> I just don't see the value in requiring someone to know the domain's > username and password before they can renew a domain. Can they then tell me > since they renewed it, they now own it? Well they can try, but I don't buy > that argument either.
We could have left our renewals wide open, however we made a business decision to require the username and password on renewals to cut down on credit card fraud. In theory, if someone knows the username and password associated with a domain name, they are likely to be the owner/registrant and have a real interest in the domain, therefore they most likely will not attempt using a stolen credit card to renew their domain. It's also good evidence when someone attemps a chargeback (i.e. "I didn't authorize that charge").
