* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator


For the past few weeks I've been getting a lot of strange chargebacks and paypal disputes from the customers.

People are initiating chargebacks/disputes instead of just asking for a refund (we have 30 day refund policy).

Am I just "lucky" or it's something happened in the world and chargebacks become more and more common?
Kuzmitskiy Dmitry Send private email
Monday, November 11, 2013
Not enough info given to say, and probably only you can determine.

If getting a bunch of registrations would help a cracker break the  registration system, I'd be suspicious of that and periodically check torrent trackers for released cracks, key generators, or whatever is relevant to your situation. Should such a thing appear, I'd consider reworking the registration and making sure I had a system to blacklist rogue registrations.
Scott Send private email
Monday, November 11, 2013
Have you tried purchasing your own product and doing a clean install on a virgin machine?

It's good to do that now and then anyway and may reveal if there's a disconnect or issue,

A couple of examples I've seen:

1. Entering the license didn't fully unlock the product without going online and 'activating' (2 separate steps)

2. Registration email was both garbled and obviously placeholder text

Bonus one for email - an email with many trigger words ("Free!" "Discount!" etc) which triggered every spam filter on the planet.

Does the test purchase go smoothly? Does all the wording make sense? Do you get confirmation? Is the registration, activation, license-entering etc etc process all simple, obvious and easy?

Tip - get your wife or a friend to purchase, and watch closely. Don't tell them if they're doing anything wrong, just watch.

Even a slow server and people clicking twice and being charged twice could be the culprit. I know this sounds a bit like bran flake cereal, you know it's good for you but you don't want to - but seriously, a test purchase is always a valuable thing to do.

People are buying and are then becoming unhappy. So be a buyer, find out why?

Reluctantlyregistered Send private email
Monday, November 11, 2013
>> "Am I just 'lucky' or it's something happened in the world and chargebacks become more and more common?"

My gut and, more importantly, my experience says this is fraud to get free product keys from you. You can verify this a few different ways. Look at the geolocation of the IP addresses making the orders. If they're common Tor or proxy end-points then it's plain old fraud. Also, if the geolocation isn't a proxy/tor end-point, and the location doesn't match the details of the credit card, then again, you've got fraud from assholes looking to score free licenses.

My advice is 2-fold:

1. Start making a simple system to "hold" orders that look suspicious. That is, if the CC address details and the IP geolocation don't match within a 50 mile radius, then "hold" the order until you can look at it manually. Why? Because it's likely a stolen credit card. Ditto for IPs matching Tor & Proxy end-points -- "hold" for manual processing.

This system doesn't have to be complicated. Start with a simple script and build it up as you need to. If you can't "hold" orders, then simply process the order but don't send the license until you can manually verify it. Then, if the order looks fraudulent, simply refund the CC charge.

2. Upgrade your licensing system to one that can revoke keys remotely. I'd recommend LimeLM (http://wyday.com/limelm/ ), obviously, but if you've already built a decent hardware-locked licensing in-house then it shouldn't be too much extra work to expand it to add remote revocation.

Doing these 2 things should solve your problem. You'll be able to reject fraudulent orders before they even get a license, and you'll be able to kill licenses that snuck past your fraud-checker.

Also, you should do sanity checks in your workflow like AC suggested. But I assumed you've already done that.
Wyatt O'Day Send private email
Monday, November 11, 2013
Wyatt:  Only 50 miles?  My ISP is Telus.  Their head office is in Burnaby, BC which is a few hundred miles away.  That was what used to show up on a whois on telus.net; now, it shows an address in Toronto (across the country).


Gene Wirchenko
Gene Wirchenko Send private email
Tuesday, November 12, 2013
It depends on the IP to geolocation service you use. If I just do a plain old "whois" on my IP address, it shows me as being in Boston (where the local ISP is located). That's not even the right state. But if I use a geolocation service on my IP, then I get my exact city.

But you're right, even with good geolocation services the IP-to-address can be pretty far off in some parts of the world. That's why I suggested holding the order for manual processing (not rejecting outright).
Wyatt O'Day Send private email
Tuesday, November 12, 2013
I don't think they do it to get a free key - I have an online activation system and can (and do) block their keys after refund/chargeback.

My question was: why people started to prefer chargebacks over a refund? The refund is faster takes less effort than initiating a CB. This is what I don't understand.

Web site design hasn't been changed in years, so it's not that people didn't notice the refund policy.

Anyway, thanks for an advice to get a fresh look on a product and purchase process - will do it soon (but as the web site, puschase process hasn't been changed for a long time too).
Kuzmitskiy Dmitry Send private email
Sunday, November 17, 2013
Kuzmitskiy Dmitry: "My question was: why people started to prefer chargebacks over a refund? The refund is faster takes less effort than initiating a CB. This is what I don't understand."

Here is my guess.

1) However simple your refund procedure is, it is likely different from another vendor's.  For the customer's credit card, any chargeback works the same way.  That makes it simpler.

2) The customer might be worried about getting hassled over it.  He has likely never tried for a refund from you.  He might have done a chargeback before so he will know what is required, and, if he does not, there is likely something on the Web.


Gene Wirchenko
Gene Wirchenko Send private email
Monday, November 18, 2013
"why people started to prefer chargebacks over a refund?" -- If they paid by PayPal, does PayPal give them 100% of their money back?  I thought they still retained some?  If so, that would definitely turn them off and go the chargeback route.
PSB136 Send private email
Friday, November 22, 2013

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz