Still would like to hear from someone with experience with selling downloadable software. My first few months will probably tell me a lot.

From previous discussions, I learned the following about chargebacks:

Better to prevent them than fight them.
You will probably lose if selling a service or downloadable software.

Using an activation code that checks against a server sounds like a good thing for a number of reasons.

It can transmit device ID, something too long for a user to reliably type in, and also show some record of when someone activates their software.

I could authorize upon purchase, but not charge the card until the activation is complete.

We have had a downloadable product for over five years.

The number of chargebacks - for us - went up in 2002/3 when someone (we think) targeted us - they seemed to be testing out credit card numbers more or less, as they just kept buying the same product over and over again.

We eventually had to change our online card authorizer as the one we used did not seem to have enough safeguards.

So - it is not so much real buyers who want their money back that is the problem. It is people that fraudulently use the credit card and usually do not even have a credit card. In the UK we use the CVS number on the back of the card now and that pretty much kills fraud in its tracks.

So your answer is - it depends on how you screen the sales. CVS screening is great for us. Full address verification would kill our conversion rates I think, as people always fill in addresses differently. I would use address verification if I was physically delivering "stuff".

Now - here's our bigger concern. When someone buys the product / licence, how easy is it for them to resell their password on Ebay? Now THAT is our current problem, as it undercuts our pricing, and turns the problem from individual fraudulent chargebnacks to commercial piracy.

Do you know of a "wrapper" product that would do option 3?

Dixon.

I don't know of a wrapper product. I'm forced to build any of this into it myself, both on the server and the software side.

In my area, Handheld Software, there are a few libraries, but they don't do all you need, and they are focused on Handango Dynamic Registration, which isn't very secure.

I envision giving a 16 char activation code at checkout, which can be checked against the server and only used once. During activation, the Device ID would be transmitted to the server.

Tieing to a Device ID - a 128 bit code, would tie it to a particular device. That may not be as easy on other platforms.

I am planning on verifying CVS Codes and doing some address verification. I'll have to see how strict I can be on the address part.

downloads are a risk - i've known a couple of people end up in really bad debt due to a LOT more fraudulent payments than genuine ones.

only sell downloads if you really need to sell the product by download - if you can burn it onto CD / DVD, do it - doesn't cost much and cuts out a lot of fraud.

if you really have to sell downloads, use an online merchant account like worldpay etc - make sure they provide 3D Secure (verified by visa / mastercard securecode) - shoppers can then verify transactions and you'll be protected from some chargebacks.

always pre-auth all transactions - don't complete the authorisation unless you are sure the transaction is genuine and that you won't get a chargeback. you might only collect payment for half the downloads, but the downloads cost nothing, so it costs nothing to NOT process some transactions.

RailMan, I definitely don't want to end up in your friends' shoes. Do you know if the fraudulent transactions were people who actually wanted the software or just criminals testing out credit card numbers?

While I would be flattered that many criminals want my software, I'd hope not. I believe I can distinguish the latter case - credit card testers with no interest in the software - with some certainty, and never capture.

I have authorize.net as a gateway. They offer CVC and Address Verification, which I'll use. They have Fraudscreen.net for a reasonable fee. They also say Verified by Visa/MasterCard is possible, though I don't know the details on implementation (I write my own checkout pages.)

People stress manual review before charging credit cards. However, I'm not sure I'd be able to spot anything suspicious that Address Verification would not spot. What would I look for?

My impression (may not be true) is that selling CDs would hurt conversion rates - all my competitors sell downloads.

If things got as bad as they did for your friends, I'd have to sell exclusively through partners like Handango and PocketGear, and pay 30-40% for the privilege. I'd hope I can do better than that.

>>Do you know if the fraudulent transactions were
>>people who actually wanted the software or just
>>criminals testing out credit card numbers?

both - it's easy to charge back for downloads - the problem is if you process EVERY transaction you get
once the files are online, let the orders come in - if it looks dodgy, don't process the payment - someone's got the files, but it cost you nothing extra so you lose nothing and you don't risk the chargebacks

>>While I would be flattered that many criminals want
>>my software, I'd hope not.

they'll take anything they can get .........

>>(I write my own checkout pages.)
save yourself time and effort and use a system that includes everything for you - time is money .......

>>What would I look for?
lots of fraud spotting info in this forum - i'd say for downloads, only process the payment if it looks 100% genuine

>>My impression (may not be true) is that selling CDs
>>would hurt conversion rates - all my competitors
>>sell downloads.

do amazon sell books or e-books? DVDs or MPEGs? ........

>>(I write my own checkout pages.)
save yourself time and effort and use a system that includes everything for you - time is money .......

I'm open to suggestions if there are preexisting checkout scripts that fit my needs. But the ability to customize, particularly on things that catch fraud, is valuable.

>>What would I look for?
lots of fraud spotting info in this forum - i'd say for downloads, only process the payment if it looks 100% genuine

Point well taken. I think there is enough information here to make the manual review process worthwhile.

For me, any transaction from outside the US is suspect, since the software, for now, wouldn't be useful outside the US. As the feature set and customer base expands, so does potential for fraud.

>>My impression (may not be true) is that selling CDs
>>would hurt conversion rates - all my competitors
>>sell downloads.
do amazon sell books or e-books? DVDs or MPEGs? ........

Amazon does have an e-book section, but I did not say that Amazon was my competitor.

Of 4 close competitors, one uses paypal, one their own checkout process, and two sell through a third party, share*it. All have downloads and a license key given through their checkout process.

Thanks for all the help.

>>Of 4 close competitors, ... All have downloads and a
>>license key given through their checkout process.

Nothing stopping you being different ........
Maybe shoppers will see extra value in buying a CD instead of a download? (just something to consider)