If a retailer incorrectly hellbans a customer, that is, they tell the customer that their card will be charged, and that the goods they ordered will arrive in the post, but without the intention of doing either of those things, owing to a genuine mistaken belief that the customer is engaging in credit card fraud, but lying nonetheless... are they leaving themselves open to legal action from the customer? From regulators? I'd expect the bad PR alone to be a worse hit for a retailer than a bulletin board.
- Hellbans are made via operator decision
- Hellbans are reversible and all customer support channels still work for a hellbanned user
Also, why not just return "all charges as invalid" if the user has been Hellbanned?
What use is there to continue the charade, by in effect, providing false-positives to someone that will then go and act on that information and commit larger fraud? (by charging larger amounts with the stolen card).
I understand the sentiment -- just a little fuzzy on the execution IMO.
If you are careful only give them FALSE positives (for good cards, decline), then when they ATTEMPT to commit larger fraud with the bad card they will be stopped.
I've had experiences on a few sites (notably, RyanAir always seems to have problems) where I may try 3-4 cards, sometimes multiple times, before the transaction goes through.
Note that I have a few US credit cards, plus bank accounts in several countries & currencies... they're all in my name, but I wouldn't be amazed if I triggered some company's automated fraud triggers simply because of that.
If they hellbanned my purchases, I'd be seriously pissed... though I totally understand the OPs reasons.
I think as long as this has human review I'm in favor -- but if not, that's risking being seriously cruel to a legit user who simply has a non-normal interaction for unpredictable reasons.
And - if we were talking about $500 speaker sets or something, we would be talking about bad PR. But if a false positive fails to receive a $2 item, well, I imagine that would have to be a lot of false positives to lead to a net effect of bad PR.
Given you didn't save their credit card, issue a receipt stating payment was received in cash, or accused them of a crime what exactly is the crime being committed here?
Perhaps more hoax than fraud?
If there were too many false positives I would also expect to attract attention from Trading Standards --- false advertising? --- and they might be satisfied that you're making honest mistakes, or they might insist that you overhaul your fraud detection procedures or your customer communications, but either way they will suck up some of your time.
(This is from a UK perspective.)
Probably section 17200 and 17500 of the California code. If you create the impression that a transaction has taken place, without actually performing one, that is fraud.
Since my card would never have been charged I don't think there's any fraud or legal actions that could occur.
I leave it turned on, because while hellbanned users don't often contribute a lot, many of their posts are still interesting.
For example, take losethos, who is afflicted with schizophrenia and writes his own operating systems so he can make music with God. (You'll have to turn on showdead to see his comments): http://news.ycombinator.com/threads?id=losethos
I no doubt misinterpreted your comment.
Rather, I find it to be a interesting window into the mind of a highly intelligent programmer afflicted with a tragic mental disorder. I enjoy reading his comments because I feel it allows me to understand, if only in a tiny way, what he's going through (although maybe this is simply hubris on my part).
If not, I find it hard to believe that after long enough a period of time of noticing absolutely no activity on your posts, people won't catch on.
Also, yeah if someone is a troll I feel like it's 100% fair game to troll them back. And this is the best counter-troll of them all. I had exactly the opposite reaction of yours when I found out about the shadowban - finally! Some way for us to fight back and give them a taste of their own medicine. Assholes that they are.
There are only two problems with this - one, when people are shadowbanned wrongly/arbitrarily with no right to a fair and speedy trial in a court of their peers, and two, hypocritically I have a tendency to troll sometimes and this may or may not suck >_>
I can only speak for myself, but I got slowbanned for just being argumentative several times, and the fact that I got NO signal other than "somebody didn't like something in the hundreds of posts you wrote" means I can't really get invested in HN further than the comment I am reading or writing at any given moment. There is zero rhyme or reason and no class to such a process, and for all I know I just get punished for pointing out a truth someone likes to delude themselves about; so I can't even regret anything without knowing what the supposed error was. I just argue less because at the end of the day, what do I care if someone is wrong, and why spend, say, moral outrage or humour on a site that doesn't get or appreciate it, instead of letting it build up and blogging about it? That way everybody is happy :P
That said, for something like credit card fraud it actually seems smart, just like it might be for cheaters in games, or wherever you have an actual clear definition of "crime". This is not the case here, and it shows sometimes.
Also most [dead] comments I see aren't from hellbanning.
Generally astute people notice when, if they are talking to someone, and that someone is answering in monosyllables and not paying attention that the conversation is unwelcome. It often isn't all conversations, sometimes its just this conversation. People are busy, people are distracted.
I am often surprised when hell banned people say really outrageous things, and nobody responds, how do they rationalize that? Do they consider it incomprehension? Silent agreement?
Finding effective ways of detecting someone who deserves a hellbanning vs a college campus which has all users behind NAT who will all be upset when the cards they ordered don't arrive as expected (let's assume users don't check their statements daily so won't notice a lack of charge) is a difficult task. It's quite the tightrope you end up having to walk.
That said, I'm in no way suggesting that payment services need to take up this responsibility at the expense of protecting legitimate users.
That being said I feel like this is way it should be handled online, something like hellbanning being the last option. Unfortunately the difference between real conversation and online is that online a person can simply reenter a board with a completely different name or "face," it could be literally impossible to tell whether a new board spammer is a first-time offender or someone who's been peacefully told to quit in the past. I'm not sure that off-line morals and psychology applies here in the same way
1 second later it seems I'd given this blog the equivalent of a thumbs up.
wtf? Dear plusbryan. -one kudo. THEN -another kudo for having a stupid system. In fact, -two.
I hover over links to see where they go, comics to see their title text, and vote-buttons to see where they're from. That shouldn't and does not indicate my approval of this article, and I can't reverse it.
> meaningless number
To nitpick, if it was really meaningless, it shouldn't be part of the page, atleast not under the title "kudos" or under the disguise of endorsements by X people.
Well so it carries as much meaning as a Facebook like button.
Regardless, I would care more for the content of a page than the brand or endorsements it received.
His joke's on us.
There's also a new branch that looks very different: http://natewienert.com/
You might be thinking of WP-Svbtle which is closer to an exact copy.
Apologies for making an off-topic "correction" like this, but Nate Wienert seems like a nice guy so I hate to see his project unfairly accused.
My mistake then
Dear Svbtl. -one kudo in general. THEN -another kudo for having a stupid system. In fact, -two.
Of course, you mind. You hellban them for crissake.
Catchy title though :)
Once you see a user go through 3 cards, each failing the authorization, fail all subsequent purchase attempts without passing them to the bank. If you feel like tar-pitting the guy, show "timed out" errors and tell to contact the support or ask to try again with another card. Legit customers will contact the support and the frauds will continue supplying you with stolen credit card #s, which you, of course, will diligently log for the future reference.
I don't know what's up with their CC processing, but it has never worked for me on the first try/first card.
I have 3 US credit cards as well, one business and two personal -- the second is just a backup for if the first fails (and when I'm traveling, they fail frequently). It doesn't cost anything to have a new card (if you don't carry a balance), so it's useful to have a backup.
30 cards sounds like someone with a serious debt problem. Separate credit/debit cards are a really useful distinction -- in particular, I can maintain much higher security for my debit cards (and not use them online); a credit card purchase can be disputed without the money already being gone from your account. But they're certainly dangerous (given how people tend to rationalize spending money they don't have...), and carrying a balance on a credit card almost certainly means you're doing something wrong.
They make it really easy to live beyond your means; I got burned by that a couple of years out of college, clawed my way back out of debt over a few years (fortunately with reliable income and low expenses!) and haven't made the same mistake again.
If they are not charged and then system tells that order is sent, that is not much harm. I know, not the best condition for a customer but acceptable to stop cc fraud!
There's no real channel for reverting the hellban once issued since you've pretty much permanently assumed the user is malicious and can't be trusted.
A few cases I could think:
- User loses card and cancels it, but finds it again and uses it without realising.
- A single piece of information the user has provided is wrong, but the user repeatedly resubmits without realising. Eventually you hellban them, but they're actually a legitimate customer who made a mistake, but now you can never have them as a customer and might be feeding false positives to them and ignoring their calls for support after they fail to receive the product.
In the end, it doesn't seem like you're saving yourself (you mention Walmart as the one that usually suffers) and from my point of view you're shooting yourselves in the foot, as you could accidentally hellban a legitimate customer which could result in a bad reputation.
It is not Walmart that suffers, but the thief trying to use a stolen / fraudulent card at Walmart that suffers.
OP mentions it is a automatic and manual process of hellbanning. I am sure they will have the corner cases covered.
I run a B2B SaaS company that attracts its fair share of fraud. If we simply string these bad actors along instead of banning them outright I think we would see a decrease in fraud attempts.
Of course this would only be a manual thing. The vast majority of our customers come from sales channels and not through the web or search referrals. This will work great for us as we already have a manual account approval process. Instead of banning them, we'll hellban them.
If you have anything less than 100% specificity with your fraud detection algorithm, don't you risk running into trouble because of violation of a contract (or something similar, IANAL)?
If you never process the card and simply give them their 'digital content' or (in this case) mail a card to an address then you aren't violating anything. It'd be the equivalent of making a magnetic card reader out of cardboard and pretending to swipe it before handing someone a cup of lemonade.
Even if you never mail the card I don't see where you would have anything legally binding as you never processed the card in the first place. (IAANAL)
For one system I worked on we did this for legitimate purposes. It's a long story but it was around devices people would walk up to and use their card to buy stuff... if the machine was unable to process we would simply give them their stuff. The internet connection was crap and it failed about 20% of the transactions and we ---really--- did not want this thing to come back with an error 20% of the time, so it was just better to give them away for free. Eventually we fixed the internet issue but kept the code in there just in the off chance it happened again.
You try to detect/block immediately - if a thief wants to check 10 cards in 5 minutes, you want to block him in the middle of it. And you immediately revert/cancel any transactions that succeeded so that you don't get chargebacks.
I like it!
Upside is that it slows down the thief. Downside is that it will cause legitimate users to rain hellish social comments down on your head.