[jrochkind1]

Was it literally someone elses name on the credit card? Perhaps the freelancer would have rejected the credit card as payment for this or other reasons if they had taken the card directly. Who knows?

Also they would be fighting with the credit card company against the chargeback -- whether and how much they can take back in situations like this depends on the nature of your agreement with the credit card processor, and whether you followed it -- that is, whether Upwork did. Perhaps the freelancer would lose if they had directly charged, but it would be their fight to have. Instead, they are just told by Upwork they owe Upwork money now, because it was Upwork that took the card, not them. But sure, maybe they'd have ended up in the same place anyway, it's true. They would have at least known they were responsible for vetting the credit card themselves -- which you can't be when you never even see it because Upwork is the one charging it.

[wpietri]

Would the freelancer have even known? Their initial contacts were remote. I just purchased some by-the-hour services from a sole proprietor a few weeks ago; I just gave them the credit card number. They never saw the card.

Bringing up the agreement with the credit card processor is an important point. I suspect that Upwork's agreement like that involves certain protections when freelancers use the timekeeping system to create real-time proof of work. As the freelancer explains, he's only in this pickle because he entered the time later. I get why that didn't seem like a big deal to him at the time, and I'd be very curious to know how clearly Upwork explained the difference. Was it only in their T&C? Did they warn him when he first tried manual entry? Does the manual entry page warn him every time?

[jrochkind1]

Just taking a US credit card number without the name, CVD code, or zip code, is indeed a dangerous way for the person taking a payment to take one, opening them up to more possibility of fraud and chargeback.

In this case, it was Upwork and not the freelancer who decided whether or not to charge a credit card with only the number, if that's what they did.

[wpietri]

I agree it's dangerous. But this guy clearly liked and trusted the client, a client that I'd guess is a fast-talking serial fraudster. So in the hypothetical case of the freelancer working directly, I think it's likely he would not be any better off.

[jrochkind1]

Yes, but in this case it was out of his control entirely, he didn't have the option of verifying the name on the credit card. It was Upwork who (apparently? we don't even know) chose not to do that, not the freelancer. If he was taking the card directly he would have the option of doing it more responsibly; if a hypothetical freelancer read a story like this, they might be more likely to do it next time. Upwork, apparently not?

But if your point is that people taken credit cards get scammed all the time even when taking them directly, I agree, that's a thing that happens.

[wpietri]

I don't think there's any reason to assume Upwork didn't properly verify the credit card.

And my point is not just that people get scammed via credit card, but that we don't have much reason to think that this particular person would be better off under your hypothetical case. Sure, he could have done it. He could have also read and taken seriously the requirement to use Upwork's time tracking if he wanted more anti-fraud protection. He could have detected that the client was dodgy and declined to work for him at all. There are all sort of possibilities, and we can't just pick one to draw lessons from.