A quick and simple way to reduce chargebacks is to explain to the customer what will appear on there card, a good way to do this is send them an email directly after purchasing and then one 5 days later. Here is one we send:

------------------

Dear %FNAME%,

This notification is just a friendly reminder (not a bill or a second charge) that on %FANCY_AUTH_DATE%, you placed an order from Total WebWorks LTD.
The charge will appear as: %TWW%.

This is just a reminder to help you recognize the charge. You will not be charged again, unless you re-order.
Product Ordered:
---------------------------------------------------------------------------------------
Site name: %SITE_NAME%
Amount (USD): $ %AMOUNT%
---------------------------------------------------------------------------------------

Our customers have found this notice useful in confirming otherwise unknown credit card charges. While "Total WebWorks LTD" may be easily recognizable on your charge statement, "%TWW%" may not.

We would like to take this opportunity to thank you for your business and look forward to serving you in the future for all of your health needs.

Again, this is just a friendly purchase reminder, no response or further action is required.

*** THIS IS NOT A BILL AND IT DOES NOT INDICATE A SECOND
CHARGE TO YOUR CARD ***

This is only a reminder that a previous purchase you made should be appearing on your credit card statement shortly.

Sincerely,

The Customer Service Team
Email: Support@twwservices.com
Phone: +44 (0)115 8490188

--------------

Its a fantastic way to catch support problems also, so if needs be you can refund them before the chargeback

Hope it helps

great idea....nice tip

The odd thing is, the only chargebacks I've ever had for any of the sites I run is for check processing. So I disabled checks.

Do you do your own processing Elisha? I might have some good contacts for you if you do... we added a second processor and noticed a 20% increase in sales ;)

Great idea.

Thanks!

I thought of just having a "Terms" page and have a list of things like:

Any found to be sharing Passwords and or Usernames will have their account terminated and no refunds will blah blah blah

Then have one on there saying something like:

Once you have signed up and received your Username and Password it is agreed that you have access to the members area. Once access to the members area has been granted no refunds will be made should you decide to cancel, The reason for this being that once you have access to the members area you will be able to download the whole of our site.

Or words to that affect. I suppose this wouldn't be enough though or everyone would be doing it.

Have you ever bought a game for a Playstation?, well you can't get a refund once you have opened the game, same thing and same reason.

Or failing that you could say that when you sign up your credit card statement will show as:

upright and honest company ltd

But if you do a charge back it will show as.

I like to look at black mens big cocks ltd

Just another idea :)

I thought of just having a "Terms" page and have a list of things like:

Any found to be sharing Passwords and or Usernames will have their account terminated and no refunds will blah blah blah

Then have one on there saying something like:

Once you have signed up and received your Username and Password it is agreed that you have access to the members area. Once access to the members area has been granted no refunds will be made should you decide to cancel, The reason for this being that once you have access to the members area you will be able to download the whole of our site.

Or words to that affect. I suppose this wouldn't be enough though or everyone would be doing it.

Have you ever bought a game for a Playstation?, well you can't get a refund once you have opened the game, same thing and same reason.

Or failing that you could say that when you sign up your credit card statement will show as:

upright and honest company ltd

But if you do a charge back it will show as.

I like to look at black mens big cocks ltd

Just another idea :)

You may have problems with password sharing anyway. Passwords are got in all sorts of ways and you will start getting passwords shared. Ive added loads of passwords to systems myself that Ive never given away and they get shared.

Anyway password sharing is good if you have decent security, it creates tons of traffic :drink:

You may have problems with password sharing anyway. Passwords are got in all sorts of ways and you will start getting passwords shared. Ive added loads of passwords to systems myself that Ive never given away and they get shared.

Anyway password sharing is good if you have decent security, it creates tons of traffic :drink:


Password sharing and dictionary/proxy attacks can be bad. We got hit hard yesterday...
""From midnight last night until they stopped, the attacker(s) tried
about 100,000 user/pass combos using about 8,000 proxies"
Lucky we have Strongbox installed :onguard:

Password sharing and dictionary/proxy attacks can be bad. We got hit hard yesterday...
""From midnight last night until they stopped, the attacker(s) tried
about 100,000 user/pass combos using about 8,000 proxies"
Lucky we have Strongbox installed :onguard:

How do you find using strong box over pennywize Mat? I remember you use to use pennywize, you find strong box does anything pennywize doesnt?

Checkout www.proxypass.com - we use it and it seems to do well :)

How do you find using strong box over pennywize Mat? I remember you use to use pennywize, you find strong box does anything pennywize doesnt?

Comparing the 2 is like chalk and cheese! Strongbox does loads more and clever password crackers know how to get around Pennywize :mad: and no monthly fee :)
Not as straight forward to set up as you need to enable wildcards on your domain but its installed for you. Ray who made it is a great guy and has even tweaked some things for our sites which work like a dream.

Cut and paste from the site...
How does StrongBox compare to PennyWize?
First off, Strongbox isn't really directly compareable to PennyWize or anything else out there that I know of. To explain why, I have to get a little technical. Before I do, let me point out that with Strongbox there is no monthly fee and no reliance on someone elses server for your protection. Pennywize is an old solution to an old problem. The script kiddies, real hackers, and just plain password sites figured out how to beat PennyWize around 1999-2000. As more and more password sites and software did their end runs around PennyWize, we began developing Strongbox as the next generation in security. Now for the technical part: Pennywize and similar services are needed because most web sites today use something called "Basic Authentication", which is implemented in a part of Apache called "mod_auth". This "Basic Authentication" is the system where the gray box pops up asking for your username and password. When the designers of mod_auth first released the design for that system, they were very careful to point out that it was not intended to be secure. It was intended to be a very basic system that could be used to put a password on your stats page until something better was designed. One major weakness is that Basic Authentication - the pop up gray box - does not distinguish between the two main phases that you learn about in security 101. The first day of a computer security course you'll hear about the two phases of "authentication", making sure the user is who they say they are, and "authorization", checking if they are allowed to access this particular page, etc. The authentication phase is when they login, the authorization happens every time they view a page or image. With basic auth, they never login. Their username and password is sent by the browser every time it requests a page or image. Because they never actually login, you never get to thoroughly check them out. For example, Strongbox can analyze which countries login requests are coming from, something that the monthly fee services cannot do because of the hit-by-hit analysis their old fashioned approach requires. There are a lot of other problems too, like the fact that the whole thing is based on a very short password that can be shared. Pennywize and similar programs try to tape up the holes in basic auth. That's a very tall order, because basic auth is built like a chain link fence - way too many holes to try to keep taped up. PennyWize and similar programs end up working like a burglar alarm inside the fence - trying to detect an intruder after they get in and then trying to deal with them after it's too late. Strongbox, on the other hand, gets rid of the whole "basic authentication" fence and puts up a thick brick wall instead. It doesn't tape up any holes, because it throws that fence full of holes in the trash pile behind the woodshed and puts in it's own far superior system. PennyWize and similar systems are also easily defeated by proxy based attacks. See the above question about proxies.

Strongbox (http://www.bettercgi.com/strongbox/)

Checkout www.proxypass.com - we use it and it seems to do well :)

Does it do anything that pennywize or strongbox doesnt? Ive always been happy with pennywize, but am always interested in looking around

Not sure mate... I have not come across the two you have suggested!

Comparing the 2 is like chalk and cheese! Strongbox does loads more and clever password crackers know how to get around Pennywize :mad: and no monthly fee :)
Not as straight forward to set up as you need to enable wildcards on your domain but its installed for you. Ray who made it is a great guy and has even tweaked some things for our sites which work like a dream.

Cut and paste from the site...
How does StrongBox compare to PennyWize?
First off, Strongbox isn't really directly compareable to PennyWize or anything else out there that I know of. To explain why, I have to get a little technical. Before I do, let me point out that with Strongbox there is no monthly fee and no reliance on someone elses server for your protection. Pennywize is an old solution to an old problem. The script kiddies, real hackers, and just plain password sites figured out how to beat PennyWize around 1999-2000. As more and more password sites and software did their end runs around PennyWize, we began developing Strongbox as the next generation in security. Now for the technical part: Pennywize and similar services are needed because most web sites today use something called "Basic Authentication", which is implemented in a part of Apache called "mod_auth". This "Basic Authentication" is the system where the gray box pops up asking for your username and password. When the designers of mod_auth first released the design for that system, they were very careful to point out that it was not intended to be secure. It was intended to be a very basic system that could be used to put a password on your stats page until something better was designed. One major weakness is that Basic Authentication - the pop up gray box - does not distinguish between the two main phases that you learn about in security 101. The first day of a computer security course you'll hear about the two phases of "authentication", making sure the user is who they say they are, and "authorization", checking if they are allowed to access this particular page, etc. The authentication phase is when they login, the authorization happens every time they view a page or image. With basic auth, they never login. Their username and password is sent by the browser every time it requests a page or image. Because they never actually login, you never get to thoroughly check them out. For example, Strongbox can analyze which countries login requests are coming from, something that the monthly fee services cannot do because of the hit-by-hit analysis their old fashioned approach requires. There are a lot of other problems too, like the fact that the whole thing is based on a very short password that can be shared. Pennywize and similar programs try to tape up the holes in basic auth. That's a very tall order, because basic auth is built like a chain link fence - way too many holes to try to keep taped up. PennyWize and similar programs end up working like a burglar alarm inside the fence - trying to detect an intruder after they get in and then trying to deal with them after it's too late. Strongbox, on the other hand, gets rid of the whole "basic authentication" fence and puts up a thick brick wall instead. It doesn't tape up any holes, because it throws that fence full of holes in the trash pile behind the woodshed and puts in it's own far superior system. PennyWize and similar systems are also easily defeated by proxy based attacks. See the above question about proxies.

Strongbox (http://www.bettercgi.com/strongbox/)

Do you use pennywize along side with it or did you drop it alltogether?

You may have problems with password sharing anyway. Passwords are got in all sorts of ways and you will start getting passwords shared. Ive added loads of passwords to systems myself that Ive never given away and they get shared.

Anyway password sharing is good if you have decent security, it creates tons of traffic :drink:

:) I was just using that as an example of one of the many terms you could use. I could have just as easily used:

All files and downloads are checked for any known viruses and deemed to be safe and you will not hold WHOEVER.com responsible for any damage caused blah blah

Of course people will share, but it still doesn't hurt to remind them. Some will be scared enough to lose their membership not to do it.

Do you use pennywize along side with it or did you drop it alltogether?

Dropped it altogether and have never looked back.

Dropped it altogether and have never looked back.

Does the password sharing stop almost altogether Matt? I actually like the traffic it brings me

Does the password sharing stop almost altogether Matt? I actually like the traffic it brings me

It does. Having over 30GB on just one site alone + password sharing = doesn't mix and puts B/W through the roof.
Some sites are known as "easy targets" for password crackers so they will always get hit.

We use ccbill and gonna get paycom EU when it launches :) We also use strongbox - I cant believe how many times my site is attempted to be brute forced!!! I highly recommend it :)