of the walled gardens.
(ps: re-reading this comment I find myself sounding more critical than intended, actually I love subscribing through that kind of intermediary, I'd even consider paying extra. I'm just afraid that the protection offered might not be quite as strong as it seems)
The best way to handle Xbox payments is to buy pre-paid codes in the store and use them (assuming that's an option where you live).
(Not that I've ever seen a site on which there was an obvious way to bring the consent popup back up after it was closed, but hopefully one day data protection authorities will unclog their pipes and the fines will start flying.)
Personally, I use cash for day-to-day transactions, credit if I want the third-party record or it is a larger transaction. I never use debit because the protections are stacked against the user, and CC cash back schemes refund a portion of the credit card cartel tax. So not using it except at the bank ATM means I don't have to worry about the number being abused, unless my bank's ATMs are compromised.
not much cognitive load or anything (i disabled sound for these and just check em once a day) and very hard to miss any transactions you didn’t really authorize
I described another pattern here: https://caseysoftware.com/blog/working-for-a-dating-website