[shifuimam]

So my boyfriend got hardcore screwed by PayPal. He runs an MORPG server, and one of his players decided to randomly file "unauthorized charge" retractions on nineteen payments to him (users can give him real money in exchange for in-game currency to buy stuff for their characters). The total damage? Over $400, plus another $190 in fees ($10 per transaction).

PayPal has decided that the guy who claims his card was stolen is telling the truth. This makes no sense - the person who made the transactions used the in-game currency to buy stuff, and he's the one who messaged my boyfriend and said that his card was stolen. If his card was stolen, how was he able to use the currency that someone else supposedly purchased with his stolen card?

At any rate, we're trying to fight PayPal over this, but the entire experience (and the relatively large financial loss - this was like nearly 20% of his total donations in 2008) has left one nasty taste in his mouth for PayPal. I haven't had issues since I only use it for eBay and MacNN, but he's looking for something else that is a little less risky for accepting payments.

Problem is, a decent chunk of his players are outside the United States. We're going to use Revolution Money Exchange for transactions in the US, but does anyone have any suggestions for a PayPal alternative that has less of a chance of hardcore screwing him like PayPal has?

[starman]

Which MORPG game does he run a server for?

[shifuimam]

It's an OpenTibia server.

[starman]

Ok, from the two seconds I had to do a little research on this, it seems to me that running a private server is in violation of the Tibia TOS.

Tibia is a free game:

http://www.tibia.com/mmorpg/free-mul...aying-game.php

And this site: http://forums.digitalpoint.com/showthread.php?t=218547

says:

"An OT Server, technically speaking, is an illegal use of CipSoft's Tibia Client. However, the server program that is being used to contact that Client (i.e. Neverland, YurOTs, etc.) is not illegal."

What this means is that PayPal, or any other payment institution may not be able to protect you because you're violating the TOS of Tibia.

The rest of that link shows that money given to the owner of a private server is not, in fact, a payment but a "gift".

Tibia does have "premium accounts"

http://www.tibia.com/gameguides/?sub...ction=accounts

But if you're running a private server, you're violating their TOS.

At least that's what I gathered.

[besson3c]

I hear you can do anything at zombo.com.

The only other one I know of off the top of my head is propay.com, but it's been years since I used them.

[shifuimam]

Well, he called PayPal and convinced them to reopen all the resolved charges (all of the transactions under $25 had already been resolved and he was in the red by several hundred dollars) and actually look at the evidence he uploaded regarding the dispute, but we definitely still want to find something else for future stuff.

Is Google Checkout any good? Has anyone used that for this kind of stuff?

[shifuimam]

Originally Posted by starman 

Ok, from the two seconds I had to do a little research on this, it seems to me that running a private server is in violation of the Tibia TOS.

Tibia is a free game:

http://www.tibia.com/mmorpg/free-mul...aying-game.php

And this site: http://forums.digitalpoint.com/showthread.php?t=218547

says:

"An OT Server, technically speaking, is an illegal use of CipSoft's Tibia Client. However, the server program that is being used to contact that Client (i.e. Neverland, YurOTs, etc.) is not illegal."

What this means is that PayPal, or any other payment institution may not be able to protect you because you're violating the TOS of Tibia.

The rest of that link shows that money given to the owner of a private server is not, in fact, a payment but a "gift".

Tibia does have "premium accounts"

http://www.tibia.com/gameguides/?sub...ction=accounts

But if you're running a private server, you're violating their TOS.

At least that's what I gathered.

It seems like what's technically a TOS violation is using the official client to connect to an OT server. Running the server itself isn't illegal, since there are open-source and other clients that can connect to it.

Either way, we *really* don't want to get screwed out of $600+...

[starman]

Like I said, I only looked at it briefly. I know that other MMO private servers not only get shut down, but if they're found taking money, there can be DMCA violations issued.

You may want to look into this more, especially since you're taking money for it.

[shifuimam]

I was asking the boyfriend about this - I don't think he's doing anything out of the ordinary. So far the originator of Tibia, Cipsoft, hasn't gone after anyone running an OT server. Plus, unlike WoW (which is what I'm assuming you're referring to), Tibia is based in Germany, so I'm not sure that American copyright law can be applied here.

Plus there's no mention in the PayPal dispute of what server is being run; just that money was used to buy in-game currency, and the buyer reneged and is trying to get all his money back.

The DMCA needs to be lit on fire, srsly. It's way too easily abused.

[starman]

I hate the DMCA. I understand what they were trying to do with it, but it went way too far.

And yes, I was talking about WoW, but there are other MMO private servers that are run as well. WoW just happens to be the 800lb. gorilla in the room.

I didn't know Tibia was based in Germany. Interesting spin.

[shifuimam]

Yeah..there's another one called Ragnarok Online - they're in South Korea. I guess they took down a couple of the really big servers, but Cipsoft so far hasn't done anything to anyone running an OT server. Apparently it's more or less considered the responsibility of the players to do the right thing when it comes to client choice.

PayPal is going to be investigating all these payment retractions. Hopefully we'll come out the winners.

[brassplayersrock²]

good luck with getting the money back mam

[Chuckit]

Isn't the possibility of chargebacks inherent in accepting credit cards?

[shifuimam]

Well, I find a couple issues with that.

By accepting PayPal, you don't get to control whether or not the person is using a credit card to fund their PayPal purchases.

Not only that, but the whole idea of the credit card company charging a fee for the chargeback is ridiculous. It's not PayPal's fault (nor is it mine) that someone was stupid enough to (allegedly) get their card stolen.

It sucks when your card gets stolen, but I don't really think that retailers should be liable for that - especially not with something like PayPal. It's one thing for Wal-Mart or Target to lose a $500 purchase because of a stolen card. It's quite another when you're a normal person who doesn't take in more than a grand a year in PayPal transactions.

At the end of the day, I suppose that yes, it's inherent to accepting PayPal payments from someone. However, this person is very very obviously trying to screw us (we caught him trying to transfer his high-level character's equipment and money to another account's character so that he could keep playing the game).

[besson3c]

shifuimam: maybe if retailers would start checking ID and thinking about their security a little more this kind of thing can be minimized? Why is it that even though my credit card says "SEE ID" on the back, nobody ever does? Have you read the site/blog about that guy that wanted to see how much he could get away with by signing things like "Daffy Duck" and "X"? Even buying big expensive TVs and stuff like that, retailers were just happy to brainlessly swipe his card. It would be *way* too easy to go on a buying spree with a stolen credit card.

So, I'm not disagreeing with you, but I think that there is another part to the problem.

[shifuimam]

Oh, I totally agree.

My boyfriend tends to draw pictures instead of signing, and my signature is just a wavy line. It's not like they're going to check it.

The fact is, the creditor is the one who is taking the risk by providing the credit. They already charge a merchant fee on every transaction when a company accepts their card, and of course the big bucks come from the millions of morons who rack up big bills and take months or years to pay them off - nothing says profit like a 25% APR.

If your credit card gets stolen, as far as I'm concerned, the only people responsible for that loss are you and the creditor. The retailer shouldn't be punished.

Checking ID can work, except that it's not terribly hard to make fake IDs for that sort of purpose, particularly since most retailers aren't really taught how to detect a fraudulent ID.

And even if the creditors are going to ding the retailers for something like this, PayPal and other such services are different than your run-of-the-mill retailer of any size. They're wholly a middleman, so passing the charge onto the seller's account is kind of BS. While a store prices their products to accommodate things like chargebacks and lost or damaged merchandise, a person selling something privately (on MacNN or wherever) doesn't have that luxury.

[Chuckit]

How on earth are you supposed to check somebody's ID over the Internet? And how would that protect retailers from bogus chargebacks?

[besson3c]

Originally Posted by shifuimam 

If your credit card gets stolen, as far as I'm concerned, the only people responsible for that loss are you and the creditor. The retailer shouldn't be punished.

This is definitely not always the case. Credit cards are stolen all the time by retailers with bad security within their internal systems. This is why PCS standards (I may have that acronym wrong) have been developed that outline what businesses need to do to ensure security and safety in online transactions - there are entire security courses designed to help facilitate these sorts of systems. PayPal exists as a service will to take on this liability so that site owners don't have to.

So, in many cases the retailer can, and is responsible. There are many sketchy online order systems out there. My wife ordered something from a store that sent her her password in the clear as a form of confirmation... WTF?

I think what you are doing is mistaking stolen credit cards as happening via physical theft. I believe this is the least common way for this to happen. The most common is poor online retail security practices, or theft of numbers by employees. If I lose my credit card I can call my bank and have it canceled that day. I'm going to be far less aware of my card being stolen otherwise, so therefore it is going to take much longer before it is caught this way.

[shifuimam]

Okay, I can see that.

I mean situations like ours, where someone claims their card was stolen, and we're getting nailed with fees. Screw that. In fact, PayPal should never be passing these fees on to their users - the users are not the ones accepting the credit cards; PayPal is.

I realize that it would be difficult for them to function that way as a business...it still sucks.

When the seller's processing system is corrupt or insecure, then yeah - it's their problem. But when a kid lies to me and tells me his mom's credit card (which he used for the payments, allegedly) was randomly stolen, that's a different story.

[besson3c]

Originally Posted by shifuimam 

Okay, I can see that.

I mean situations like ours, where someone claims their card was stolen, and we're getting nailed with fees. Screw that. In fact, PayPal should never be passing these fees on to their users - the users are not the ones accepting the credit cards; PayPal is.

I realize that it would be difficult for them to function that way as a business...it still sucks.

When the seller's processing system is corrupt or insecure, then yeah - it's their problem. But when a kid lies to me and tells me his mom's credit card (which he used for the payments, allegedly) was randomly stolen, that's a different story.

So, who should pay for the cost of this investigation, and how do we standardize these practices and policies from bank to bank and creditor to creditor?

[shiff]

Originally Posted by besson3c 

shifuimam: maybe if retailers would start checking ID and thinking about their security a little more this kind of thing can be minimized? Why is it that even though my credit card says "SEE ID" on the back, nobody ever does? Have you read the site/blog about that guy that wanted to see how much he could get away with by signing things like "Daffy Duck" and "X"? Even buying big expensive TVs and stuff like that, retailers were just happy to brainlessly swipe his card. It would be *way* too easy to go on a buying spree with a stolen credit card.

So, I'm not disagreeing with you, but I think that there is another part to the problem.

Actually by not signing the back of your credit card it technically is not valid. A merchant can refuse to take your card completely if it is not signed. In fact, the credit card company could argue that because you did not sign the back of the card the credit card protections do not apply to you since you never agreed to them nor followed the contract by signing the card.

I am not saying anything like that would happen but it could.

[iMOTOR]

The real tragedy here is that someone paid $400 for pretend money.

[Chuckit]

Amazon.com: Exquisite Monopoly® in Leather & Pewter: Toys & Games

[Rumor]

If this is all through Paypal, and it happens to be a stolen card (which means his gaming account could have been hijacked), then Paypal will cancel the transactions, which means the funds will be pulled from you. This isn't a fault of Paypal or Paypal trying to screw your boyfriend, just trying to protect their clients.

On the other side, if there is identifying proof (IP address that matches before the "theft"), and your boyfriend can prove it, then the client would be in the pot.

[Spheric Harlot]

Originally Posted by iMOTOR 

The real tragedy here is that someone paid $400 for pretend money.

I suspect that this was precisely his mother's reaction when she found out he'd been using her credit card.

[shifuimam]

Originally Posted by Rumor 

If this is all through Paypal, and it happens to be a stolen card (which means his gaming account could have been hijacked), then Paypal will cancel the transactions, which means the funds will be pulled from you. This isn't a fault of Paypal or Paypal trying to screw your boyfriend, just trying to protect their clients.

On the other side, if there is identifying proof (IP address that matches before the "theft"), and your boyfriend can prove it, then the client would be in the pot.

It's unlikely his gaming account was hijacked. This is a really, really small server, and he was obviously trying to keep all his high-level stuff so that he could keep playing the game.

We sent PayPal a ton of log information with IPs. Boyfriend called them yesterday about how they randomly closed all the disputes without looking at any evidence, and because of the number of disputes and the quantity of money, they reopened all of them and escalated the investigation.

We'll see what happens.

I'm still wanting to know if there are any alternatives for international customers - is Google Checkout any better?

[Doofy]

http://www.ccbill.com/

IIRC, they charge a little higher commission as a sort of insurance against chargebacks, which means that any time one occurs you repay only what you received from the payment - with no additional chargeback fee.

That's the best you're going to get short of going for digital gold payments.