Montana Bullet Works & Fraud

[okie john]

Just went to the MBW site and saw this banner:

05/11/2021:
Because of ATTEMPTED fraudulent activity, the company we use to process our credit cards charged us over $5000 in fees, which they will not return.
We cannot afford this outrageous sum!
Effective immediately, we no longer accept credit cards as payment.
When we open the site for ordering, we will accept checks (bank, certified, personal, business) or money orders only.

We are sorry for any inconvenience and will continue to look into other payment options.

Many of us think highly of the folks at MBW, and I know we have some resourceful people here.

Does anyone know how MBW could go about getting this money refunded and this processing company sanctioned?

It seems like a consumer protection issue.


Okie John

[mtnbkr]

Just went to the MBW site and saw this banner:



Many of us think highly of the folks at MBW, and I know we have some resourceful people here.

Does anyone know how MBW could go about getting this money refunded and this processing company sanctioned?

It seems like a consumer protection issue.


Okie John

A guy I knew via another forum had similar issues with his credit card processor. I don't think he ever found a solution before he passed away.

Chris

[AKDoug]

Our credit card processor made it very clear years ago that if we weren't PCI compliant and used the right processing machines, we would be on the hook for all fraud claims. Computer order systems must meet the proper criteria and phone orders are now the big no-no. We do not take phone payments from anyone other than payments of accounts and we have a signed document authorizing that use.

[Lester Polfus]

Our credit card processor made it very clear years ago that if we weren't PCI compliant and used the right processing machines, we would be on the hook for all fraud claims. Computer order systems must meet the proper criteria and phone orders are now the big no-no. We do not take phone payments from anyone other than payments of accounts and we have a signed document authorizing that use.

That's kind of the "rest of the story" that I was going to try to articulate, but AKDoug did a much better job than me.

I'm not at the point where it makes sense to sell books and fan-merch direct off my website, but I know authors that do that. There's a set of security standards for taking payments, and if you aren't compliant, you're hosed. The cyber fraud crowd is no longer dudes sitting in their mom's basements. They are organized, sophisticated criminal conspiracies and once they find a vendor that isn't compliant with the standards, it's the equivalent of bleeding in a shark tank.

There are lots of "old school" business people that have maintained a willful ignorance of this sort of stuff. The orders roll in, they get paid, and they figure all this fancy talk of data standards and best practices is just a way to sell them stuff. Then this happens, and they get indignant. I know of one case of an indie author who was selling maybe $500 worth of signed copies and goofy merch a year that got dinged for more than Montana Bullets when a hacking group used her antiquated site to jam up a bunch of fraud. She still insists "she did nothing wrong" and I think she's convinced all the lawyers in the world who have refused to take her as a client are part of some kind of conspiracy.

[TGS]

That's kind of the "rest of the story" that I was going to try to articulate, but AKDoug did a much better job than me.

I'm not at the point where it makes sense to sell books and fan-merch direct off my website, but I know authors that do that. There's a set of security standards for taking payments, and if you aren't compliant, you're hosed. The cyber fraud crowd is no longer dudes sitting in their mom's basements. They are organized, sophisticated criminal conspiracies and once they find a vendor that isn't compliant with the standards, it's the equivalent of bleeding in a shark tank.

There are lots of "old school" business people that have maintained a willful ignorance of this sort of stuff. The orders roll in, they get paid, and they figure all this fancy talk of data standards and best practices is just a way to sell them stuff. Then this happens, and they get indignant. I know of one case of an indie author who was selling maybe $500 worth of signed copies and goofy merch a year that got dinged for more than Montana Bullets when a hacking group used her antiquated site to jam up a bunch of fraud. She still insists "she did nothing wrong" and I think she's convinced all the lawyers in the world who have refused to take her as a client are part of some kind of conspiracy.

Thank you for putting this down in a way that I couldn't. I had to keep deleting my responses.

[mtnbkr]

I hadn't even considered this from a PCI perspective. If that's what's going on, I can't say I'm really sympathetic. The standard is well defined, established, and there to protect both parties (in a legitimate transaction).

The gentleman I referenced above got hit a different way. He had "customers" ordering stuff and the CC companies wouldn't allow him to validate the card info or cardholder when things didn't quite jive. When the order turned into fraud, he lost the payment and the item he sold. It was as if they wanted the fraud to take place and then penalized him when it happened. Of course, I was only getting the story from his side, but it did feel willful on the part of the CC companies.

Chris