, 12 min read
@Elliot
I don’t know what the law states, but it seems clear that I have limited responsibility. Of course, in this case, the fraud is relatively small (a few hundred dollars).
I don’t know where the porn companies are based, but the company that accepted payment is in the US and I am Canadian.
Christopher Smith says: Posted this on G+ as well.
Join the club. I was fortunate enough that my card wasn’t used for porn sites, but for far more pedestrian things. I claimed fraud and they started an investigation. It took two months, but they did reach the conclusion that it was indeed fraud and I was reimbursed. Even if they won’t believe fraud, you can make a credible claim that you didn’t receive the goods and therefore demand a charge back.
My suspicion is that because it was porn sites, they were skeptical, as it isn’t all that uncommon for porn sites to get fraud claims once a significant other or some such sees curious names on the bill. I think it is a trivial amount of work to get the IP addresses tied to the signups/purchases on the sites. If they all correlate back to your home, workplace, or surrounding area, I could understand skepticism on the part of the credit card company. Unless your machine itself was compromised though, I’d expect it is far more likely the IP’s aren’t even tied to the country, so you’ll have an excellent case for demonstrating fraud (you and I may know how to fake that, but it’d be seriously weird to go to that kind of trouble). I’d be curious about user agents too. If the hack was pulled off by compromising your computer, you may have a bit more trouble.
The other thing that ought to make for a very strong case is the fact that somehow, with no prior like behaviour, you created multiple charges all at once, to one merchant, and no others. This is much more consistent with fraudsters running a stolen card than a real customer.
As I understand the terms of credit card merchant agreements (and I’ve been on the merchant side of this more than once), if a customer initiates a chargeback, then the burden of proof is actually on the merchant, not the customer. If a bunch of customers all initiate chargeback claims, it gets particularly messy for the merchant. The porn industry folks are used to this stuff, so they may put up a fight more than most, but if you play hard ball with the merchant, they usually will investigate it on their end (probably nothing more than checking IP’s and user agents, but still, that would go a long way) and reimburse you whatever you want rather than risk a chargeback. I would think they could at least share the information and time of day information with you, and close out any accounts associated with your credit card.
I looked up the whois information for one of the domains and got back BangBros, which is a pretty established porn producer, so it seems unlikely they are directly in on the scam (it is always possible an employee is running their own scam). Since they are in the US, that means this constitutes wire fraud, so you can go to the FBI (who are much more sophisticated about this kind of thing). Particularly if your e-mail address is involved, there is reason to believe that you will next see your personal information sold for identity theft (seriously, once you have an e-mail and a credit card number, how hard do you think it is to get the rest of your information? and in your case there is plenty of public information out there too), so there is good reason for them to at least open a file on your case. If they reach any conclusions, this can obviously be used to validate that this is fraud.
You should probably call your bank(s), etc. and have them put a hold on any new requests for lines of credit associated with your identity. It make take several months to show up, but odds do not favour this being the last case of fraud from this incident.
Fabricio says: here in Brazil, as oddly as one might think, it is somewhat easy to get the money back. The credit card companies and the comercial establishment have the liability of verifying the transactions.
If a consumer states a transaction as fraud, he won’t have to pay for it until proven otherwise; which makes more sense.
Of course the companies don’t make that as simples as it should be, but most cases are solved a lot easier than what you had to stand.
Let me re-iterate what Chris says in the last paragraph: you absolutely need to make sure the banks now not to approve credit with your information. Do the same with the large credit bureaus – I know for sure that Experian, Equifax and Trans Union all have Canadian branches. Contact them and block your file with a password or you might find your credit score ruined.
Justin Dossey says: Your credit card was probably one of thousands being used for affiliate fraud. The big porn sites have affiliate programs, where people who refer paying customers get paid a percentage. The scam is to steal a lot of credit card numbers and use them to make purchases via these routes, and ideally they will be paid by the program before the owners of the stolen credit cards notice the fraudulent charges and initiate a chargeback. Since time-to-dispute may be as much as 50 days, it’s an effective gamble.
David Allyn says: I do think it’s ridiculous that credit card companies put the burden of proof on their customer, however I understand why. It’s simply more cost effective to make the customer do the leg work than pay someone to do it. At least the first “gate” of the cases is make the customer contest it (There are so many customers that even loosing thousands of customers over various “burden of proof” cases, it might only represent .001% of their revenue).
I guess it seems a little short-sighted for developers not to have incorporated the storage of both the merchant’s and the purchaser’s IP address on an electronic card transaction (maybe there are legal issues??). That would have made it much easier for the customer service person to see that the purchaser’s IP address is not near your home.
Daniel says: “How do you prove such a thing? You do not.”
Actually, one useful way to prove such things I found in Michael Lewis’s Liar’s Poker. I’ve used the methodology in the past, and it has saved my ass a few times. Lewis did his undergraduate degree in Art History, and the method is similar to how art historians prove provenance of an art piece (used under specific conditions of course). If someone has copied a particular art piece, and you are suspicious that they actually produced the piece, you ask them to re-do a similar piece. Lewis did this while working on Wall Street in the 1980s when someone plagiarized some financial analysis work that was well received by his bosses. He complained about the plagiarization, and the burden of proof was shifted onto Lewis to prove that it was his piece. Via his art history knowledge, he asked the plagiarizer to redo a separate analysis, while he did the same. While it can never show conclusive proof that he did the original analysis, it did show that he had the chops to do a separate piece, while the plagiarizer didn’t.
Notice how you offered them access to your email account. That’s the sort of thing that mirrors the art history method. Build up a solid history of events (internet history, credit card history, bank history), and show that you didn’t actually partake in the events, and that the event in questions matches a separate “artist”.
Comments are closed.
You should still try to challenge the porn companies. They failed to verify the email address the frauder(s) used. This is a privacy issue. If your country have a consumer privacy organization, file a complaint to them. Let the pron companies know you are a hard cheese, probably they will refund you from their side. Same should be done to your bank too, but banks usually operate according to the law, so it’s hard to bring them to their knees if the law states it’s your responsibility.