Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
BadCustomer.com Is Bad News For Online Retail
My recent post about <a href="http://www.informationweek.com/blog/main/archives/2009/10/too_many_unhapp.html;jsessionid=CFF4X2DUTM0A3QE1GHPCKH4ATMY32JVN">BadCompany.com, which blacklists customers who claim refunds from their credit card issuer</a> rather than directly from the retailer, raised a number of interesting questions: have any retailers actually signed up for this, how does BadCustomer even get a hold of those names, and isn't it a violation of customer privacy for retailers to revea
October 16, 2009
4 Min Read
My recent post about BadCompany.com, which blacklists customers who claim refunds from their credit card issuer rather than directly from the retailer, raised a number of interesting questions: have any retailers actually signed up for this, how does BadCustomer even get a hold of those names, and isn't it a violation of customer privacy for retailers to reveal customer names to third parties?The company didn't respond to my initial queries, but BadCustomer.com president Brien Heideman thought better of it after seeing the original post.
Where customer privacy is concerned, Heideman explained that BadCustomer.com never sees any names. It merely aggregates the databases of "bad customers" maintained by each of the retailers that signs on to his company's system.
Every time a transaction is processed on a participating retailer's site, the retailer's e-commerce engine scrubs the customer's name against the larger database maintained by BadCustomer.com and, if there's a match, informs the customer that the transaction has failed and directs him or her to BadCustomer.com's customer service.
Personally, this is where I'd get off the train. If I ever got a message from an online retailer telling me they didn't want my business because I was on someone's garbage list, I'd put them right on mine. But maybe that's just me.
The malleable customer who inhabits Heideman's imagination would talk to a BadCustomer.com customer service agent and figure out why they're on the list. Then they'd fork over $99 to clear their name. (BadCustomer.com charges $99 because, "we want this to be a little bit painful," Heideman told me.)
In any case, since BadCustomer.com never sees a customer's name until they themselves call to clear themselves, Heideman believes retailers aren't violating their customers' privacy.
According to Heideman, BadCustomer.com, launched in August, has approximately 150 retailers on board, and is likely to sign up a lot more once things quiet down for retail IT departments after the holiday rush.
Heideman said retailers like the idea because they already maintain their own blacklists and figure that a larger, shared blacklist (currently at more than 5 million) would be more effective at snagging habitual fraudsters. Moreover, he told me, "they love the name of our company."
But when I asked him why he couldn't provide me with any recognizable reference customers, he admitted that "retailers don't want to announce they're using this to individuals, maybe in part because of the name."
Yeah, no kidding.
In fairness, though, charge-backs are a real issue for retailers. According to the National Retail Federation, fraudulent charge-backs cost U.S. retailers more than $11 billion in 2008.
But this still seems like a really bad idea. The BadCustomer.com database is a aggregate of watch lists, so participating retailers are at the mercy of whatever asinine policies their competitors have in place. For instance, many retailers put a black mark next to customer names after just one charge-back, regardless of whether the action was legitimate or not.
Another, larger, issue is that $99 fee. Painful indeed and permanently off-putting. Now, retailers may have statistics showing that they're better off losing the odd "legit" customer than continuing to do business with the crooks that make up the preponderance of their lists, but I think they have more to lose if there's a deterioration in the climate of trust that still permeates online commerce today.
When e-commerce first became big business in the late 1990s, merchants worked hard to win shoppers over with free return shipping, order tracking, and other standard industry practices aimed at gaining trust. They overcame bad holiday experiences, shady operators and impossibly slow download speeds (probably thanks to the largess of companies who allowed their employees to do their Christmas shopping over their T1 lines).
How quickly do you think it would take for word to get around that a particular retailer was charging $99 as some kind of blackmail or extortion? Never mind that it wasn't the retailer collecting the $99, or even putting the customer on the blacklist; customers would blame the retailer they were trying to shop with and no one else -- and I would be first among them.
In the final analysis, my take would be, if you don't trust me enough to do business with me, then I don't want to do business with you either.
You May Also Like
Edge Computing's value to IT
Data Center Firewall Toolkit
Navigating the ISO 27001 compliance journey
NIST Cybersecurity Framework 2.0: Changes, impacts, and opportunities for your InfoSec program
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Accelerationâ€‹