Your only power to encourage them to fix this is to do the thing they're begging you not to: dispute the charges.
If a threshold of Twilio customers dispute charges, Twilio loses the ability to process credit cards at a lower risk rate, then with all but high risk processors, then may lose the ability to process them at all.
If enough of their customers are getting burned, and enough dispute, Twilio would no longer be able to accept credit cards. They are terrified of that, so begging you not to dispute charges for their lack of fraud prevention.
You accepting anything less than full refund of all fraudulent use they're cascading back on you is a gift to them. You accepting less than a full refund, while not dinging them at all with a chargeback is also a gift to them. If they don't want to give you the full refund for misuse they should be preventing, dispute it, as is your right.
The correct course for Twilio is for Twilio to refund these charges no questions asked while fixing the problem.
There was an online service subscription I had several years back (not Twilio, but something somewhat similar) that I stopped needing. I forget if there either wasn't any way to this on their website or if it was just broken, but after repeatedly trying and failing, I ended up just disputing the charge the next time the monthly payment came up, and my bank stopped the transactions from that point on, so I forgot about it. A while later (probably around 6-12 months), I got an email from that company asking me to go back and tell my bank that the transactions were fine. Given that it had been so long and I only disputed the charge due to their website not giving me the ability to cancel through them, I didn't think it was worth trying to talk to someone at the bank to figure out how that would even work. It left an impression on me because it was the first time that I felt like I actually had any power in my relationship with a company as a customer rather than just having to hope that the company would chose to do right by me with nothing forcing them to.
>Your only power to encourage them to fix this is to do the thing they're begging you not to: dispute the charges.
I'd check their TOS to see if they offer some kind of arbitration option. As noted in other threads, triggering that process can be a surprisingly effective way to make someone from the company actually engage with the issue. Disputing the charges is always a nuclear option. They may never do business with you after that.
> Disputing the charges is always a nuclear option. They may never do business with you after that.
This is something that I think needs to be regulated. I'm not saying that this should be the case for a company the size of Twilio, but I definitely think that a company the size of Apple/Google/Samsung should not be able to ruin your life because you had temerity to stand up to them and dispute a charge.
As I see it, the problem is that those companies are effectively monopolies in fields most of us depend on. If Apple or Google refuses service to someone previously reliant on their services, they could be locked out of accounts on a plethora of other services, have their payments to third parties disabled, lose access to major means of communication, and more.
The last generation of big tech monopoly never had that kind of power. Microsoft couldn't even do much to block someone from using its products as most of them were sold through third parties and didn't require network services to operate.
Shouldn't have "bought" them in the first place. Buy physical books, or DRM-free books on sites like gumroad, or just pirate. Don't give in to the rent seeking business of pretending to sell you what you can't own. If you like your Kindle device, you can use KOReader to read epubs and reduce dependence on Amazon. If I sue the bookstore, they can't just take all the books away, but if you dispute a charge with Amazon, they'll do it because the ToS says they can. At the very least, try downloading and de-DRMing all the books you received from them: https://github.com/noDRM/DeDRM_tools
Twilio has a neat platform, but their standards are very low or nonexistent when you experience jitter, large audio buffers or routing issues.
Providing PCAPs and reproducing routing issues doesn't result in support addressing these issues. Many other IPES and CLECs will actually fix these issues when documented.
Is there anything in the arbitration clauses forbidding them from cancelling your account if you invoke arbitration (regardless of whether you prevail or fail?).
At the individual dispute level but in the long run arbitration means you don't lose your risk level which will almost always cost you a lot more than whatever the actual arbitration/credit disputes cost.
I suspect (but may be wrong, I don't know how trigger-happy the risk level changes are) the absolute number of events needed to trigger a risk level loss at the scale of Twilio would also represent a catastrophic number of arbitration cases.
That Twillio doesn't protect you is bad. However, would a court agree you don't owe them the money? This recommendation seems like abuse of disputing a charge and will just get you banned from Twillio.
The court doesn't have to agree, only the card provider does.
The customer has the right to dispute credit card charges thanks to the agreements between customer and card provider and between card provider and merchant.
Twilio will get in trouble with Visa/Mastercard if customers say Twilio is dropping them for disputes the card provider finds in the customers' favor.
This is why you always pay for sketchy merchants with a card, it's one of the few consumer powers you have.
>The court doesn't have to agree, only the card provider does.
If it's a sufficiently large amount, Twilio will collect the money from you via other channels. Them losing a credit card dispute does not release you from liability.
>Twilio will get in trouble with Visa/Mastercard if customers say Twilio is dropping them for disputes the card provider finds in the customers' favor.
This is simply not true. Chargeback blacklists are standard and not prohibited by merchant agreements.
Why would the card providers be in the customer's favor. The customer paid for a text to be delivered to a phone number and Twilio did that and then charged the customer for it.
If you pay someone to mow your lawn, then they mow your lawn and charge you. You can't just chargeback after the fact to get that service for free.
In your analogy it would be more like paying someone to mow your lawn because your neighbour got it done for $10, then being charged $100 because your house number is even.
It might be in the terms and conditions, but it’s bad faith to not give any warnings or controls before the services are rendered.
The people adjudicating disputes at card companies are akin to content moderators hired by social media companies, they aren't experts and do not spend much time reading up on the dispute. The decisions are more or less random, with a heavy bias towards the customer.
And then you switch to another SMS provider, which may be costly from an engineering perspective, but clearly worth it if you’re getting slammed with botnets and Twilio doesn’t care.
Further, the customer has the right to dispute credit card charges thanks to the agreement between customer and card provider and between card provider and merchant.
Twilio will get in trouble with Visa/Mastercard if customers say Twilio is dropping them for disputes the card provider finds in the customers' favor.
> Twilio will get in trouble with Visa/Mastercard if customers say Twilio is dropping them for disputes the card provider finds in the customers' favor.
This isn't true. Visa/Mastercard care about your chargeback rate. You can block a customer who's done a chargeback. I'm sure the card networks have rules around what you cannot do as a result of a chargeback but you can stop providing services to a customer who has done a chargeback.
Disclosure: I engineered and delivered a high risk payment processing gateway to a firm specializing in being a cc processor of last resort, also working with merchant banks of last resort.
To be clear, my views on this are not legal counsel, they are simply from having worked in this area for a decade before becoming CTO at a global bank.
To lose the ability to process MasterCard or Visa credit cards takes a few months. You can rack up big fines during that time though. If they get put into the probation period that would raise red flags with some execs, assuming people are communicating these things.
From both a user and provider perspective I hate that individual companies are implementing 2FA at all. I don't want another database with my phone and a password in it. I wish Mozilla Persona had took off, or any other auth standard.
You chose to require an SMS OTP for your customers. It is not straightforward at all that the burden of filtering your customers would fall on your provider and not on you -- actually, if the provider you chose does explicitly not provide that filtering, it's effectively on you.
(I have to say that if I were Twilio, I would not have added the "fraud prevention" toggle, because now they can be deemed to be providing that service.)
If a threshold of Twilio customers dispute charges, Twilio loses the ability to process credit cards at a lower risk rate, then with all but high risk processors, then may lose the ability to process them at all.
If enough of their customers are getting burned, and enough dispute, Twilio would no longer be able to accept credit cards. They are terrified of that, so begging you not to dispute charges for their lack of fraud prevention.
You accepting anything less than full refund of all fraudulent use they're cascading back on you is a gift to them. You accepting less than a full refund, while not dinging them at all with a chargeback is also a gift to them. If they don't want to give you the full refund for misuse they should be preventing, dispute it, as is your right.
The correct course for Twilio is for Twilio to refund these charges no questions asked while fixing the problem.