If you're doing test charges for SAAS, you're doing it wrong.
The subscription is worthless without you flipping a little bit in your database somewhere, right? You could flip that little bit at any time if you suspected the account was fraudulent, right? Great news. Assume everybody is telling the truth that they're authorized, even if they fail AVS. If the charge is later disputed, rescind it and (optionally) lock the account. If it is not later disputed, hey, it must have been authorized.
This is time tracking not file hosting -- scamming 25 days out of the provider doesn't provide you any benefit. You should expect fraud rates to be negligible.
Why is locking the account optional? Well, really, clanging the doors shut on a legitimate paying customer is a lot worse for you than letting 10 illegitimate people take up another record in your database.
(Oh noes, how will I scale with invalid records in my database?! Oh wait, I charge people money which means I scale practically by definition.)
So sure, give people a few extra days to get their details re-entered before you shut down their access. The time is free to you.
In my business (selling downloadable software), after I have handed over the Registration Key the horse is out of the barn... and I could care less. They're free to me. You can try paying me with an e-check, which is basically a promise that 5 days from now you'll have money in a checking account ready for me, and e-checks come with NO verification for those 5 days. I'll still give you the key as soon as you hit the submit button. If you were dishonest or fumble-fingered your account number... oh well? Paypal will send you an email to retype it, if you do that is great, if not then I'm not out any money am I.
Actually, you should expect fraud rates to be high, but not because potentially legitimate customers are ripping you off. It's because when a fraudster gets a new shipment of stolen credit cards, he wants to test them out online before, say, walking into Best Buy where he might get busted for using a card reported stolen.
So you're not losing revenue, since these guys weren't going to pay you for your SaaS anyway, and you're not losing capacity since they won't actually use it. So what's the problem? The problem is that chargeback fees (that you pay them for the service of taking the money back) can be $25 or more.
If it becomes a big problem, you'll probably find ways to detect common fraudulent usage patterns. For instance, since your variable cost is zero, you might avoid putting through a charge until they actually use your service.
> Why is locking the account optional? Well, really, clanging the doors shut on a legitimate paying customer is a lot worse for you than letting 10 illegitimate people take up another record in your database.
That's really simply a decision based on how you wish to operate your business, don't you think? We've decided to require CCs up front based on a number of factors.
Doesn't make the pains of validating and charging CCs any less.
If you require CCs up front, charge a set-up fee - that's easier to explain to potential customers (a well accepted concept, whereas test charges sound shady to most non-geeks, and even to some geeks). And it makes you more money. So long as the set-up fee is reasonable, people are unlikely to mind. They expect to whip out their credit card when they buy something.
The subscription is worthless without you flipping a little bit in your database somewhere, right? You could flip that little bit at any time if you suspected the account was fraudulent, right? Great news. Assume everybody is telling the truth that they're authorized, even if they fail AVS. If the charge is later disputed, rescind it and (optionally) lock the account. If it is not later disputed, hey, it must have been authorized.
This is time tracking not file hosting -- scamming 25 days out of the provider doesn't provide you any benefit. You should expect fraud rates to be negligible.
Why is locking the account optional? Well, really, clanging the doors shut on a legitimate paying customer is a lot worse for you than letting 10 illegitimate people take up another record in your database.
(Oh noes, how will I scale with invalid records in my database?! Oh wait, I charge people money which means I scale practically by definition.)
So sure, give people a few extra days to get their details re-entered before you shut down their access. The time is free to you.
In my business (selling downloadable software), after I have handed over the Registration Key the horse is out of the barn... and I could care less. They're free to me. You can try paying me with an e-check, which is basically a promise that 5 days from now you'll have money in a checking account ready for me, and e-checks come with NO verification for those 5 days. I'll still give you the key as soon as you hit the submit button. If you were dishonest or fumble-fingered your account number... oh well? Paypal will send you an email to retype it, if you do that is great, if not then I'm not out any money am I.