Upwork wants to play the game "heads I win, tails you lose". The credit card company is doing the same.
Kind of sad that they'd be doing this. I do wonder what Upwork's contract with the credit card companies states. How long far in the past can a bank claw back payments? Shouldn't the bank have liability here?
The whole thing is so interesting because each player has a fiduciary duty to validate payments and they all failed. The only person who was legit was the freelancer.
As a former merchant, I wouldn't argue that the freelancer owns this. But, I also don't think Upwork really "allowed the fraudulent transaction". The banks and credit/debit card companies allowed it. And they have a lot more contextual background information on the buyer, seller, and transaction than the merchant does.
Yes, but isn't this exactly what Upwork gets paid to take care of?
The only way that Upwork's actions are justified is if the author was complicit in this scam. In which case, he wouldn't have really been working, and he would have split the money back with Robin, the guy who "hired" him on Upwork.
But in that case, Upwork would obviously kick the author off of Upwork, not ask them to continue working.
The hierarchy of information and scale here, from most to least, seems to obviously be: banks, Upwork, freelancer.
Or, to put it another way, requiring the freelancer to pay this begs the question: "What could the freelancer have done to avoid this?"
To which the only answer is: everything Upwork is abstracting away and doesn't want their freelancers doing. Do a background check on the client. Obtain the client's actual payment methods and verify them with the bank. Etc.
All of which are literally Upwork's functions in this arrangement, because like PayPal, they exist to centralize and decrease friction between two semi-trusting parties.
And when that goes bad, it's bullshit for them to transfer the consequences of that onto someone who lacked the access to detect or fix it in the first place, by Upwork's design!
It'd be like Uber requiring a passenger to pay an insurance claim, because their driver was involved in an accident and didn't have auto insurance.
Per the article, that would have required him opening a laptop during their meeting and twiddling the mouse around to prevent idle.
Legally, that may impact.
But practically and provably? I can't imagine he wouldn't be in the same situation, albeit with Upwork claiming they'd detected patterns of abuse during his claimed time, and still putting this on him. Or maybe not. Futures not taken, etc.
> If contractors' time is tracked using Upwork tool then this problem will not exist.
But that's for countering the opposite problem -- when the contractor tries to scam the client. Here, the client is the scammer.
And didn't TFA say that Upwork tried this tack at first -- but stopped that line of argument after he provided testimonials from the client that he had indeed performed the work?
>Yes, but isn't this exactly what Upwork gets paid to take care of?
I imagine the big value proposition for sellers is the marketplace/customers. But yes, they are being paid somewhat for vetting buyers. I'm not saying the freelancer should eat the costs.
I am saying, though, that banks dropping 100%+chargeback fees on the merchant is pure bullshit. Basically, because of the fees, they MAKE money on chargebacks. And as mentioned, they know things like past transaction types, previous chargebacks, amounts, other current activity, and so on that the merchant doesn't. I think they should have to eat at least some of the costs when this happens. Especially when it's multiple transactions over time, like in this case.
I'm pretty sure the technology behind detecting fraudulent transactions would be very different if the credit card companies and banks had to eat some of it. Current state, they don't even ask for an IP address for authorization of a payment. How does that make sense?
I think you're misunderstanding the structure of the credit card system a bit.
> And as mentioned, they know things like past transaction types, previous chargebacks, amounts, other current activity, and so on that the merchant doesn't.
There's two banks in the flow: the issuing bank that issued the card to the customer, and the acquiring bank, which provides the merchant account. These are often (especially for online businesses) different banks.
> I am saying, though, that banks dropping 100%+chargeback fees on the merchant is pure bullshit. Basically, because of the fees, they MAKE money on chargebacks.
The issuing bank doesn't charge any fees, they just take their money back. The acquiring bank absolutely does not want to be making money on chargeback fees: they get fined by the card network if their chargeback rates are too high, and will fire you as a customer if you maintain elevated chargeback rates (and they're certainly not going to do a 100% fee on $12.5k. It's usually a fixed amount that's putatively paying for them to deal with the issuing bank.).
> I'm pretty sure the technology behind detecting fraudulent transactions would be very different if the credit card companies and banks had to eat some of it. Current state, they don't even ask for an IP address for authorization of a payment.
A lot of the time, they do eat the fraud. Oftentimes, the issuing bank won't actually file an actual chargeback when their customer reports fraud, because they need to actually arbitrate the case, and if the cost of doing so is sufficiently large relative to the actual value, they'll just absorb the cost internally.
I do agree with you that the state of online payment security is rather bizarre. The card networks have basically required chip cards for physical transactions by charging extra fees and pushing fraud risk onto the merchant if you swipe the magstripe, but they've done basically nothing about card not present online transactions.
I'm lumping both banks and the likes of Visa and Mastercard together, yes. Because that is collectively who is making the problem solely the merchant's problem, I assume deliberately. They all have cross-agreements, so they could make this better.
>if their chargeback rates are too high
I've paid a $25 chargeback fee for a $15 transaction. It's still bizarre to me that I pay them though. I'm already on the hook for the whole transaction amount, even after doing AVS, my own pre-shipment fraud checks , etc. And, if I shipped the item, I'm out that cost as well. It's just so asymmetrical.
>they've done basically nothing about card not present online transactions
That's my main point. And given that the merchants (often? usually?) eat the cost, they have no incentive to change that.
Edit: A couple of related anecdotes.
I had one customer who just happened to be in the same city file a chargeback for "item not received". The item in question was a custom item, described in the charge, and sitting in their shop window. I challenged the chargeback with a picture of said item, with the address/name of the business in the foreground. Still lost.
Another item the customer claimed it was broken in shipping and filed a chargeback for "item not as described". It was a fragile item that comes with chains to hang it, but the chains come in a little box...you attach them yourself. The customer's picture of the shipping damage showed the item shattered/broken, but with the chains attached. Who attaches chains to a shattered item? Lost that chargeback too.
People on hacker news ask all the time for a use case for crypto. This is it. Irreversible transactions. If the client was paying with crypto, there would be no danger of reverting their transactions.
Also, Upwork should drop their 'cut' of the contractor's work if they want them to work to pay back Upwork
We've purposefully built the financial system to allow for reversible transactions, because it protects consumers and reduces crime. If the client had paid with stolen crypto (as they paid with a stolen CC), then, yes, the freelancer would have been paid, but the person whose money was stolen would have been screwed.
If we wanted to build a financial system without those safeguards, we could do that, without using as much electricity as all the world's datacenters combined.
> If the client had paid with stolen crypto (as they paid with a stolen CC), then, yes, the freelancer would have been paid, but the person whose money was stolen would have been screwed.
Since delivery of products/services isn't reversible, all that making transactions reversible accomplishes is changing which party gets screwed when there's fraud.
Agreed! But my base assumption is that suppliers are generally better-equipped than consumers to absorb sudden, unexpected costs.
But I also feel this is all extraneous to the larger point, which is that we can set up a fiat-based finance system in whatever way we feel, just like we could develop a blockchain-based system that allows transactions to be reversed under certain conditions. I'd like to use the one which releases an order of magnitude less carbon.
I don't think it reduces crime. The merchants bear the cost, and have no power or information to go after the criminals.
I think it actually encourages crime. The banks and credit card companies aren't going after people when the merchants bear the costs. The criminals get to keep the goods and services they bought with the stolen credit cards. This case seems to be a typical example.
Okay, then lets do away with reversible transactions! I would have assumed it was the banks who bore the cost in the majority of cases (which makes sense, since they have the most data to detect fraud and are the ones who are supposed to be doing due diligence), but I don't know enough about this industry.
But, let's do it without a blockchain that wastes massive amounts of carbon.
Edit: Just to be clear, I'm not advocating making transactions permanent. It's an "if this, then that".
Exactly. This is a great example of where cryptocurrency has a relative advantage. If I'm looking to defraud, I'll prefer to do it via cryptocurrency because once I have the money, it's hard to get it away from me. That helps explain why fraud is so common in that space.
It's easy to see that cryptocurrency is a big reason ransomware has spiked in recent years. I suspect the same is true for other sorts of financial crime. I'd love to know how much. But it's surprisingly hard to do a telephone survey where you ask people about their criminal choices, so I expect I'll never know.
As written, this story also includes a part where someone was using someone else's credit card without permission.
The magical crypto future we've all been waiting for is that the guy who paid $12,500 to a freelancing platform for something he had nothing to do with and no knowledge of should get stuck with the bill and everyone should move on?
Which is different/worse than the current situation where the author is being stolen from without even having the ability to vet their clients the way the intermediary does?
The author is a businessperson who’s job it is to make decisions about how to get paid for their work.
The person in question assuming the story is true as stated is totally uninvolved and innocent and just lost $12,500.
I mean in general if people have payment methods others can use with absolutely no recourse that’s a bad thing. This isn’t a super complicated concept.
We have no details about what actually happened, perhaps a business relationship gone sour, perhaps the client was using their parents' credit card, or perhaps it was in fact stolen (though it's questionable that the charges would happen for so long if this is the case).
Regardless, irreversible transactions would be more like cash payments. People seldom go around with their private keys for $13000 on paper in their wallet, (though a password protected hardware device would grant similar freedom with less risk), and if they did and it got stolen, it would be up to them to try to move the funds before the thieves do.
I'm not denying that a shit-ton of crypto theft happens, but in this case it seems like there's more to the story than we're getting. If the client had been paying with crypto, it mean they had undeniable access to the funds. Again, it doesn't mean the funds weren't stolen, but I have yet to hear of a case of a recipient of stolen crypto being asked to pay it back.
I'm wondering if there's even precedent for this. As a business owner, if someone walks in and pays cash for goods, then someone else walks in and says the person who just paid you used stolen funds, are you obligated to pay it back? If so, haven't you just been stolen from?
Kind of sad that they'd be doing this. I do wonder what Upwork's contract with the credit card companies states. How long far in the past can a bank claw back payments? Shouldn't the bank have liability here?
The whole thing is so interesting because each player has a fiduciary duty to validate payments and they all failed. The only person who was legit was the freelancer.