I was a happy Newegg customer since their launch, way back in 2001.
In June 2012, I tried to order a camera accessory for my sister’s birthday. She lives over 1000 miles away in Florida. Newegg declined the $50 order, even though I’d selected my usual billing address and credit card (on file with them!). I tried another card. Also declined. I checked with my card provider, USBank, and they reported no problems.
At this point, I called Newegg’s credit department, expecting an explanation and resolution. I said, “My billing address and credit card information is perfect. USBank says there’s no issue. Are you declining the order because I’m shipping a gift to a family member?” The customer service agent couldn’t comment on their fraud detection policies. I gave up and ordered the gift through Amazon: same credit card, no problems.
Sitting in my living room a few days later, I tried to login to Newegg from my wife’s laptop. I simply needed to lookup an old order. I was staring at our projector, and typing on an unfamiliar keyboard didn’t help my typing accuracy. Two wrong password attempts made me second guess myself. Then a third wrong attempt: Account locked!
I called Newegg expecting to quickly regain access to my 10+ year old account. The service agent said she’d have their fraud department look into the ban, and based on their decision, it would be usable again in 1-2 days. Newegg never followed up or restored the account even after I proposed, “So, you’re telling me to shop at Amazon?”
Fast forward to last night: I’d still been using our [separate] company account with Newegg to buy toner and office computer equipment, and decided it’s time to replace my five year old dinosaur of a PC…
Two minutes after placing a $1287.50 order, Newegg sends an email to the company, “Payment Authorization Failed”:
Again?! This is the same USBank Visa we’ve used to place Newegg orders all year! The company has a high spending limit on this particular card and we regularly charge large material and equipment purchases to the same card. All billing, shipping, and card information I’d provided was 100% correct, accurate, and legitimate.
So I call USBank again. The rep says, “Oh, Newegg? They’re one of the biggest sources of fraud we deal with. We automatically decline large orders.” He went on to mention that he and his wife recently spotted a fraudulent $3500 charge from Newegg on their own USBank Visa–and they don’t even have a Newegg account.
He kindly transfers me to 2nd level support. After re-answering all security questions and explaining that we really do want to charge $1287 to our Visa, Mr. Level-Two says, “Okay, can you try to re-submit the order at Newegg? It should go through this time.” Newegg instantly declined the card a second time.
He says, “Hm, I’m going to transfer you to the next level support. They’ll be able to help.”
At level three, I answer security questions for the third time, then ask Darleen if she really has the magical powers necessary to authorize my legitmate company purchase. She says she does. I re-enter my card at Newegg and the order finally goes through.
Online Credit Card Processing is Broken
I completely understand the importance of preventing fraudulent activity, and avoiding chargebacks. Fraud scares consumers, and businesses ultimately lose money dealing with chargebacks.
My company has processed a few thousand credit card orders in the past quarter, with 0 chargebacks. We cater to a niche market, so fraud isn’t common through our online store. Yet, we observe 5+ declined credit cards each day. The majority of these customers have made a small typo, or can’t remember if they’ve updated their billing address after moving to a new home/apartment. In all but a few rare cases, our customers’ declined cards are false positives!
Trading Buying Freedom for Security
Searches for declined credit cards turn up similar stores like my own:
- Smart Money – Credit Card Security: Too Much of a Good Thing?
- Reuters – When Your Credit Card Charge is Denied
To stop fraud, we need to stop allowing purchases to be made solely with the information that appears on the card because this is not secret information; it is basic information about an account. This is not something that merchants can fix alone. Merchants already have to foot the bill for chargebacks, and PCI standards are really just an attempt to make merchants responsible for maintaining the security of what is, at its core, a payment system that broke in the 1990s. CVN didn’t work–10 years later, we still have to explain to consumers where the number is because the card associations have not spent enough effort educating the public and, quite frankly, they don’t care. To use a credit card, anywhere, you should have to swipe it (PCI is still relevant in this scenario). Period.
Fixing Online Purchasing Security
Credit Card Authorization via SMS
“Do you authorize purchase of $## from Store-Name-Here? Respond ‘Y’ to authorize charge to your credit card, ending digits ####.”