Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Mastercard Bans Automatic Billing After Free Trials (pcmag.com)
337 points by ceejayoz on Nov 23, 2019 | hide | past | favorite | 76 comments


From the linked blog posting:

>The rule change will require merchants to gain cardholder approval at the conclusion of the trial before they start billing. To help cardholders with that decision, merchants will be required to send the cardholder – either by email or text – the transaction amount, payment date, merchant name along with explicit instructions on how to cancel a trial.

https://newsroom.mastercard.com/2019/01/16/free-trials-witho...

Note the "... instructions on how to cancel a trial". I read this as signifying auto-charging commences at end of the trial. And merchants can continue forcing customers to jump through whatever hoops they had set up already. The only new requirement from MasterCard is sending of an email shortly before the auto-charge.

Am I wrong?


No, you're right. MasterCard is grossly misrepresenting (i.e. lying about) what they are doing. It's opt-out, not opt-in.


True, but what they are implementing is still a significant improvement over the status quo. The simple notification is going to cut into the profits of many companies banking on people not bothering to check when their trials are over. While MasterCard might be misrepresenting (read: overselling) what they are doing, the new situation is undoubtedly a net benefit over the current situation.


Sorry to hijack the top comment, but can the title here be changed please to reflect the reality of the situation. Mastercard are not doing what this title says.


This is from January: https://newsroom.mastercard.com/2019/01/16/free-trials-witho...

Also, it only applies to physical products.


What kind of physical products have monthly subscriptions and start with free trials?


Lots of shady retail subscriptions out there, especially in the supplement 'healthcare' product market.


Pretty much any IOT device with the business model of subsidizing hardware to provide some data based product paid subscription.

Smart home camera/doorbell systems are good examples of this. I bought a house and didn't renew a ring subscription so the whole system was basically unusable and we replaced it with an 8 Dollar doorbell.


I got tricked into a very dark-patterned coffee subscription company called Amora Coffee.

I got one of their coupon with a Hello Fresh box. Which, by association, at the time increased my trust in this Amora Coffee company. And now, after being scammed, only ruined my trust in the Hello Fresh company. Never bought it again, never will, and will tell everyone who asks not to buy.

I will try to list all the dark patterns that I remember but you can google "Amora Coffee scam".

First, they present themselves as a regular e-commerce selling coffee. They offer a coupon for a free first purchase.

The site seems legit enough and they only ask you to pay $1 for delivery fee. It seems a great deal, even if the coffee is not that good, worth trying it. You even think that they must have a really good product to offer a free full-sized sample. Their conversion rate must be phenomenal at this step.

But in that step alone there are two parts of the scam already.

You realize them only after you paid. In the receipt, if you took the time to read it and pay attention (how often do people really read the receipt of what they just purchased?), you learn that you just signed up to a subscription!! You are not just buying one bag, you are paying a subscription and, unless you cancel, you will be charged full price soon enough.

The $1 dollar fee is that they need your credit card to be able to charge you the recurrent fee before you know it is a scam (you will know soon enough). They probably charge $1 just to avoid trouble with the credit card companies (they will have a first legitime, undisputed payment after all).

The subscription itself is another step of the scam. You pay every two weeks, not every month as it's the common practice. Also, they claim that to not be charged, you have to cancel the next delivery before it has shipped. In practice, it all means that you have to cancel the subscription (that you never knew you had signed up to) in a week, which is even before the first "free" delivery has arrived.

So, I was savvy enough to get the scam in time by reading the receipt and googling "Amora Coffee scam". So, I just would cancel immediately.

How do you cancel? You have to go to their site, log in into your account and cancel there.

Ok, the scammers have not given up stealing my money just yet. To my surprise, the email I used to make the first purchase is not my username to log into their site. I have yet to create an account. To do that I have to input my email and a numerical code that is hidden in the receipt that I got. It is there, but you have to find it with no help at all.

Did I just jumped all the obstacles that the thieves were putting in front of me? No! The "create your account" form just didn't work!! Looking on online reviews you notice that that form is not working for over an year!!

It is impossible to cancel your subscription.

So I find a email, send a very straightforward message telling them to cancel. So I have not being charged. Apparently I avoided the scam. Still, they got that first $1 of mine from the initial purchase. Probably what they bribed Hello Fresh with to steal from their customers.


Here in the UK we have a Direct Debit Guarantee [1] which makes scams like that very difficult.

It gives very strong protection to the payer including the ability to cancel a DD just by contacting your bank and claim a refund for incorrect payment from your bank as long as you have a convincing reason.

[1] https://gocardless.com/direct-debit/guarantee/


Card payments are not Direct Debit, which the Direct Debit Guarantee covers. Direct Debit is a different payment method that uses your bank account number and sort code. From the page you linked: "...making Direct Debit the UK’s safest payment method".


You should submit a complaint to the State Attorney General of the state you live in, the state(s) the company operates out of, and the state the company is incorporated in.


The $1 fee is generally standard to see if your card is legitimate.


Most modern payment gateway APIs will offer a 'verify' command. This will tell you if the card is viable (not closed) and you can usually pass additional fraud-scoring data (address and CVV verification) to further sanity check. Some APIs will use this to provide you extra metadata (i. e. the card issuer or type) which could theoretically be useful for fraud checking or customizing an offer (I'm imagining a cross-promoted "Pay with your Citibank debit card for 2% off") These typically don't even register on your statement.

The next step up from there is the "authorize only" that some of the other commenters mentioned. You can do a $1 authorization, but if you're going that way, you may as well authorize for the full amount, because the APIs typically let you convert that directly to a live charge if it was successful; it also helps avoid customers gaming your trial process by giving you a prepaid card with just $1 on it.

In some cases, they'll implement the "verify" process as something like "Authorize-only for 1 cent, then immediately cancel it" for technical reasons.

The entire payments ecosystem is a layer cake of abstractions that don't quite match each other perfectly.


Generally it's a pre-auth on the card to see if it's legitimate and it will fall off after some time. If they actually capture it, their devs are either being lazy or they really want that $1.


The fee was stated as the "delivery fee", it was not a check, but a payment


Places like Birchbox are huge pieces of crap. They free trial you but also renew you automatically for a year at a time and won't let you cancel. Look up reviews of it any you will see hundreds and hundreds of complaints and I experienced it first hand.


I hope this includes gym memberships.


Meal boxes, for one. My first shipment at https://makegoodfood.ca was free with a coupon.


I had a subscription for children's books. [1]

[1] https://bookroo.com/


As mentioned at the beginning of the article, the model is particularly common with skincare and “healthcare” (mostly, actually, homeopathic frauds and wellness/supplements, not regulated drugs and medical devices) products


Contact lenses


Any TV ad that caters to older Americans--esp monthly pills, etc.

https://www.vox.com/the-goods/2018/12/19/18148981/fake-free-...


Monthly pills is a reasonable reason to have auto billing.


Thanks for this comment. The date made me sceptical and this from a business perspective not so good for online companies.

Also would be a one sided move when only done by Mastercard.


Wouldn't it be better if mastercard directly or via the issuing bank gives the customer an option to revoke permission to auto-charge based on vendors or set limits on how much each vendor can charge during a 30 days period?


One of the things I like about Paypal is that I have a list of entities authorized to pull money from my account and I can simply revoke them.

It's a critical tool for managing your finances.


Paypal is THE absolute worst place you can have money stored or linked.


Yet they offer this critical feature that neither my bank nor credit card offer.

Nobody in the space is batting for you, btw. Just pick your poison. I once used a bank that would reorder by purchases to maximize their $35 overdraft fees.

> A Pew Charitable Trusts report from December 2016 said that, at that time, more than 40 percent of banks in the U.S. shuffle transactions to maximize overdraft fees.

The fact that you and I both can come up with examples where Paypal sucks (like account freezing) is only evidence for how bad US financial services are where people like me still gleefully use Paypal.

And the authorized billing system is one thing Paypal got right.


Privacy.com offers an alternative where you generate a new VISA card and they lock it down to a vendor. You can set limits. Once it gets leaked they notify you. Someone here on HN mentioned they were able to report it to their water company that their card was compromised on their site.


As an aside wouldn't the way to maximize overdraft fees be to apply transactions in sorted highest debit to lowest, and only then start to apply deposits. It wouldn't be so dark if they just mention it as how they do the fee charging.


Yes, that is exactly what Bank of America used to do, including putting an overnight hold on cash given to a teller. Regardless of what the fine-print-nobody-reads said, it was "dark" and illegal and eventually stopped due to a class action lawsuit.

(One of) their current scam(s) has gotten a bit cleverer in that they don't actually break the law themselves but rather just induce their customers to commit check fraud - if you receive a check drawn on Bank of America and present it in person at one of their branches, they won't honor it for the full amount!


Yeah but as per the parent post - Paypal makes revoking a recurring fee easier, as sometimes there is not an option within a particular SaaS product/service to disable recurring fees. Also it is impossible to login to Mastercard's systems to ban/revoke a particular service from charging your card.


And the reason is...?

I've been using PayPal for like 15 years and I've never had a problem with it. "Until you do" is not an acceptable answer to my question. Things work until they don't, that's not a reason not to use them.


It's not even that bad for users. Paypal sucks for people on the merchant side of the transaction. People who actually accumulate money in accounts are those that always complain. Merchants feel like they have to stick with it just to open up more payment options to their customers though. Now paypal even keeps all fees no matter if a customer returned an item. So if you are selling say cameras for $1000.If someone returns the camera. Paypal keeps about $30 - actually you are out $30 for every return.


The reason is their history of locking users out of huge sums of money, despite the users being legitimate. One of the more high-profile examples: http://www.escapistmagazine.com/news/view/103385-PayPal-Free...


That's supposing I would be stupid enough to keep money in my PayPal account, which I'm not.


How about having a card 'linked'?

As far as I know, PayPal have no history of stealing money from linked cards.


whats the alternative for the ubiquitous payment processor on the web with a centralized interface that allows to communicate with the seller / buyer, addresses complaints, allows to cancel subscriptions etc?


Paypal is fine for sending and receiving payments, but just don't store your funds in PayPal. They have a tendency to seize your money at the drop of a hat. Sweep to bank account every day.


It works the same in the EU for SEPA authorizations. I have a list on my bank account, and I can review and revoke any of them with a simple click. But it doesn't work with services that are billed through my card instead.


C'mon now, you're asking banks to do something to make our lives more convenient.


It would be better to also have that, but not better by itself.


That's one of the reasons I use Privacy.com


I worked for Jeremy Johnson in Utah. He stole millions from people doing exactly this.

https://blog.zamicol.com/2018/03/mormons-polygamists-and-eva...


Wow, that's an incredible story. Kudos to you for getting to the bottom of it.


More details on Mastercard and Visa’s policy: https://midigator.com/blog/free-trial-rules-how-does-masterc...


The title really needs changing, since it's a lie, according to the top-rated comment.


Even something like Grammarly should be managed better. They offered something like $8/month which was OK and I assumed was set until I changed it. But then suddenly I was billed for a full year which I was not expecting.

I hadn't noticed for a few months since I went back to college and missed the three month grace period. It took a lot of back and forth negotiating before I got only 50% of the fee back.

Grammarly is a very aggressive company. And even worse I saw mistakes in the suggested corrections. The only thing I liked was the plagiarism detection feature.


That seems like a lot of money for a glorified spell checker / keylogger


Well, the solution for most companies will be no more free trials.


I mean if the reason you offer free trails is to make money on people forgetting to cancel then it’s probably best to just not offer a trail.

If you’re offering a free trail to actually let customers evaluate your product then you’ll probably be unaffected by this.


The purpose is not to "make money on people forgetting to cancel."

The fact of the matter is that many more people buy when a free trial is offered. If your competitor offers a free trial, and you don't, they get more sales than you.

It's "risk reversal". Similar to a "30 day money back guarantee". People are attracted to the idea of there being no risk to trying this and not liking it.

In some industries, you simply HAVE to offer it.


There is a really simple workaround -

     if (person_abandoned_trial) {
        dont_pretend_they_consented_to_lifetime_billing()
     }


I think a better one is to just never auto-charge after the trial, and lock down your service asking them to start a plan for the main service after the trial.


In that case, offer a limited billing period in line with the trial time period (30 days in your example) and ask the customer for an extension at the end of the billing cycle. If your theory of "risk reversal" is true, they will extend the subscription. It's a win-win, consumers register for "risk reversal" and business get the chance to demonstrate their services.


Thats fine, but what about automatically rolling over to a paid subscription? That's not a trial, that's a first-30-days-free offer.


You can still de-risk the proposition by offering a money back guarantee. Or indeed a free trial where the user gets prompted to confirm they want to subscribe when they try to login in after the free period is up - not a massive issue when the service is actually worth paying for to them. Or indeed a free trial where there's no automation at all and company negotiates a contract with the salesperson after the free period is up.

The only people affected by losing no-confirmation autobilling are those who make non-trivial portions of their revenue on people forgetting to cancel. And the industries and businesses that HAVE to rely on that deserve to fail, frankly.


> If your competitor offers a free trial, and you don't, they get more sales than you.

Luckily, this would affect both me and my competitor. :-)


Dubious ethical business practice is not somehow magically excused by the presence of competition. This attitude makes my blood boil.


Are free trials unethical? I’m not convinced.


Only unethical if you obscure the fact that people are signing up for a recurring bill and/or hope they forget to cancel despite not using the service.


I've not seen it obscured. Its difficult to read a person's mind to know I'd they forgot to cancel or actively remembered they had a subscription.


Yes but you designed in such a way that the users intent is obscured and assume the intent that benefits you.

If you just don’t auto-bill and ask them for confirmation after the trail then you know for sure.


A lot of good software works just like this regarding the free trial. The program works for 30 days or 10 uses or such and then disables saving until you buy it. If the software is terrible you simply stop using it. If you found it useful and want to keep editing whatever files you made with it, then you buy it. They don't tell you it is free for 30 days and then charge you at the end of the 30 days unless you figure out how to cancel it. (Often made to be a very difficult task.)

Many newspaper web sites now seem to operate under this model as well, so many free articles per month as a free trial, then a paywall. Sometimes the paywall offers a second tier of free trial, like unlimited articles for a month, and then they start charging. One would argue that the second tier has to start charging automatically otherwise people could simply get a free trial each month. Not so, the free trial is tied to a credit card number and name so the person can't simply keep renewing trials forever. The card policy on trials in this case should still be to get consent before starting the subscription and charging. Many people avoid these sorts of free trials after finding out that cancelling the paid subscription is nearly impossible, sometimes requiring sending through the post a letter in a certain format to an unpublicized address. Having the policy be that consent is required would likely increase the number of people being willing to accept free trials, and the number who subsequently subscribe because they actually like the content or product and not because they got tricked by dark patterns. Many dark pattern operating content providers might have to increase their quality though to retain customers.

It's not enough to have credit card policies on these things, subscriptions are so often abusive that legal reform is needed. In addition to requiring consent after the trial, auto-renewing subscriptions should never be allowed to be the only or default choice. Auto-renew should be something you have to opt in to and we need legal reform to require that disabling auto-renew must be simple, straightforward, and available.


I doubt that, there's a lot of companies that have free trials without automatic billing afterwards and they are doing just fine. The alternative to not have free trials but people cancelling and wanting their money back after a week is probably more administrative work than offering a non-automatic-billing trial.


Offer a free trial and then require the user to take further action to enable auto-renewal once the trial ends instead of preying on their forgetfulness.

Bonus: Let users pay with Paypal so that you show up on their authorized organizations list so that they can revoke your access to their money without jumping through your arbitrary hoops like having to make a phone call and talk to a high-pressure sales rep just to remove your grabby paw from their cookie jar.

I'll never forget the experience of canceling 24-Hour Fitness' recurring billing a decade ago. I had to schedule an appointment with their sales department in person and was berated with questions like "So, why have you decided to stop taking your body and health seriously?" by some smug prick sitting back in his chair with his feet on his desk. Such a stupid default system we have.


For physical products, it’s doesn’t make sense. You get chargebacks and high churn. You also get people who cheat the system with throw away emails. The business has to focus on catching these people and making it hard to cancel. These are things that don’t actually drive value for both the company and customer.

Best decision we made at a subscription CPG startup was cut our 1st month free promo and instead focus on creating a brand through marketing and high quality products. This allowed the company to successfully exit after only 5 years.

Companies that take the approach free trial approach burn their customers and get nailed by the government. A good example is a diapers subscription company that got nailed by the FTC ultimately leading to down round and giving up their subscription bundle.


Only the companies with shitty products. Consumers will happily subscribe to services that provide something they want.


This is already the case in certain jurisdictions. e.g. Quebec explicitly bans free trials that automatically rebill at the end of the trial period. Solution for most companies have been to offer a longer membership periods in Quebec. (e.g. Amazon Prime in Quebec is initially 13 months for $79.)


Is this just a policy change? How could they enforce this?


By forcing its issuers to revise their chargeback policies to always allow a chargeback under these circumstances.

It’ll get really expensive for the vendor very fast.

Before, there were plenty of stories of issuers telling cardholders that they’re screwed and have to pay up.


They can enforce it by revoking the merchant’s access to the Mastercard network.


Which, for a merchant, if it happens, is damn near a death sentence. If you can't accept payments from Mastercard anymore, your business is pretty screwed.

So in practice this works mostly by deterrence. They rarely have to actually drop the hammer. Most merchants will comply well before it ever gets to that point.


Got it. So, if a startup is using Stripe to charge, I assume Stripe is able to pass that revocation on to the startup?


It’s just great! I think, it’s a very useful initiative!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: