A user is trying to steal from us and I don't mind

If HN incorrectly hellbans someone... they piss someone off.<p>If a retailer incorrectly hellbans a customer, that is, they tell the customer that their card will be charged, and that the goods they ordered will arrive in the post, but without the intention of doing either of those things, owing to a genuine mistaken belief that the customer is engaging in credit card fraud, but lying nonetheless... are they leaving themselves open to legal action from the customer? From regulators? I'd expect the bad PR alone to be a worse hit for a retailer than a bulletin board.

Though it may be effective, from a moral standpoint I find hellbanning to be as evil as the name would imply. To a lot of people, finding out that you've been ostracized <i>and nobody told you</i> would be extremely psychologically damaging. This applies more to discussion forums, of course, than online purchases.

So I moused over this weird little black dot. It changed shape with the words "Don't move" next to it.<p>1 second later it seems I'd given this blog the equivalent of a thumbs up.<p>wtf? Dear plusbryan. -one kudo. THEN -another kudo for having a stupid system. In fact, -two.

&#62; <i>A user is trying to steal from us and I don't mind</i><p>Of course, you mind. You hellban them for crissake.<p>Catchy title though :)

There's a cleaner variation of this.<p>Once you see a user go through 3 cards, each failing the authorization, <i>fail</i> all subsequent purchase attempts without passing them to the bank. If you feel like tar-pitting the guy, show "timed out" errors and tell to contact the support or ask to try again with another card. Legit customers <i>will</i> contact the support and the frauds will continue supplying you with stolen credit card #s, which you, of course, will diligently log for the future reference.

I'm wondering if there is anything legally wrong with falsely saying that a certain transaction went through when it actually didn't.

It's an interesting idea, but what if it's an error on your part and not the user?<p>There's no real channel for reverting the hellban once issued since you've pretty much permanently assumed the user is malicious and can't be trusted.<p>A few cases I could think:<p>- User loses card and cancels it, but finds it again and uses it without realising.<p>- A single piece of information the user has provided is wrong, but the user repeatedly resubmits without realising. Eventually you hellban them, but they're actually a legitimate customer who made a mistake, but now you can never have them as a customer and might be feeding false positives to them and ignoring their calls for support after they fail to receive the product.<p>In the end, it doesn't seem like you're saving yourself (you mention Walmart as the one that usually suffers) and from my point of view you're shooting yourselves in the foot, as you could accidentally hellban a legitimate customer which could result in a bad reputation.

The naysayers have probably never dealt with real, persistent credit card fraud. I have. I think this is a beautiful idea that will do a lot of good for us.<p>I run a B2B SaaS company that attracts its fair share of fraud. If we simply string these bad actors along instead of banning them outright I think we would see a decrease in fraud attempts.<p>Of course this would only be a manual thing. The vast majority of our customers come from sales channels and not through the web or search referrals. This will work great for us as we already have a manual account approval process. Instead of banning them, we'll hellban them.

So you extend the offer. The user accepts the offer. The user believes they have shown consideration by paying for the item, and they expect you to fulfill the agreement that they believe has been created. Your messaging may even support this.<p>If you have anything less than 100% specificity with your fraud detection algorithm, don't you risk running into trouble because of violation of a contract (or something similar, IANAL)?

How do you know when a user is using stolen credit cards?

Devious. Underhanded. Evil.<p>I like it!<p>Upside is that it slows down the thief. Downside is that it will cause legitimate users to rain hellish social comments down on your head.

You're really forbidden to do any false positive with that, or you are good for a PR nightmare. Moreover applying some kind of sanction without any of the traditional justice procedural safegards makes me slightly uneasy.

Fun times. Do you track the cards that a specific individual uses? That way if you feel like turning that information over to the Lone Ranger they will have a method of tying all those incidents together.

I love the sporting aspect of this trick. Well done!

Totally unrelated: does anybody want a gift box? I've got several thousand.