Author Topic: Questions for the nominated five (Read 15618 times)

RT · « **on:** March 14, 2011, 05:40 »

I thought I'd start a thread where we can post questions we'd like asked by the nominated five for the conference call with iStockphoto HQ regarding the recent fraudulent credit card transactions we have suffered.
Let's keep this thread precise and to the point, this thread isn't to be used for your opinions on the nominees or indeed the whole idea of the conference call.
Once the names of the nominees have been announced I or someone else if I don't say that I've done it here (I'm away quite a bit at the moment) could then contact those people and send them the link to this post.
Although they'll be required to sign an NDA by iStock and may not be able to give answers to the questions at the time being should there be any legal action at a later date either individually or as a class action at least iStockphoto should then be in a position to have the answers.

Just to clarify something, for anybody thinking this is a witch hunt going after iStockphoto think again, this is to discover which party (if there is one) will be ultimately responsible for covering any financial loss, that may be the banks/ card issuers, security providers or it may be iStockphoto if they've neglected requirements for card transactions. I'm as angry as the next person that this has happened but my goal is to get answers.

The question I'd like asked is this:

Q - Who do iStockphoto say is legally responsible for bearing the financial loss of these transactions:
a - The card issuing company/bank
b - The merchant (i.e. iStockphoto.com)
c - Us (as in contributors) the victims of this crime being that it was our property (images) that were downloaded using the fraudulent card transactions.
d - The cardholder, the person who's card number was used.

For clarification I understand why the royalties have been taken back from our accounts as we can't benefit from the actual crime itself which is what would be happening if they left the money with us, however at some stage somebody has to be responsible for the financial loss.

Modified to add a couple of more questions:

Q - Do iStockphoto have a security protocol in place such as 'Verified by Visa' or after the initial discovery of Fraudulent card use back in December was one implemented then.

Q - Does and did iStockphoto fully comply with PCI DSS & PA DSS requirements.

Sadstock · « **Reply #1 on:** March 14, 2011, 06:24 »

What security measures were in place at the time of the first theft?
What changes in security were made after the first thefts were detected?
Why could additional thefts take place after new security measures were in place?
Can Istock guarantee additional charge backs will not be passed along to contributors?

RT · « **Reply #2 on:** March 14, 2011, 06:34 »

Quote from: Sadstock on March 14, 2011, 06:24

What security measures were in place at the time of the first theft?
What changes in security were made after the first thefts were detected?
Why could additional thefts take place after new security measures were in place?
Can Istock guarantee additional charge backs will not be passed along to contributors?

Thanks for your questions, I was modifying my post at the same time you were writing yours and had added two questions that cover your first two. FYI I have a legal background, your 3rd and 4th questions are not something that IMO should be asked as any answer may be classed as opinion not factual based or are speculative. For instance to ask why it happened again would be the purpose of the investigation anyway, to ask if it'll happen again is not something anybody could answer because any law or conditions of card use that applies now could be amended in the future.

cathyslife · « **Reply #3 on:** March 14, 2011, 07:05 »

I don't have any questions, because it's a waste of time. Questions aren't going to be entertained or answered in any kind of manner that I trust coming from IS. I would like to see independent attorneys and accountants, hired by contributors, to take a meeting. Those are the answers I want to hear.

RT · « **Reply #4 on:** March 14, 2011, 07:41 »

Quote from: cclapper on March 14, 2011, 07:05

I don't have any questions, because it's a waste of time. Questions aren't going to be entertained or answered in any kind of manner that I trust coming from IS. I would like to see independent attorneys and accountants, hired by contributors, to take a meeting. Those are the answers I want to hear.

I can understand this reaction and in truth the purpose of me wanting these questions answered is not to get immediate answers from the conference call, as I've explained above these are questions that will need to be asked if anybody does decide to take future legal action against any parties involved.

To make my position clear, I don't now or in the future intend to take any action against iStock themselves, they make me a lot of money and for the few hundred dollars I've lost as a result of these transactions I don't consider it worth breaking relationships with iStock and I have no doubt that anybody who takes them to court will find their portfolio deleted (I'd do the same within anybody suing me). From what I've seen so far these transactions were authorised by the card companies initially and then charged back once the transactions were discovered to be fraudulent. The questions I've asked above are intended to discover to whom the blame falls and should I or anybody else decide in the future to take any form of legal action we will need to show that they've been asked. For me personally that would be against the card or security companies, for others they might want to take action against iStock although as it stands legally the taking back of the royalties is quite legal and within the contract we all signed.

I've always been quite vocal about iStock and although I have a kind of anonymity here I have no doubt they could find out who I am within seconds, I think their communication over this matter (and generally) sucks like many other aspects of the site at the moment but I urge people to consider their own position carefully before making any knee jerk reactions regarding legal matters. IMO they've made some huge errors over this but being told by the card company the transaction is approved to only find out later it's not isn't something I blame them for, letting it happen over and over again is something you can form your own opinion about!! They're not perfect and I'm pretty sure they could have done something to prevent or lessen the effect but my anger is with the thieving scumbag that used the card numbers to download my images and the banking industry that allow this to happen all too easily.

cathyslife · « **Reply #5 on:** March 14, 2011, 07:55 »

Quote from: RT on March 14, 2011, 07:41

Quote from: cclapper on March 14, 2011, 07:05
I don't have any questions, because it's a waste of time. Questions aren't going to be entertained or answered in any kind of manner that I trust coming from IS. I would like to see independent attorneys and accountants, hired by contributors, to take a meeting. Those are the answers I want to hear.

I can understand this reaction and in truth the purpose of me wanting these questions answered is not to get immediate answers from the conference call, as I've explained above these are questions that will need to be asked if anybody does decide to take future legal action against any parties involved.

To make my position clear, I don't now or in the future intend to take any action against iStock themselves, they make me a lot of money and for the few hundred dollars I've lost as a result of these transactions I don't consider it worth breaking relationships with iStock and I have no doubt that anybody who takes them to court will find their portfolio deleted (I'd do the same within anybody suing me). From what I've seen so far these transactions were authorised by the card companies initially and then charged back once the transactions were discovered to be fraudulent. The questions I've asked above are intended to discover to whom the blame falls and should I or anybody else decide in the future to take any form of legal action we will need to show that they've been asked. For me personally that would be against the card or security companies, for others they might want to take action against iStock although as it stands legally the taking back of the royalties is quite legal and within the contract we all signed.

I've always been quite vocal about iStock and although I have a kind of anonymity here I have no doubt they could find out who I am within seconds, I think their communication over this matter (and generally) sucks like many other aspects of the site at the moment but I urge people to consider their own position carefully before making any knee jerk reactions regarding legal matters. IMO they've made some huge errors over this but being told by the card company the transaction is approved to only find out later it's not isn't something I blame them for, letting it happen over and over again is something you can form your own opinion about!! They're not perfect and I'm pretty sure they could have done something to prevent or lessen the effect but my anger is with the thieving scumbag that used the card numbers to download my images and the banking industry that allow this to happen all too easily.

I don't think anyone is making a knee-jerk reaction...this has been going on for months, with no end in sight. It's more like the straw that broke the camel's back.

Back to the topic, in the context you just explained, the questions will be helpful.

RT · « **Reply #6 on:** March 14, 2011, 08:03 »

Quote from: cclapper on March 14, 2011, 07:55

I don't think anyone is making a knee-jerk reaction...this has been going on for months, with no end in sight. It's more like the straw that broke the camel's back.

Sorry I meant it along the lines of "Right I'm going to sue.....uhmmm....now who's responsible"

Off topic - I was once involved in a fraud case, there were six defendents and two victims, the case went on for six years and was heard in two court rooms, one room was used just to store the paperwork! Don't expect an early result

Sadstock · « **Reply #7 on:** March 14, 2011, 08:56 »

Quote from: RT on March 14, 2011, 06:34

Quote from: Sadstock on March 14, 2011, 06:24
What security measures were in place at the time of the first theft?
What changes in security were made after the first thefts were detected?
Why could additional thefts take place after new security measures were in place?
Can Istock guarantee additional charge backs will not be passed along to contributors?

Thanks for your questions, I was modifying my post at the same time you were writing yours and had added two questions that cover your first two. FYI I have a legal background, your 3rd and 4th questions are not something that IMO should be asked as any answer may be classed as opinion not factual based or are speculative. For instance to ask why it happened again would be the purpose of the investigation anyway, to ask if it'll happen again is not something anybody could answer because any law or conditions of card use that applies now could be amended in the future.

Point taken on the non-fact based question/answer, but I'd still ask none the less, as how they answer questions like the above is equally important as to what the answer is. Certainly they might be advised to not answer any questions like this, but there is no harm in asking and maybe there is an upside.

caspixel · « **Reply #8 on:** March 14, 2011, 09:51 »

Are questions even going to be allowed or is this an exercise in futility? KK specifically said the Fab 5 were going to be the "ears" of the community. He said nothing about voices.

RT · « **Reply #9 on:** March 14, 2011, 10:50 »

Quote from: caspixel on March 14, 2011, 09:51

Are questions even going to be allowed or is this an exercise in futility? KK specifically said the Fab 5 were going to be the "ears" of the community. He said nothing about voices.

I'm basing this thread on his comment:

"I'm going to lock this thread. Someone can start a new one where they nominate people they'd like to speak with us. They will need to be exclusive members. Nominate away."

To me that means a discussion, but in the past he hasn't exactly shown a trend of well thought out comments and I think his strings are being pulled by the person who's really in charge, so who knows they may be able to ask questions they may not.

microstockphoto.co.uk · « **Reply #10 on:** March 14, 2011, 11:56 »

Q: Which actions are you taking to prevent downloaders from using our pictures after chargeback? (otherwhise, you are effectively giving away our images for free)

lisafx · « **Reply #11 on:** March 14, 2011, 14:04 »

Quote from: RT on March 14, 2011, 08:03

Sorry I meant it along the lines of "Right I'm going to sue.....uhmmm....now who's responsible"

Off topic - I was once involved in a fraud case, there were six defendents and two victims, the case went on for six years and was heard in two court rooms, one room was used just to store the paperwork! Don't expect an early result

Obviously I yield to your greater legal experience, but it seems to me that a pending class action suit, or the serious threat of one, might be a big motivator for Istock to pull it's act together and stop screwing contributors. That is an early result that would be most welcome, over and above any eventual damages.

ffNixx · « **Reply #12 on:** March 14, 2011, 14:21 »

Excellent thread, thank you. I hope the 5 representatives will read it.

I have one question, the only question I think is worth asking:

Why doesn't iStock have insurance to cover losses due to fraud, when other high profile companies do have such insurance? If the answer to this question is that it is too expensive, ask two things: 1) how does the cost of the insurance compare to the loss contributors have suffered due to fraud; and 2) how does the cost compare to the yearly profit iStock makes? Drive the point home: unless iStock demonstrates otherwise, their assertion of insurance not being a viable option will, quite reasonably, not be believed, and may lead to accusations of negligence in the future.

Sean Locke Photography · « **Reply #13 on:** March 14, 2011, 14:27 »

Quote from: ffNixx on March 14, 2011, 14:21

Why doesn't iStock have insurance to cover losses due to fraud, when other high profile companies do have such insurance?

If any contributor at DT, SS, Fotolia, etc., wishes to contact their sites and find out if they have such insurance, and where it comes from, I would love to have that to bring up if I'm in the call.

microstockphoto.co.uk · « **Reply #14 on:** March 14, 2011, 14:32 »

Quote from: sjlocke on March 14, 2011, 14:27

Quote from: ffNixx on March 14, 2011, 14:21
Why doesn't iStock have insurance to cover losses due to fraud, when other high profile companies do have such insurance?

If any contributor at Dreamstime, Shutterstock, Fotolia, etc., wishes to contact their sites and find out if they have such insurance, and where it comes from, I would love to have that to bring up if I'm in the call.

Although quite less often than at IS, I got chargebacks at FT and DT, so I guess they don't have such insurance.
This never happened as SS, so they are either good at avoiding frauds, or take the risk themselves or they have an insurance.

caspixel · « **Reply #15 on:** March 14, 2011, 14:42 »

iStock keeps claiming there's no insurance to be purchased.

ffNixx · « **Reply #16 on:** March 14, 2011, 14:51 »

Quote from: sjlocke on March 14, 2011, 14:27

Quote from: ffNixx on March 14, 2011, 14:21
Why doesn't iStock have insurance to cover losses due to fraud, when other high profile companies do have such insurance?

If any contributor at Dreamstime, Shutterstock, Fotolia, etc., wishes to contact their sites and find out if they have such insurance, and where it comes from, I would love to have that to bring up if I'm in the call.

You don't really need that, and bringing the competitors into it might just dilute the point. The term is "crime insurance" or "fidelity insurance" and is a standard offering in the whole "business insurance" field. It certainly can be bought, from many providers, search the net. Maybe someone could even ask for a quote, or perhaps there's a microstocker working in the industry.

The point needs to be got across, both to iStock and contributors, that the question of insurance is key. Talking about security measures is of limited usefulness. There is no 100 percent security, and anyway, the people in the discussion are not expert in IT security, they could be told pretty much anything by iStock. IT security is a complex subject and it's the criminals that are usually ahead of the curve. So please, do focus quite assertively on the question of insurance.

lisafx · « **Reply #17 on:** March 14, 2011, 15:03 »

moved to more relevant thread

Sean Locke Photography · « **Reply #18 on:** March 14, 2011, 15:22 »

Quote from: caspixel on March 14, 2011, 14:42

iStock keeps claiming there's no insurance to be purchased.

Right - that's why I want to know if someone somewhere has an actual policy that would cover it. Maybe John G. could chime in?

gostwyck · « **Reply #19 on:** March 14, 2011, 15:40 »

Quote from: sjlocke on March 14, 2011, 15:22

Quote from: caspixel on March 14, 2011, 14:42
iStock keeps claiming there's no insurance to be purchased.

Right - that's why I want to know if someone somewhere has an actual policy that would cover it. Maybe John G. could chime in?

I doubt very much that any insurance company would touch this with the proverbial barge-pole. They simply would not have any means of accurately assessing the risk or the potential losses. Therefore they could not possibly price a policy with any expectation of covering potential losses or making a profit.

Even if they did have statistics covering the history of previous years, internet fraud is growing and changing at such a rate that they would be no guide to the future. It's not really something that could be defined as 'a risk' either as it's almost a certainty. The only thing that changes is the scale and the frequency of such theft.

Risamay · « **Reply #20 on:** March 14, 2011, 15:41 »

Quote from: cclapper on March 14, 2011, 07:05

I don't have any questions, because it's a waste of time. Questions aren't going to be entertained or answered in any kind of manner that I trust coming from IS. I would like to see independent attorneys and accountants, hired by contributors, to take a meeting. Those are the answers I want to hear.

+1

Jo Ann Snover · « **Reply #21 on:** March 14, 2011, 15:59 »

1. Are new iStock accounts handled differently from established ones? If not, why? Explain why having a few restrictions on new accounts only would not be a good solution to this problem.

2. Are iStock's procedures for handling credit card transactions the same as Getty's? If they are not, why is that and will they change to be the same?

3. If there have been frauds at Getty Images, how were contributors charged back (or not)? If there's a difference, why is that?

4. The site listing credit card problems showed incidents similar to the ones occurring in December 2010 going back many, many months. Why were steps not taken sooner? If they were taken, why weren't they adequate?

5. Why did fraud occur again in January and again at the end of February 2011? Given that whatever measures taken previously have failed, why is there any confidence that this problem will not recur?

6. Have outside experts in prevention of credit card fraud in online business (with card not present transactions) been consulted or hired? If not, why not.

7. There are many huge internet businesses (amazon.com, iTunes) which deal with online delivery of content purchased with a credit card in a card not present transaction. If they can make this work, iStock does not need to invent the wheel and can use industry best practices. What has been done to learn and follow those industry best practices.

8. Given that in the past frauds have not be charged back to contributors, why was this different?

9. What information do you have on what happened to the downloaded images? Is there anything that can be done to retrieve them.

10. Why don't you use the image tracking software that Getty uses? If it's a matter of cost, then given your newly increased percentage of the gross, don't you think you owe it to contributors to start doing what Getty does?

11. Has any analysis been done on the download patterns - going for the top sellers from many contributors portfolios, or downloading a bunch of themed images in quantities beyond anything typical for the site - to try and catch the fraud based on the downloads even if it escapes the first line of defense (purchasing the credits)? If not, why not?

If I think of more, I'll post

lisafx · « **Reply #22 on:** March 14, 2011, 16:18 »

Really insightful list of questions JoAnn. Wish you'd reconsider the panel.

gostwyck · « **Reply #23 on:** March 14, 2011, 16:22 »

Quote from: lisafx on March 14, 2011, 16:18

Really insightful list of questions JoAnn. Wish you'd reconsider the panel.

+1. So do I.

ffNixx · « **Reply #24 on:** March 14, 2011, 16:54 »

Quote from: gostwyck on March 14, 2011, 15:40

Quote from: sjlocke on March 14, 2011, 15:22
Quote from: caspixel on March 14, 2011, 14:42
iStock keeps claiming there's no insurance to be purchased.

Right - that's why I want to know if someone somewhere has an actual policy that would cover it. Maybe John G. could chime in?

I doubt very much that any insurance company would touch this with the proverbial barge-pole. They simply would not have any means of accurately assessing the risk or the potential losses. Therefore they could not possibly price a policy with any expectation of covering potential losses or making a profit.

Even if they did have statistics covering the history of previous years, internet fraud is growing and changing at such a rate that they would be no guide to the future. It's not really something that could be defined as 'a risk' either as it's almost a certainty. The only thing that changes is the scale and the frequency of such theft.

This is simply not true. Anything can be insured, ultimately through Lloyd's of London, if no other intermediary provider. And in fact, going through Lloyd's is standard procedure for multinationals. But there's no need, a quick search brings up this:

http://www.allbusiness.com/business-finance/business-insurance/930590-1.html?yahss=114-3470923-930590&siap=1

Search a little deeper, I'm sure you'll find more examples.

What's the point of being defeatist from the very start on such a key issue?

MicrostockGroup Sponsors

Author Topic: Questions for the nominated five (Read 15618 times)

RT

Sadstock

RT

cathyslife

RT

cathyslife

RT

Sadstock

caspixel

RT

microstockphoto.co.uk

lisafx

ffNixx

Sean Locke Photography

microstockphoto.co.uk

caspixel

ffNixx

lisafx

Sean Locke Photography

gostwyck

Risamay

Jo Ann Snover

lisafx

gostwyck

ffNixx

Related Topics

Sponsors

Microstock Poll Results

Sponsors