You obviously have invested time in fighting chargebacks and whatever system you developed.

I fought chargebacks for about 3 months or so. I thought everything was going great and I was getting success reversals day after day. I was giddy that so many were being ruled in my favor. I thought the banks really do care about the merchant :thumbsup

Unfortunately, :( , I started getting those nasty second chargebacks. I initially didn't realize they were second chargebacks and the bank simply telling me I couldn't fight it. But, no, not the case. Visa and Mastercard word it differently but it is simply a second chargeback. The process for that to happen is the customer simply tells their bank again, I DIDN'T AUTHORIZE! Bam, now you are dinged another $25.

I analyzed my numbers and I was at exactly $0 ahead by fighting a shit ton of chargebacks.

What's your second chargeback numbers look like? If you aren't counting them, I recommend doing so and then put a spreadsheet together to analyze.

This turned out to be a pretty good business thread. :thumbsup

We can always fuck it up somehow...

Yes, we coded up our own system that's mostly automated now. In the past I was doing it by hand (filing out every dispute form) but as the sales grew, so did the CBs, and I said 'fuck this, i ain't wasting my time on this shit'. So i told our programmer to conjure sometheing up and make it automated, no excuses. And he did (fucking brilliant guy but slow as fuck)

I dont think many customers are willing to challenge the chargeback dispute because of the domain names associated with it (gay and obscene straight). And the proof we give to the bank is almost 100% solid, customer can't say "it wasn't me".


But like I said, we are having problems with fucking join emails going straight to customers spam. So they dont get the info on how to cancel, support password reminder, etc. And they start bitching and asking for refunds.

I already told you what to do. I had the exact same problem. The problem was solved by signing up for Google mail for business for all emails, using my domain. Google SPF is iron clad never goes to spam.

Engaging Beaner/Plaster can be a drawn out lost cause, you've been warned, no hate to Beaner/Plaster :2 cents:

You can use third party services like https://sendgrid.com/ to send your transactional emails.
It's super cheap and will help a lot.

Very easy to intergrate, and they alow adult (transacitonal)
See: https://sendgrid.com/solutions/transactional-email/

I recomend https://www.threatmetrix.com/ instead of iovation

Apparently so do you

Shockingly so, as soon as the many with no real knowledge of billing started reading instead of posting it got quite good.

iovation is indeed just one of the solutions that is available out there... There are many ways to prevent fraudulent customers from coming back..

Are you sending from an adult name? My customer support emails are all mainstream sounding names. Listed on billing statements and the contact us. If all settings are correct maybe your email url itself is getting caught by yahoo profanity filter or something.

But most hosts will tell you till the cows come home all email settings are correct, when they actually are not. It's usually the rDNS email setting that is not configured correctly.

The horror!

Yes I agree prevention is the only effective solution. We do reverse a few chargebacks thanks to the 3D secure that is optional (so no customer friction), but it does just a little.

Automated prevention has limits, fraud guys with nice IP addresses, emails and cards will make the transaction whatever AI systems and db's you employ. Also we got some 3d secure yet traud transactions (phishing forms also ask the 3d secure pass...) and I feel a little bad in reversing legitimate chargeback just because fraudster stole the 3d secure pass and I can reverse.

So the real prevention it is: human staff of yours to refund the suspicious transactions as soon as happened. We refund a lot of suspicious stuff and the few times we don't do because we're not sure, we get chargeback, in fact if a transaction it looks suspicious, it most likely is bad.

In case of cams, this is worst than with prerecorded content paysites - such refunds (and card blacklist) must happen before that the cash was spent with some girl. In fact, it does not look nice to chargeback the girls, is not the girl's fault if she shown to a fake money guy, the girls expect the site to be in charge of that. In fact, we have a chargeback insurance/protection of up to $250 per girl per 15 days period (which translates to $500 chargebacked, at 50% we pay to the girls).

So for a cam site, except the $25 per chargeback transaction, and the fear of hit 1%, there's also either 50% of the spent money you should pay at your loss to the girls, or, passing the chargeback to the girls which make you lose girls. Now, I remember we have NOT chargebacked any girl in the past 12+ months as none reached the $250 limit, and that happens the most years, no chargebacks.

So as a matter of curiosity I just went to check our chargeback ratios.

The 1% limit is $10k chargebacked every $1M sales.
I just checked our VXSbill reports. For last $1,038,505.00 of sales, we got $690.95 chargebacked.
This is $665.33 per $1M, or 0.06%. We can chargeback 15 times more, before to hit 1%.

I believe 0.06% (per $million) is record low CB ratio; and it always been low in past years - except a few times when we got a $4k chargeback and a $6k chargeback, at once, both quite special cases.
But 0.06% it is not just us being cool at spot frauds and refund quick. At least half of the transactions is whale we have in site since years, so safe. And regarding new guys, most of our chargebacks (or more exactly, transactions we refund quick to avoid chargebacks) come from affiliate traffic - not from our own traffic sources. Either plain frauds of affiliates trying to get the $80 PPS, or simply they send traffic that contains an high % of fraudsters, I even told some affiliates to removing links, and they had in legit tgp's or toplists next to other cam platforms, but for us it was not worth as 1 every 3 signups was fraudster, all different guys, perhaps that's the wild wide open internet?

I am pretty sure that if we had as much and varied traffic as a chaturbate or myfreecams, we would have way higher chargeback ratio whatever the 6th sense of risk department. CC's are a "technology" from 50 years ago, plastic cards. They wanted to be used on internet but it's absolutely not suited, see "CARD NOT PRESENT" chargeback reasons. This includes "friendly fraud" which is not friend at all, i.e. a guy spends then say it was not him, need to use guess and pick who to trust, that's from middle ages, before technology existed. In fact internet banking uses 2 factor authentication, with one time PIN generator hardwares, or one time passes sent to CELL each login and such. Some 3d secure is already one time pass, but most use a static pass that can be phished.
Even my cell Samsung phone you can't unlock with a pass, but with my finger only, yet is normal that guys can spend thousands dollars then say it was not them (or - it was not them really, and it was a mexican or vietnamese kid).

Ending note: bitcoin transactions it can't be chargebacked. We support bitcoin sales since years, and we get nearly no sales in bitcoin. You know what? If there was a Visa/MC system in place that can't be chargebacked or faked, perhaps people would not use it exactly because of that :)

Yes, we are sendinng straight from our website domain name, whith porn related keywords.

Do you think it's better to send from a different domain and not include the website address in the email body?

What about affiliates? NATS credits the sale to them and you can't take it out, so you have to pay affiliate on that refunded sale, and it's money lost.

We're fully custom and not using NATS.
If an affiliate sends sales that we refund, we tell the affiliate (even send email etc.), and if an affiliate causes too many refunds, we normally tell that is better if he sends that traffic to others. As a cam site we may be very different from photo/video sites I understand - a video site gets many guys who spend $20, a cam site get few guys who spends hundreds or thousands, also they chat with girls and we can see if they write broken english or tell I am from nigeria (some do). Even they pass skype to girls and we add them and pose as girls to figure their home address to send bad guys to punch in nose (joke), if chargeback, is a totally different story than prerecorded content sites.

Most of those scammers run like hell when they see our 3ds -- I guess they move on to easier marks to scam. I am good with that ... My 'sale' lost may be your next chargeback :2 cents:

Just a question regarding 3D secure

I've been recently reviewing some transactions and see an account that has a clear fraud pattern. Multiple names on cards attempted in a short sequence incl. female names etc.

However, what surprised me is many of these purchases (incl. those that were immediately reported to the biller by its cardholder for refunding) went through as 3D Secure.

These were $ 100 token packages so this should require a 3D secure verification. Of course this may differ depending on the issuing bank, for example with my bank I have it set so that an SMS verification is required with any online purchase over $ 25.

So how come these $ 100 packages went through as 3D secure if carded? All these cards were US and Canadian.

nice thread...what a change

Gotcha. I think there is such a feature in NATS but i dont want to piss off affiliates much by taking out refunded sales from them (because we already deduct chargebacks from them)

Thanks for the info.

Most of the Issuing banks in US are not 3D enrolled, and they do not accept payments to be made on 3D merchant accounts

They block 3D merchant terminals and your approval rate will go down.


Mitch, (or anyone else) care to chime in ?

I have seen our processors decline the transaction on 3ds sometimes. My guess is that it is a reported stolen card used.

I can change my 3ds password at one of my banks with my birth date and the last 4 digits of my Social Security number (USA). If someone broke into my house, or knew you, they might well have that information?

I see carders using multiple cards with different names too. Usually they are on my proxy/VPN list (not mini-fraud only)

#curl https://ipinfo.io/8.8.8.8 you can do this in real time and scrub.
https://github.com/arineng/nicinfo nicinfo is written in ruby you can scrub ASblocks with it

By scrub: I mean 3ds ONLY or GTFO -- some legitimate customers will use proxies and VPNs. They are at work fucking off and don't want to get caught. They are in countries that cut your head off for doing or viewing porn or cams.


A reversed charge does not count against your charge back ratio with the credit card associations. A reversed charge with -0- loss (for a good reason) I have no issue with.

Of course, I don't like to leave money on the table but you will toss some wheat out with the chaff. I have people that refuse sms verification too. I don't know if they are carders or people with privacy issues.

Ultimately, we want operate an 'internet wallet' using SEPA and ACH. However, this would deny impulse purchases. I think most of our established customers would fund their wallets with $100 -$300 to avoid the billing hassles. There are regulatory issues however -- a merchant can sell his own goods on any terms agreed. MTA (money transfer agents) like VISA, PayPal are subject to US MTA regs and similar regs in the EU. This is a direct sale with the customer -- different set of laws ...

Some not most.
Chase does
Bank of America does not
Bank of America N.A. does
Capital One does
First Merit does
Ally does not (on their debit cards)
List goes on

Enjoy wasting your time trying to fight your charge backs -- I have better things to do with my personnels' time -- like fraud prevention :2 cents:

3ds is a tool not an absolute.{*** except for hard cases -- suspected carders or Proxy or VPN users}

Also there is no "3ds" terminal -- the customer is redirected to his issuing bank's URL and imputs his verification on that bank's server. SSL

Yes most 3d secure passes are static and stolen.