Internet Commerce, How Does It Fucking Work

This happens all the time and I don't know how to fix it.

Some dude tries to buy a ticket, and he sees this:

Error Processing Order

There was an error processing your order!
Your order has not been completed and your credit card has not been charged.

• Your credit card failed to authorize (The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder. Code N: Wrong address.)

If you are sure your address is correct, try contacting your bank to make sure they have the correct address on file.

It is possible that your bank has placed a temporary hold on the funds for this authorization, but they should be released after a short period of time. Your card has NOT been charged.

Please see our AVS FAQ for more details.

Then he goes to look up his order and he sees this:

Previous Orders

We have no orders on file for that email address and credit card.

If you entered the correct info but the order you are looking for is not listed here, then the order was not completed, and you were not charged.

If your bank says otherwise, it's probably not true, though it's possible that they've put a temporary hold on your card. It should clear up in a few days. Our AVS FAQ explains how that can happen.

Then he sends us email that says:

I purchased a ticket for the [REDACTED] show on your website. My bank says it is processing the transaction fee. I have waited a few hours now for the ticket to be emailed but it has not been. There was no confirmation on your site indicating that the transaction was successful (at least that I saw). I tried to track the order on your website. I got a message (attached) saying that you have no order on file. How long does it take to send/email the ticket? Should I try to buy another ticket? Will I be charged twice?

How...

How...

How...

HOW CAN YOU READ THOSE WORDS AND THINK THAT YOU SUCCESSFULLY PURCHASED A TICKET, AND THAT THE EMAIL IS ON ITS WAY?

What words could I possibly have said that would make it any clearer??

It's easy to just dismiss this as "herp derp, people are dumb", but seriously, this happens all the time. Like, a couple times a week. It's an epidemic.


Update: I changed the first part to look like this instead. Maybe this is clearer. Who knows.

Purchase Failed

Purchase failed!
Your order has not been completed and your credit card has not been charged.
Your credit card failed to authorize.

Your bank says:

"The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder. Code N: Wrong address."

It is possible that your bank has placed a temporary hold on the funds for this failed purchase, even though you have NOT been charged and DO NOT have tickets. If that happened, the hold will clear on its own in a few days. See our AVS FAQ for more details.

Please correct your info and try submitting your order again.


Update 2: And guess what, not 20 minutes after I made that change, I got this email:

I just ordered 2 tickets (twice, so 4 tickets in total) for the [REDACTED] event. both times, the website said failed transaction. However, my bank still charges me $34 twice. I forward here the email. Also, they gave me 2 codes that prove the transactions were successful: [NNNNNN] and [NNNNNN]

Can you look into it and help me cancel the orders and/or keep one that works. I need to have 2 tickets for tonight.

My number is [REDACTED] - please give me a call when you can. Thanks

Card Transaction / Authorization Alert

Please note the below transaction on your Credit Card ending with [REDACTED]

Transaction Amount: USD34

Transaction Date: 2015-06-13

For more details Login to Citibank Online

Regards,

Citibank N.A. Vietnam

Apparently there are no words that I can say that will make people believe me over the lies their banks tell.

Oh, and note that "this happens to me all the time" is something that they did not say, despite the fact that their card is from a bank in Viet Nam and the error was "Status G: Non-U.S. issuing bank does not support AVS". This means that no U.S. merchant who does address verification will ever accept this card.

Sigh.

Tags: , , , ,

54 Responses:

  1. People don't communicate with English anymore. You need to speak lolcat. If you show a fail gif, people will understand.

    • JR says:

      Concur entirely. One half of the picture is Fry ("shut up & take &c.") and the other half is something not working, like a GIF of a computer or some other piece of technology bursting into flames.

    • Tom Lord says:

      People don't communicate with English anymore. You need to speak lolcat. If you show a fail gif, people will understand.

      I so terribly wish you were completely full of shit.

      • k3ninho says:

        He said something I didn't understand. I'm told that our best feline team are on it. Meanwhile, here is:

  2. Your problem here is that hidden phrase "short period of time." Holds clear after 3 business days. You should BOLDFACEITALICUNDERLINEBLINK "three business days."

    • Jason McHuff says:

      And of course people don't understand the hold and see it as the transaction fee being processed.

      • Grey Hodge says:

        Holds clear in 1 to 10 days depending on your bank. Or, as Jamie said, some banks clear it immediately once a charge is successful.

      • Legolas says:

        I hate to admit it, but reading the messages above I too failed to realize that the 'hold' on funds meant it would be seen on a customers statement or bank website. It sounded like 'a possible reason for this failure is that your card is blocked' and I glazed over the details of the rest of it. I guess 'a temporary hold' is a cc-card technical term, I had just never heard it.

    • jwz says:

      It doesn't help that when they call the bank, the bank FLAT-OUT LIES TO THEM and refer to "AUTH" as "Charge".

    • jwz says:

      Also, this isn't really true.

      Holds clear in 3 days, yes.

      But if AVS is working properly, the hold is cleared immediately -- where immediately sometimes means 5 or 10 minutes.

      When is AVS not working properly? At fucking random.

      • If AVS is working properly, they won't see this message; they'll see a decline. 99 times out of a hundred, it's a non-English character in their address (which Authorize.net, the default gateway for virtually all US e-commerce at the end of the day) chokes on with alarming regularity.) And a decline doesn't result in a hold.

        But as JWZ says, the biggest problem is when they try to do it three or four times on a debit card, and then the next morning they look at their account and see their balance is down by several hundred dollars and they didn't get their shit. This happens to us all the time. I have a boilerplate reply.

        (A couple times I've had customers clean out their accounts attempting charges, and then they're broke, and I have to call their bank as the merchant and get the bank to clear the holds. This is irritating, especially when their bank is in, say, Lithuania or something.)

        Honestly, there's only so much you can do to save customers from themselves. Dealing with diptards is part of the cost of doing business, especially when you have an obtuse middleman like Authorize.net in the mix.

  3. josh says:

    Put the thing about the temporary bank charge after the first sentence.

  4. His mind is in task-completion mode, he feels he did the right step, so he's only looking for the ticket to confirm that he completed it. He's literally not reading things that don't look like what he's looking for. His brain filters seemingly-irrelevant details the same way it filters out the banner ad or between-paragraph ad links when he's reading a news site. Remember those? You looked at then the first ten times you saw them but you have ignored one in the last day without consciously being aware of it. Same thing: he knows how to buy online, he went through the steps, he clicked "Submit" once and only once, now he gets his order. That's the pattern. That's the task he's completing. Unrelated words literally do not exist.

    The fix is to present the error as something he already wants to pay attention to.

    On the "Previous Orders" page, list this failure like it's an order. Put it right at the top like it was his most recent order so he sees the band name and date, but put "FAILED" use the color red with a sad face next to it. (Not kidding about the face, humans pay a lot of attention to faces.) Let him click to see that error message again (and tighten up that copy, it's clunky), and give a link to retry the order from the last valid step. When an order succeeds, remove the failures from the "Previous Order" page.

    • Eric says:

      Yes, yes. This "task-completion mode [...] filters seemingly irrelevant details" explanation is pretty much what I was going to write.

      Basically the same phenomenon anybody who's done any kind of tech support runs into, where the helpful error dialog explaining exactly what went wrong is instinctively closed immediately without reading it because it's a pop-up barrier between them and their goal. (And then I'm resisting the urge to strangle them, because it took 15 minutes to get to the error dialog and all I managed to read before they closed it was "erro".)

      If you think of the problem as "the customer does not read anything beyond the bare minimum to proceed to the next step required to get what they want", then it becomes obvious that you should deliver the failure messages in all the same ways that you deliver what they want to them, so that when they get to that last step where they actually read some things, they see the error messages.

      In this particular case the (potential) customer has helpfully explained exactly what things they are looking for and would read: an email and some kind of "order history" on your website.

      In other words, I suggest keeping the "failed order" in the system records and show them the details of why it failed exactly in the place where they could see their ticket, send them an email very similar to the one they would receive with the ticket in it. If it's possible for an order to be in a "processing" (not yet successful or failed) state for more than a few seconds, maybe a view of that also needs to be available to them on the website. Extra bonus points if the "failed order" message leads them to something that lets them try again with different card info (and the rest of the info filled in).

      It's possible that there's change blindness problems going on, which mostly you mitigate by making sure that success and failure are distinctly visually different in every way possible: http://www.nngroup.com/articles/change-blindness/

      Don't rely too much on color. Use some other visual clues in addition to color. Over 1 in 20 men have trouble telling red from green and might not see that emphasis.

  5. Tom Lord says:

    Hey jwz, editor mode. Here's your problems right here:

    It is possible that your bank has placed a temporary hold on the funds for this authorization, but they should be released after a short period of time. Your card has NOT been charged.

    Assumes the simpleton: "Oh, but will be charged later after they decide the address mismatch wasn't fraud!"

    If you entered the correct info but the order you are looking for is not listed here, then the order was not completed, and you were not charged.

    Thinks the simpleton: Still not yet? How long does this take for them in this case?

    If your bank says otherwise, it's probably not true, though it's possible that they've put a temporary hold on your card. It should clear up in a few days.

    Simpleton: I'll wait a few days, then, before wondering where my tickets are.

    The problem with your writing there is that you do not clearly express that that specific attempt to order WILL NOT EVER go through. It's not clear enough: IF YOU WANT TICKETS YOU MUST PLACE ANOTHER ORDER USING A DIFFERENT CARD OR AFTER YOUR BANK HAS A PROPER ADDRESS.

    (I don't recommend the verbiage I'm using to express what you need to say. I'm just trying to highlight the ambiguity in what you currently display.)

    Simpleton is feeling that exact ambiguity. I is good at edit stuff. Simpleton say:

    Should I try to buy another ticket? Will I be charged twice?

    • Tom Lord says:

      p.s.: I apologize for calling your customer a simpleton. He or she is not. I meant: young adult.

  6. marijane says:

    Change the color of the "Error Processing Order" header from green to red. People tend to read green text as "success".

  7. Erin says:

    Instead of a green box that says "ERROR PROCESSING ORDER", try a red box that says "PURCHASE FAILED".

    Then under it say something like, "Sorry, this purchase failed because the address you entered didn't match the address on file with your credit card. Double-check your address and try purchasing the tickets again."

    (What you have is clear if you take the time to read all the text, but I think many people in our ADHD age don't take in more than a sentence or two while maintaining a high degree of comprehension.)

    • gronk says:

      This. Also, state that this means that there are no tickets reserved. Basically, answer all the questions the guy is asking you now in email afterwards.

  8. Ewen McNeill says:

    I agree with Erin, the first message needs to say "Purchase failed". And "Your card has not been charged" should be the next piece of text, followed by "address did not match what your bank has on file". In particular the main thing the customer needs to know is "it's safe to try again without being charged twice".[0]

    I also think it'd help if it were possible for your second message to find the failed attempt and show it as "attempted purchase failed" or ideally "Attempted purchase failed -- address did not match bank records -- not charged". Clearly this person tried to figure out what happened (while reading only parts of the TL;DR text explaining the problem...), so you at least have a chance of catching them before they send an email. "We have no record of that" is the sort of not-very-reassuring thing that causes people to send email; "we have a record that it definitely failed" is rather more reassuring.

    The bank staff giving misleading advice about what happened certainly doesn't help. But credit cards do two phase commit (auth/hold, process) and for better or worse banks don't want to explain that to their customers. Outsourcing tech support to their merchants probably lowers the banks costs, right? :-)

    Ewen

    [0] I've written software to process credit card payments, and even I struggle to tell with many websites exactly where it got broken and if it's safe to try again or not. Especially with the gazillion-redirects style of credit card processing it matters a lot which of those redirects it stopped at :-(

  9. Wotsac says:

    I've written CC processing apps, so I actually understand this error fairly clearly. And still, I see this wall of text and my brain shorts out. Intellectually I know from what's rendered here that the transaction has failed in a way that means I should try again. Emotionally, there are half a dozen confused and panicked guys running around in my head waving their arms around and speaking in gibberish.

    • jwz says:

      If I replaced all the explanatory text with just a 72pt FAIL, I somehow suspect the number of questions would not go down.

      • This order is no more. It has ceased to be. It's expired and gone to meet its maker. It's a stiff. Bereft of life, it rests in peace. Its metabolic processes are now history. It's off the twig. It's kicked the bucket. It's shuffled off this mortal coil, run down the curtain, and joined the choir invisible. THIS IS AN EX-ORDER!

  10. Daryl Tester says:

    If the user is waiting for an email, why not send them an email, also stating that the transaction failed? Of course, this will suck if they try again and it succeeds.

    (or maybe titled "Success! Ha ha only kidding").

    • jwz says:

      It's hard for me to accept that if they can't parse "Your order has not been completed and your credit card has not been charged" on the web page, that they will be able to parse "Your order has not been completed and your credit card has not been charged" in an email.

      • lImbus says:

        I do well believe that sending a failure email might help:
        - It has virtually no cost for you
        - Let's call it, internally, a "failure confirmation" email, as opposed to a "order confirmation" email.

        If as a customer I am being shown conflicting information about "yes" or "not" successful, I might still try to hang to the very few signs of "successful".
        If I am used to get an email with a confirmation, then the data about that email (yes or no) does not go into the equation of decision making process until I do get that email. If that email never comes, the information "there was no success confirmation email" will not be taken into account, because "it probably does not mean anything, it might be later than usually, the ordering was different than usually, too".

        And, sorry to say, you'll probably never be an authority for the information "then the bank is lying to you".
        You might however add the information somewhere that according to your (and your customers experience) the fees of a failed transaction will show up on the credit card page for some while by mistake of the bank.

        • Jason McHuff says:

          I'll just add that a dynamic Web page is shown once and is easily mistakenly closed/navigated away from by the user and isn't saved unless the user goes out of the way to do so while an e-mail stays put until the user deletes it (and probably the trash gets emptied). Also, if there's a momentary network issue at transaction time, e-mail doesn't need to get directly all the way to the user and delivery can be reattempted later.

    • nooj says:

      He'll just get people showing up at showtime with the "Order Failed" email who want to pick up their tickets. "The order number's right here somewhere. It should have gone through by now."

  11. kwk says:

    Can you re-render the checkout.php page with a validation error when this occurs?

    I think I would do that if possible. Then they type in all their garbage, hit Purchase, the same page renders with a big red "Card declined -- address mismatch" or something in the spot where the validation errors currently go.

    You'd also need to disable the submit button until they change something, though, or else they'll just hit "Purchase" again.

    But at least this way they'll hit the button, "Hm, I didn't get anywhere," try to hit the button again, but can't, and NOW they'll hopefully look at the rest of the screen. Also in this mode they will have a feeling of "I tried to buy a ticket but didn't get anywhere" and I feel like this "didn't get anywhere" feeling is important to giving them the correct idea of what happened (rather than if it renders a different page instead, they feel like "well it must have gone through").

    This wouldn't help with explaining what an authorization is though.

    • jwz says:

      Yes, it does that -- those errors are at the top of the page, with the form below pre-filled with the junk from before. So people just hit submit again without changing anything, getting a new authorize.net error next time ("You are resubmitting your request too quickly") and, if it's a debit card or an insane bank, racking up additional holds.

      • Tom Lord says:

        Looking at the update: it's better but I think you still have a verb tense problem, i.e. "has not been charged" rather than "will not be charged".

      • kwk says:

        Darn. I still think that the fact that it's adding a big box at the top upon post does make it seem like "they pushed the button and something happened" whereas we want to try to convey "it didn't go through" so I think moving to a smaller error message below and if possible making everything else look the same as it did pre-submit (including scrolling them down to the submit button area if possible/applicable) may make a tiny improvement.

        If you think that anyone is able to read you could make the validation message have a little [i] icon that pops up the wall of voodoo^Wexplanation.

        • kwk says:

          Your updates made me so sad.

          "Error: you suck at credit cards. Please only conduct business in cash."

  12. Chinthamani Chary says:

    Now way I'm gonna be the buy that says the word "Bitcoin". Nope. Not gonna be me.

  13. jack lecou says:

    The updates: Yeeesh.

    Obviously the real problems are reading comprehension and that AVS is kind of a stupid system, but I can still sort of see where things went wrong with Update 2 guy:

    His dilemma is that on the one hand he's got a website that professes "nothing happened, no charges were made," and on the other a superficially contradictory email from his bank that says, "Something just happened involving a charge of $X."

    Careful reading and a better understanding of how AVS transactions work would no doubt clear up the confusion, but that's not going to happen. And the non-careful skim reading of the situation adds up to, "Something is up in the air here. I'd better send an email to be sure it's all cleared up."

    So maybe the way forward is to never appear to be contradicting the banks in the first place. It just sows confusion. Rather than protesting "your credit card has not been charged", address the 'charge' (incl. specific amounts) up front. Maybe something like:

    PURCHASE FAILED!

    An authorization request for the amount of $X was sent and DECLINED by your bank due to an address mismatch (show details).

    [Your bank replied: "The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder. Code N: Wrong address."]

    NOTE: It is normal for a notice or hold regarding the failed $X authorization request to appear temporarily on your bank or credit card statement. No payment has been made, and the incomplete transaction will be automatically cleared by your bank within a few business days.
    ----------------------------------------
    To complete your order: enter the address on file with your bank, or try a different credit card.

  14. nooj says:

    In all cases like this I have experienced, it was the merchant who was lying. I definitely trust my bank more than any merchant.

    I have been on the phone with my bank during the transaction where they say (correctly) that they approved the charge--even pre-approve the charge--and the merchant gives me an error. This is not your case, but when I see "your bank declined the charge" errors, I never believe them.

    I also understand AVS auth, and don't live my life hand-to-mouth, so I don't care what intermediate events occur (holds, double charges, whatever).

    • jwz says:

      I think that what you just said is not true, because you said "I understand AVS auth".

      I think that this means that when your bank told you "we show a pending transaction of $30" you mentally translated that to "it was an AUTH, I was not charged" and you decided that they were not lying to you. Spoiler alert: they were lying to you, by any sensible definition of the words they used. Any normal person would interpret those words as "someone who is not me has my thirty bucks." You just happen to know enough of the weaselspeak words to give them the benefit of the doubt.

  15. nooj says:

    Note that your original Failed text uses long sentences, with supporting clauses and careful, precise wording.

    The purchaser's email uses very short, simple sentences. There may be a reading level barrier to the purchaser. He does have a foreign card.

    The updated version is much better! However, it says to try again for a case where trying again will not help.

  16. Rob M says:

    You could use lots of fancy words to describe this behavior and try to keep your faith in humanity. But the bottom line is there's waaaaay too much text in that error.

    You have one primary piece of info to convey. It should be big and red:

    You do not have a ticket.

    Then slightly smaller:

    Your order failed, please try again with a different card.

    Then if you want to put the rest in fine print below for the nerds who read, go for it. But make it very small or hidden by a "show more info" fold out.

    This won't totally eliminate the problem, but it should help a lot. Trying to explain anything about cc processing, auths vs purchases, or AVS to the average consumer isn't going to work. Don't dilute the message. "You have no tickets".

    • phil says:

      ↑ This. I'm doing a course on usability at the moment, and this week's reading includes a study that examined people's reactions to SSL alerts in their web browsers. When alerted about an invalid certificate, about 50% of users dismissed the error and carried on regardless. This included users who were highly computer-literate:

      [W]e asked respondents a series of five questions to gauge their technical qualifications. We assigned each respondent a “tech score” corresponding to the number of questions they answered affirmatively. [...] We classified those with tech scores greater than or equal to two as “experts.” [...] We compared our “experts” to the rest of our sample (i.e. respondents with scores of zero or one) and found that responses did not significantly differ in most cases.

      I suggest you write the error message as if you were explaining it to a labrador with attention issues. And don't be surprised when people still don't get it. Because they really won't.

  17. bob says:

    Out of curiousity, Can one disable AVS for under $100 transactions? These are ~$20 tickets with anti-scalper measures requiring ID, right? How many people are going to steal tickets with fraud cards over the internet just to see a band play.

  18. Mark Beeson says:

    Okay, I have a little bit of knowledge to share which will hopefully help.

    First- if you are doing an AVS check against the entire address, just stop. You should only be doing an AVS check against the billing zip code and no more. Many, many banks do exact matches on address1 and if your customer doesn't type in their address perfectly (eg "Apt" instead of "#") then they'll get a failed response. Only check on the ZIP. This is a safe step and won't increase your fraud.

    Second- if your credit card processor will allow it (and quite a lot do), do a $0 AUTH with the AVS check, then if that succeeds, charge for the full amount. The AUTH will show up on the customer's statement for the next couple of weeks and will then go away. For the hundreds of thousands of transactions that I've done like this, I could count on one hand the number of times people called up wanting to know why there were two line items on their statement. If your processor doesn't allow it, do a $1 AUTH then subtract the $1 from the total when you do the full charge. This is also a safe step and depending upon your processor may only incur you an extra few cents per transaction (because you're doing two instead of one).

    Third- this sounds strange, but you are giving your customer too much information. Try changing your error message to only this: "<blink>Well, fuck.</blink> Your order hasn't gone through, because your ZIP code was incorrect." Customers don't read at all, period. Give them only one error statement ("fuck this shit") and only one thing they can do to fix things ("your ZIP code was incorrect"). Don't even bother telling them about AVS, or their bank, or a temporary hold, or whatever. Just: "you're fucked, but here's how you can fix it." This is a safe step and will lead to fewer calls and fewer cart abandons.

    Last- (insert obligatory suggestion to switch your processor to Braintree or Stripe). The best part about these is the tokenization that their Javascript (!) provides. The customer's credit card never enters your network- the only thing you get is the token, which is perfectly safe to save wherever you want. For PCI purposes, your website will no longer be in scope. When you have to file your (yearly for you?) report, you can simply check the magical we-don't-collect-payment-info box and be done. This is obviously a bigger step to take, but the development time to switch to either Braintree or Stripe is pretty fast; in my last personal project it took me about half a day to get Stripe set up.

    Hopefully some of these help- there really is nothing worse than someone who just typed in their credit card number and billing info and all of a sudden they don't have a receipt sitting in their hands, so I feel for you having to deal with the customer service side also.

    • nooj says:

      Funny. With programming, error messages get longer and more detailed until the number of complaints drops to zero.

      With customers, error messages get shorter and simpler until the number of complaints drops to zero.

  19. DC says:

    This might be a dumb question, but what prevents you from using Stripe or a similar service to make all of this someone else's problem?

    • jwz says:

      Because I'm in this for the long haul, and unlike the rest of the software industry, don't enjoy doing a Second System Syndrome every eighteen months.

      When we wrote this store in 2004, Stripe didn't exist. For all I know, they won't exist two years from now, and if I were relying on them, then I'd be in a lurch trying to re-target my store's back end to whoever the New Hotness is.

      Intermediaries like Stripe make money by taking a cut of every transaction, on top of what they have to pay to the underlying merchant services. So I'd be increasing my costs to buy a little convenience for a couple of years, with the knowledge that I'm driving directly toward a cliff where I get to re-negotiate with the next guy. It's far more sensible to cut out the middleman.

      Plus, if Stripe did exist in 2004, do you think their API would still be the same, or would it have changed from POSTs to JSON to XML to REST? Boy, I love chasing those kind of goalposts. That's a really great allocation of my time and attention.

      The same answer goes for "Why don't you outsource to new-hotness ticketing vendor?" Because ticketing vendors who aren't owned by LiveNation have the life expectancy of fruit flies.

    • DL says:

      Stripe's API is great, and their docs are mostly great, but I'm not sure how using Stripe would help in this situation. The customer's bank would still mislead them and the customer would still fail to understand the error messages (partly because of their bank misleading them).

  20. Hanan Cohen says:

    The guidelines for writing Easy-to-Read Health Materials suggest: Keep within a range of about a 6th to 7th grade reading level.

    It also suggests using a readability level calculator.

    Try passing your texts through one of those and see what you get and how you can edit your texts accordingly.

    http://www.nlm.nih.gov/medlineplus/etr.html