Join 3,517 readers in helping fund MetaFilter (Hide)


The business of online loyalty programs
November 18, 2009 10:10 AM   Subscribe

A US Senate Committee just released its report on online loyalty programs. Combined, Webloyalty, Affinion, and Vertrue have made $1.4 billion in the past ten years charging customers $10-$20/month for marketing program memberships. Unfortunately, many of their customers (4 million this year) have no memory of authorizing the charges.

A key enabler for signups is merchants passing credit card numbers directly to the loyalty program; the customer never has to enter billing data. Such "card on file" transactions have a conversion rate of roughly 4% (compared to 1% without). Many well-known Internet brands such as 1-800-Flowers, Classmates.com, Priceline, Expedia, Orbitz, Travelocity, Fandango, Buy.com, eHarmony, and Yahoo are paid $10 to $30 per signup to entice their customers to join the marketing programs.

There's been a litany of lawsuits and settlements for years about these programs. In response the marketing companies have promised to change their practices, in some cases meticulously documenting page layout changes.
posted by Nelson (26 comments total) 4 users marked this as a favorite

 
I love Orbitz, if only because they always have a cheaper price for the same flight when compared the carrier's own website, but every time I use it I am annoyed by that interstitial page on checkout.
"Hey now Mr Traveler: sign up for a rental car, a box of chocolates, a hotel and three magazine subscriptions..."
It's cheesy and annoying. But worst of all, I am pretty sure that at least a few times, some of the checkboxes defaulted to ON. I should have taken screen shots.
posted by rokusan at 10:15 AM on November 18, 2009 [1 favorite]


Somehow i got signed up for one of these and I'm disputing the charges going back 6 months. They can suck it.
posted by cbecker333 at 10:27 AM on November 18, 2009


If your business model is "maybe they won't notice the charges for a month or two", you need to be horsewhipped.
posted by seanmpuckett at 10:45 AM on November 18, 2009 [8 favorites]


That link showing the page layout changes is actually pretty damning, because it shows how they are trying to give the appearance of solving the problem without actually solving it.

Only one page layout change would be required, and that is to make the signup button say CLICK HERE TO BE BILLED AN EXTRA $12 PER MONTH. But to the extent that people understand this is what it really means, that is the extent to which their business model evaporates.

Personally, I'd like to see changes to the credit card transaction processing infrastructure to make shenanigans like this impossible. For example, some little gadget that you get with your card, where you input details of the transaction (vendor ID, transaction ID, and amount) and it generates a one-time authorization code that you type in on the billing page. Maybe even allow the device to read this info wirelessly from a point-of-sale device to make in-person transactions more convenient.

Forwarding (or for that matter, stealing) this code wouldn't be useful, because it can't be used for any other transaction but the one you intended. And this mechanism should be mandatory, rather than leaving it up to the vendor to decide if they want to use it or not.
posted by FishBike at 10:52 AM on November 18, 2009 [1 favorite]


Personally, I'd like to see changes to the credit card transaction processing infrastructure to make shenanigans like this impossible. For example, some little gadget that you get with your card, where you input details of the transaction (vendor ID, transaction ID, and amount) and it generates a one-time authorization code that you type in on the billing page. Maybe even allow the device to read this info wirelessly from a point-of-sale device to make in-person transactions more convenient.

There's no reason to use an entirely different device, just make it work on people's cellphones. You could even go as low tech as simply sending a text message, and denying the charge if the user doesn't respond quickly enough. On more high-end phones you could have an app that would pop the charge on the screen, and present a 'yes/no' buttons for the user to press.
posted by delmoi at 10:59 AM on November 18, 2009 [1 favorite]


Yet another piece of evidence for when we finally line-up marketing departments along a wall...
posted by Thorzdad at 11:03 AM on November 18, 2009


wow. I used to think arrington was the biggest douchebag on this planet but copying his article from earlier today without attribution just promoted you to a spot not far from him on that list.
posted by krautland at 11:09 AM on November 18, 2009 [1 favorite]


In the mid-to-late 90's I worked for the company that helped build Webloyalty's systems. I wasn't really involved with that particular client, but I still feel kind of dirty about it.
posted by bashos_frog at 11:16 AM on November 18, 2009


That's the first I've seen of the TechCrunch article krautland, thank you for linking it. And here I thought I was a douchebag for cribbing so much off of the cnet article! TC's link to 2858 comments about being scammed by WebLoyalty is nice.

FishBike, I agree that bit of page markup is pretty damning. It's also fascinating, since it gives such insight into exactly how people design pages to trick you into clicking on things. What I find most disappointing is how so many well known Internet brands chose to go along with these companies. It's like they don't understand what business they're in: are you selling hotel reservations to people or just trying to pass their credit card number on to a shady company for a bounty?

There's a variety of technical measures that could make credit card processing more secure. The problem here is more a matter of policy; apparently the "card on file" model of charging is allowed by the credit cards, even to a third party. You'd think that would generate an awful lot of fraud complaints.
posted by Nelson at 11:21 AM on November 18, 2009


Some credit card companies offer "secure" numbers for online/phone purchases. Looking at Discover's page, it seems like you can generate one for every online retailer you use. Presumably this means that, giving a secure number to, say, Orbitz, they cannot pass that along to one of these loyalty programs and have it work.
posted by backseatpilot at 11:24 AM on November 18, 2009


Presumably this means that, giving a secure number to, say, Orbitz, they cannot pass that along to one of these loyalty programs and have it work.

I would bet there would be some sort of "business partners or their assigns" legal gymnastics that would allow the 3rd parties to come under a vendor's secure number.
posted by Thorzdad at 11:34 AM on November 18, 2009


With BofA, a "secure number" is one-time-generated with a spending limit that I can set to whatever I want and an expiration date. There's nothing stopping whomever I give that number to from charging all the way up to the limit. Furthermore, I presume Orbitz could pass that number along just as easily as any credit card number if I forget to unclick the little box.

I'm not sure, but it looks like the Discover system is the same (or worse - you can't set a customized expiration date for their account numbers).
posted by muddgirl at 11:40 AM on November 18, 2009


We got hit by this a year ago when we used 1-800-FLOWERS. A few weeks after the flower delivery to my grandmother, a $15 bullshit charge appeared, and it was a hassle to get it refunded. They required that we fax proof of the charge to them.
posted by spikeleemajortomdickandharryconnickjrmints at 11:58 AM on November 18, 2009


Going after the loyalty programs themselves is one thing, but there will always be more scammers. Why aren't we going after the websites using these tactics in the first place? Do you seriously think US Airways, Orbitz, Fandango, FTD, etc... are somehow unaware of the extent to which they are handing their customers to third parties to be scammed? This is no different from US Air making a deal with a thug to shakedown customers in the terminal lobby in exchange for a share of the ill-gotten gains (actually, it's even worse than that, as here US Air is the one handing your credit card number to the thug). Yet in that case, we would obviously be going after US Air in addition to the thug. Here, the people benefiting from the scam, to the tune of 10+ million, get a free pass.

Forcing these companies to forfeit their affiliate payments, times three (for fraud), would be a darn good start.
posted by zachlipton at 12:00 PM on November 18, 2009 [1 favorite]


I got fucked over by freecreditreport.com (mistook it for the free government enforced credit reports). They were charging my account something like $10 a month for "services". I found it after a couple of months and was pissed.

Of course they claimed there's nothing they can do but I was persistent and more importantly filed complaints with the BBB. This did the trick. I heard back from them pretty quick and they refunded me. Criminals.
posted by schwa at 12:08 PM on November 18, 2009


There's no reason to use an entirely different device, just make it work on people's cellphones. You could even go as low tech as simply sending a text message, and denying the charge if the user doesn't respond quickly enough. On more high-end phones you could have an app that would pop the charge on the screen, and present a 'yes/no' buttons for the user to press.

It's definitely more convenient to have this implemented on a cell phone and/or computer rather than requiring a separate little gadget. And for the sort of scam under discussion in this thread, I agree it would be just as good a solution.

It almost exists already for online stuff, in the form of "Verified by VISA" and the like, except that those are currently optional, and it's the vendor who decides if they want to use it or not. Allowing cardholders to set a flag that says "don't allow my card to be charged without successful VBV authorization" would be nice.

Where my desire to have a completely separate gadget for authorizing credit card charges comes from, is that if this function is in my phone or my computer, then the security of the solution is only as good as the security of my phone/computer, and the networks they're connected to. I'd rather have an entirely stand-alone little widget that has really minimal opportunities to be hacked remotely.

It would be cool if they could build this functionality into the credit card itself, along with a little touch-sensitive keypad, I suppose.
posted by FishBike at 12:18 PM on November 18, 2009


I got fucked over by freecreditreport.com (mistook it for the free government enforced credit reports).

As did many others.
Don't Fall for FreeCreditReport.com
"...credit bureau Experian was also slapped on the wrist by the Federal Trade Commission for misleading consumers at its FreeCreditReport.com Web site. The FTC said Experian didn't make clear to consumers that they would be charged $79 for an annual subscription after they signed up at FreeCreditReport.com.

What the FTC didn't say (but was abundantly clear to anyone with a brain) was that FreeCreditReport.com and Experian were benefiting from confusion over news stories telling consumers were entitled to a free copy of their credit report every year. And the site was designed to add to the confusion.

While not admitting wrongdoing, Experian agreed last August to give consumers refunds and make the terms of its product clearer. One year later, how is the company doing? The television ads are as misleading as ever. On the other hand, the Web site itself is improved, with a disclaimer featured fairly prominently. But it would be a stretch to say the terms are clear, the price is clear and consumers are being treated fairly.

Given all the confusion, and the legal action, it’s amazing that FreeCreditReport.com is allowed to continue operating. I know it continues to cause mix-ups. Earlier this year, during the hubbub about the missing Veterans Administration laptop, I heard experts testifying before Congress point to the wrong site by accident. In April, an ID theft expert speaking to students in Tacoma, Wash., pointed the teenagers to the wrong site, and was quoted in the local Tacoma News Tribune. The newspaper was flooded with complaints." [more]
posted by ericb at 12:26 PM on November 18, 2009


Scamming scums -- 95,300 Google hits for "freecreditreport.com scam."
posted by ericb at 12:27 PM on November 18, 2009


Shutterfly ended up giving my credit card number out to one of these outfits last year after I spent at least $100 on Christmas cards. Since Shutterfly is public I managed to get the e-mail addresses of a number of the top executives and fired off e-mails to each of them explaining that I would never do business with them again. I am proud to say that I got their attention and received an e-mail back from the CEO and director of marketing saying they would make sure I was not charged by the affinity group. They also sent me about $50 in credits on my next purchase. The point being is that I let them know that their $100 in revenue from me was in jeopardy for whatever % cut they get on the $15 monthly charge to my card.
posted by otto42 at 1:09 PM on November 18, 2009


Well, let's be honest, there is no real technological or process reason this couldn't be prevented by the credit card companies, it's just that they've simply calculated that the cost of dealing with complaints is less than the cost of implementing a new system.

So, if you want to stop this kind of thing, the only way is to make it more expensive for the credit card companies(and Orbitz and buddies) to deal with it.
Call up. Harass them, make them pay just one more call center person. Do chargebacks. Whatever. In short, cost them cold hard cash.
posted by madajb at 1:17 PM on November 18, 2009


"there is no real technological or process reason this couldn't be prevented by the credit card companies"

Maybe this is somewhere where mint.com can step in and help the consumer. There's no reason mint.com couldn't flag a transaction on one of your accounts as a possible scam (much in the same way google will keep you safe from spyware sites).

Of course mint.com got bought by you know who. So maybe this kind of innovation is behind them.
posted by schwa at 2:19 PM on November 18, 2009


mint.com partnered with freecreditreport.com. "We'll pay you to help us scam your customers" is a powerful business model.
posted by Nelson at 2:24 PM on November 18, 2009 [1 favorite]


I HATE THEM. I also got screwed by freecreditreport.com. Two weeks after I cancelled my free trial, I encountered a charge on my statement for MVC SHOPESSPLUS, apparently from an outfit called "Shopping Essentials," which I'd never heard of until Google turned up this FAQ page. It blew my mind. When a company's most frequently-asked question is "What the hell is this charge and what the hell is it doing on my billing statement?", it's a good indication that they're not employing the most above-board enrollment practices. And they don't even put much effort into dissembling, they're just like, "Oh! You found us! Huh! How'd we get your name, you ask? Well, you probably agreed somehow or clicked a button or something, we're not really sure. Want some supplements?"

Shopping Essentials is run by Vertrue under the name Adaptive Marketing, LLC, a large-intestine-like processing center for scammy "consumer savings programs" the net over. A list.

To their credit, they refunded the charge immediately after i wrote them a pissed-off e-mail. I suspect that if I hadn't discovered it immediately I would have had much more trouble. I sent a complaint to the FTC, but internet complaints go back for years. I can't believe they haven't been shut down yet.
posted by granted at 3:40 PM on November 18, 2009


"mint.com partnered with freecreditreport.com"

Awww. That's really ruined my whole day now.
posted by schwa at 3:48 PM on November 18, 2009 [1 favorite]


Seems that if so many MeFi users, who tend to be fairly advanced net users, have been bit by this, we're talking about pretty darn heavy levels of fraud here.

On the other hand, MeFi, as we all know, is a giant cabal scam, so perhaps we're all just suckers who are ultra-susceptible to other scams...
posted by zachlipton at 9:22 PM on November 18, 2009 [1 favorite]


I had a MC charge of $167 this summer from lifestylerewards.ca, a tentacle of Vertrue. They sent me a brochure in the mail saying that "unless you call this number within 10 days, we're going to charge your credit card $167." I didn't believe them. Fortunately Citi MC removed the charge, but I suspect they were the ones who gave Vertrue my card number in the first place.

So aside from all the other stuff, they operate on a solid base of outright fraud. There seems to be very little legal protection against this kind of thing in Canada. Which is probably why Vertrue opened a branch office in Montreal.
posted by sneebler at 9:39 PM on November 18, 2009


« Older Bittmanfilter: 101 Head Starts on the Day-- "The M...  |   Revenue reality of a bestsell... Newer »


This thread has been archived and is closed to new comments