On Fri, 9 Mar 2001, John Braden wrote:
> The new approach is that the offerer is making available a "free" item,
> but it is only "free" if the user beforehand submits the credit card
> information. In doing so, the offerer is gathering the credit card
> information without a contractual commitment on whatever the resulting
> contract will be. The user is then faced with a fall through situation
> in which the offerer is free to bill the credit card without the user
> being aware that the request for the "free" trial or offer subsequently
> caused a billing situation.
Unfortunately, this isn't *only* used as a pre-approval mechanism. Credit
cards happen to be a very good way of authenticating an anonomous user.
Doing verification sometimes allows a company to limit its exposure to
false disclosures.
> I only bring this to our group's attention because we have been faced
> with this situation with people wanting to get white papers on various
> subjects, only to be faced with reprimand for disclosing our credit card
> information inappropriately. We have since issued instructions in our
> asset protection and security policies indicating the danger of fall
> through contractual obligations and releasing CC information without
> proper approval. Those of you who are involved with asset protection
> might want to consider limiting activity of this type.
I'd hazard to guess that adoption of a verification policy that says
"free" is much better than one that charges a minimal ammmount to the
card. I think we've done $5 charges for something we'd rather give away,
but needed to limit abuse on, I can see where we'd have gotten higher
adoption with the card as a verification check with a $0 charge.
> Not all security issues on the net are technical in nature.
Not all potentially abusive practices are made with only abuse in mind.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
