509 comments

[ 3.3 ms ] story [ 330 ms ] thread
Things are getting more strict with upwork and other such freelancing platforms. I was also using my friend's paypal but then they blocked that particular account and asked me to connect with my own account.
> I was also using my friend's paypal but then they blocked that particular account

can i ask why you were using a friend's account?

Have you considered using your own paypal or bank account to work on freelancing platforms? This almost reads as satire.
The question is: have they actually refunded Robin? He (his friend, in who's name the card was) received the chargeback? If not, then this is a scam and you need to call the police. But i believe he did.

If so, what is the problem about asking Robin to simply pay again?

And the situation is trivial: no platform would survive if they allowed freelancers keep the money earned by carding, because it would be flooded with carders.

Full disclosure: i made over $2M on Upwork.

That sounds like rather a lot of money. If you don't mind my asking, doing what and over what kind of timeframe?
He has his upwork profile linked in his HN profile. Sounds like he has a niche and he's very very good at it.
Actually the rates don't even seem that high (GP would make 80% of that right?) The total hours they've listed as completed would take me at least 13 years to complete, probably longer.
My actual lifetime average commission paid to Upwork is under 10% actually. People who repeat the claim about 20 (or 30! in this thread itself!) commission just don't read the rules.

I interpret the rules as "commission is 5% plus $550 per client", which makes it sound a lot lower. How much does it cost to get 1 client "from the internet"? I know the answer and it's not pretty at all.

And yes i'm on the platform for precisely 13 years, but bulk of money comes from fixed price contracts anyway, and effective rates there are ca. $300 an hour. Most of money was made in the last 2 years anyway.

The thing is, upwork in this scenario did not vet whether client was the actual owner of the card he was using to pay creators, this is a fault in upwork's fraud detection algorithm, their freelancers should not have to pay the penalty for this.

Upwork takes a 30% cut (or lower, depending on your income on the platform), they are taking this cut, to create a safe and trust-able environment for its users by verifying both clients and freelancers. Considering this incident is a lapse on their end, the penalty should be paid solely by them.

If doing so means they will go bankrupt, it just shows they failed as a company to create a safe enough platform to justify taking that 30% cut.

> no platform would survive if they allowed freelancers keep the money earned by carding, because it would be flooded with carders.

The collary is true too though. No freelancer could survive if they don't receive money from carding, because they still worked for these hours and deserve to be paid. And since it is Upwork, not the freelancer, doing the payment processing. It is them who should be held responsible as the freelancer don't even get access to the card information so the could check for fraudulence themselves

I see your point, in that if they allowed freelancers to keep the money, carders could launder money money via upwork. But here's the thing: generally it's a principle of good law for a risk to be laid on the party that can mitigate it. How can you, as an upwork worker, mitigate the risk of a client using a stolen card? Answer: you can't because you are not the one processing the card. So there is a moral hazard in that choice too.
The irony is their policy here seems carder-friendly. Instead of pursuing legal action against the person who owes them 12.5k (which the freelancer would presumably support) they express no interest in legal action and simply don't pay the freelancer. If the freelancer got scammed by the carder, the carder wins. If a carder sets up a freelancer account to pay himself, that freelancer account is going to withdraw the funds ASAP, and Upwork informing that account they must do the next 230 hours of work on the platform for free isn't going to be an issue because they don't have any real reputation to lose or real work with pending payments so they can move on to the next dummy account.

But yes, the ultimate solution is getting "Robin" to pay. Upwork which owns the client relationship and has the resources to pursue fraudsters should be leading on that though.

That's Upwork's fault for allowing the fraudulent transaction and they're trying to steal from you so they don't have to own their fuck up.
As a former merchant, I wouldn't argue that the freelancer owns this. But, I also don't think Upwork really "allowed the fraudulent transaction". The banks and credit/debit card companies allowed it. And they have a lot more contextual background information on the buyer, seller, and transaction than the merchant does.
Yes, but isn't this exactly what Upwork gets paid to take care of?

The only way that Upwork's actions are justified is if the author was complicit in this scam. In which case, he wouldn't have really been working, and he would have split the money back with Robin, the guy who "hired" him on Upwork.

But in that case, Upwork would obviously kick the author off of Upwork, not ask them to continue working.

The hierarchy of information and scale here, from most to least, seems to obviously be: banks, Upwork, freelancer.

Or, to put it another way, requiring the freelancer to pay this begs the question: "What could the freelancer have done to avoid this?"

To which the only answer is: everything Upwork is abstracting away and doesn't want their freelancers doing. Do a background check on the client. Obtain the client's actual payment methods and verify them with the bank. Etc.

All of which are literally Upwork's functions in this arrangement, because like PayPal, they exist to centralize and decrease friction between two semi-trusting parties.

And when that goes bad, it's bullshit for them to transfer the consequences of that onto someone who lacked the access to detect or fix it in the first place, by Upwork's design!

It'd be like Uber requiring a passenger to pay an insurance claim, because their driver was involved in an accident and didn't have auto insurance.

Crypto transactions are not irreversible either. The law of the land can still force you to send money back.
> What could the freelancer have done to avoid this?

If contractors' time is tracked using Upwork tool then this problem will not exist.

(comment deleted)
Per the article, that would have required him opening a laptop during their meeting and twiddling the mouse around to prevent idle.

Legally, that may impact.

But practically and provably? I can't imagine he wouldn't be in the same situation, albeit with Upwork claiming they'd detected patterns of abuse during his claimed time, and still putting this on him. Or maybe not. Futures not taken, etc.

> If contractors' time is tracked using Upwork tool then this problem will not exist.

But that's for countering the opposite problem -- when the contractor tries to scam the client. Here, the client is the scammer.

And didn't TFA say that Upwork tried this tack at first -- but stopped that line of argument after he provided testimonials from the client that he had indeed performed the work?

>Yes, but isn't this exactly what Upwork gets paid to take care of?

I imagine the big value proposition for sellers is the marketplace/customers. But yes, they are being paid somewhat for vetting buyers. I'm not saying the freelancer should eat the costs.

I am saying, though, that banks dropping 100%+chargeback fees on the merchant is pure bullshit. Basically, because of the fees, they MAKE money on chargebacks. And as mentioned, they know things like past transaction types, previous chargebacks, amounts, other current activity, and so on that the merchant doesn't. I think they should have to eat at least some of the costs when this happens. Especially when it's multiple transactions over time, like in this case.

I'm pretty sure the technology behind detecting fraudulent transactions would be very different if the credit card companies and banks had to eat some of it. Current state, they don't even ask for an IP address for authorization of a payment. How does that make sense?

I think you're misunderstanding the structure of the credit card system a bit.

> And as mentioned, they know things like past transaction types, previous chargebacks, amounts, other current activity, and so on that the merchant doesn't.

There's two banks in the flow: the issuing bank that issued the card to the customer, and the acquiring bank, which provides the merchant account. These are often (especially for online businesses) different banks.

> I am saying, though, that banks dropping 100%+chargeback fees on the merchant is pure bullshit. Basically, because of the fees, they MAKE money on chargebacks.

The issuing bank doesn't charge any fees, they just take their money back. The acquiring bank absolutely does not want to be making money on chargeback fees: they get fined by the card network if their chargeback rates are too high, and will fire you as a customer if you maintain elevated chargeback rates (and they're certainly not going to do a 100% fee on $12.5k. It's usually a fixed amount that's putatively paying for them to deal with the issuing bank.).

> I'm pretty sure the technology behind detecting fraudulent transactions would be very different if the credit card companies and banks had to eat some of it. Current state, they don't even ask for an IP address for authorization of a payment.

A lot of the time, they do eat the fraud. Oftentimes, the issuing bank won't actually file an actual chargeback when their customer reports fraud, because they need to actually arbitrate the case, and if the cost of doing so is sufficiently large relative to the actual value, they'll just absorb the cost internally.

I do agree with you that the state of online payment security is rather bizarre. The card networks have basically required chip cards for physical transactions by charging extra fees and pushing fraud risk onto the merchant if you swipe the magstripe, but they've done basically nothing about card not present online transactions.

I'm lumping both banks and the likes of Visa and Mastercard together, yes. Because that is collectively who is making the problem solely the merchant's problem, I assume deliberately. They all have cross-agreements, so they could make this better.

>if their chargeback rates are too high

I've paid a $25 chargeback fee for a $15 transaction. It's still bizarre to me that I pay them though. I'm already on the hook for the whole transaction amount, even after doing AVS, my own pre-shipment fraud checks , etc. And, if I shipped the item, I'm out that cost as well. It's just so asymmetrical.

>they've done basically nothing about card not present online transactions

That's my main point. And given that the merchants (often? usually?) eat the cost, they have no incentive to change that.

Edit: A couple of related anecdotes.

I had one customer who just happened to be in the same city file a chargeback for "item not received". The item in question was a custom item, described in the charge, and sitting in their shop window. I challenged the chargeback with a picture of said item, with the address/name of the business in the foreground. Still lost.

Another item the customer claimed it was broken in shipping and filed a chargeback for "item not as described". It was a fragile item that comes with chains to hang it, but the chains come in a little box...you attach them yourself. The customer's picture of the shipping damage showed the item shattered/broken, but with the chains attached. Who attaches chains to a shattered item? Lost that chargeback too.

Is there another merchant bank you can switch to that might be more friendly / reasonable in the case of fraud like this fighting on your behalf?
The merchant bank is typically stuck in the middle for a charge back dispute. It's the owner of the card's bank, or sometimes the card company that's the issue. AMEX, for example, is notorious for siding with their customers no matter what.
People on hacker news ask all the time for a use case for crypto. This is it. Irreversible transactions. If the client was paying with crypto, there would be no danger of reverting their transactions.

Also, Upwork should drop their 'cut' of the contractor's work if they want them to work to pay back Upwork

Irreversible transactions mean irreversible fraud. How does crypto solve for that?

The solution here is to go to court, or more likely arbitration on this case.

Crime continues to be part of business, you must account for it in your use cases, or you will get caught off guard.

You're both right.

Irreversible transactions by default seem a good thing.

Court/arbitration is the right way when things go wrong.

Exactly. This is a great example of where cryptocurrency has a relative advantage. If I'm looking to defraud, I'll prefer to do it via cryptocurrency because once I have the money, it's hard to get it away from me. That helps explain why fraud is so common in that space.

It's easy to see that cryptocurrency is a big reason ransomware has spiked in recent years. I suspect the same is true for other sorts of financial crime. I'd love to know how much. But it's surprisingly hard to do a telephone survey where you ask people about their criminal choices, so I expect I'll never know.

It is hardly a use case for the original cardholder, who had $12,000 stolen from them.
We have no details about what actually happened, perhaps a business relationship gone sour, perhaps the client was using their parents' credit card, or perhaps it was in fact stolen (though it's questionable that the charges would happen for so long if this is the case).

Regardless, irreversible transactions would be more like cash payments. People seldom go around with their private keys for $13000 on paper in their wallet, (though a password protected hardware device would grant similar freedom with less risk), and if they did and it got stolen, it would be up to them to try to move the funds before the thieves do.

I'm not denying that a shit-ton of crypto theft happens, but in this case it seems like there's more to the story than we're getting. If the client had been paying with crypto, it mean they had undeniable access to the funds. Again, it doesn't mean the funds weren't stolen, but I have yet to hear of a case of a recipient of stolen crypto being asked to pay it back.

I'm wondering if there's even precedent for this. As a business owner, if someone walks in and pays cash for goods, then someone else walks in and says the person who just paid you used stolen funds, are you obligated to pay it back? If so, haven't you just been stolen from?

We've purposefully built the financial system to allow for reversible transactions, because it protects consumers and reduces crime. If the client had paid with stolen crypto (as they paid with a stolen CC), then, yes, the freelancer would have been paid, but the person whose money was stolen would have been screwed.

If we wanted to build a financial system without those safeguards, we could do that, without using as much electricity as all the world's datacenters combined.

>it protects consumers and reduces crime

I don't think it reduces crime. The merchants bear the cost, and have no power or information to go after the criminals.

I think it actually encourages crime. The banks and credit card companies aren't going after people when the merchants bear the costs. The criminals get to keep the goods and services they bought with the stolen credit cards. This case seems to be a typical example.

Okay, then lets do away with reversible transactions! I would have assumed it was the banks who bore the cost in the majority of cases (which makes sense, since they have the most data to detect fraud and are the ones who are supposed to be doing due diligence), but I don't know enough about this industry.

But, let's do it without a blockchain that wastes massive amounts of carbon.

Edit: Just to be clear, I'm not advocating making transactions permanent. It's an "if this, then that".

The current system does protect consumers. Just saying it does not reduce crime. It just shifts who the victim is.
> If the client had paid with stolen crypto (as they paid with a stolen CC), then, yes, the freelancer would have been paid, but the person whose money was stolen would have been screwed.

Since delivery of products/services isn't reversible, all that making transactions reversible accomplishes is changing which party gets screwed when there's fraud.

Agreed! But my base assumption is that suppliers are generally better-equipped than consumers to absorb sudden, unexpected costs.

But I also feel this is all extraneous to the larger point, which is that we can set up a fiat-based finance system in whatever way we feel, just like we could develop a blockchain-based system that allows transactions to be reversed under certain conditions. I'd like to use the one which releases an order of magnitude less carbon.

There are legitimate reasons for reverting transactions, they're frequent.

Another lack of use case for crypto :-)

As written, this story also includes a part where someone was using someone else's credit card without permission.

The magical crypto future we've all been waiting for is that the guy who paid $12,500 to a freelancing platform for something he had nothing to do with and no knowledge of should get stuck with the bill and everyone should move on?

Which is different/worse than the current situation where the author is being stolen from without even having the ability to vet their clients the way the intermediary does?
Yes of course it’s worse.

The author is a businessperson who’s job it is to make decisions about how to get paid for their work.

The person in question assuming the story is true as stated is totally uninvolved and innocent and just lost $12,500.

I mean in general if people have payment methods others can use with absolutely no recourse that’s a bad thing. This isn’t a super complicated concept.

Irreversible transactions won’t solve the “send us the money back or we’ll send the lawyers” problem.
Upwork wants to play the game "heads I win, tails you lose". The credit card company is doing the same.

Kind of sad that they'd be doing this. I do wonder what Upwork's contract with the credit card companies states. How long far in the past can a bank claw back payments? Shouldn't the bank have liability here?

The whole thing is so interesting because each player has a fiduciary duty to validate payments and they all failed. The only person who was legit was the freelancer.

Which unfortunately means the person getting the shaft is the freelancer.
This is beyond "complain on HN" level, this is "take legal action" level ...
(comment deleted)
To be fair to the original author/freelancer, they didn't "complain on HN." They wrote a blog post, and someone shared it on HN.

But yes, this does seem like something for the courts to sort out. In Saskatchewan, I'd use Small Claims Court (inexpensive, no lawyer needed); I guess there is something similar in the freelancer's jurisdiction.

The court of public opinion works much faster and has much lower costs. I'd absolutely try HN before I try the courts.
this user’s post needs to be up voted to the top of the front page. upwork has millions of contractors throughout the world and can afford to cover this cost. Obviously not all users / contractors are not active every month. But they take a good chunk of the cut.
If you have Robin's contacts, I would suggest you get a lawyer and sue him personally. You have made work for him which hasn't been paid (because the money was taken back).

To my untrained eyes that seems pretty much a classic case of unpaid dues. Just get a consultation with a lawyer either way, it's the surest thing to do.

He has a contract with Upwork, Upwork has a contract with Robin, so Upwork is the one that should be on the hook for this and they should go after Robin if they want to try and recoup their loss.
Name both in the lawsuit. Someone has to pay for the work done.
I have a friend who used to be a commercial lawyer - she said one of the things that disillusioned her about the job is that regardless of contract it was often the case the party most able to be made to bear the loss ended up losing (ie whoever had insurance).

It’s easier for Upwork to force the contractor to work for free than to sue ‘Robin’ because suing is difficult and costly, and the contractor is over a barrel if he wants to continue with Upwork.

Chargeback periods are typically limited to 120 days. This means a cardholder cannot generally dispute charges older than about 4 months.

https://chargebacks911.com/chargeback-time-limit/

There can be exceptions to this but I have never heard of a chargeback over this period and certainly charges a year or two old would be crazy.

Maybe what happened is that the cardholder initiated a chargeback on the most recent charges and Upwork decided on their own to refund them all?

In any case, it is primarily Upwork’s job to validate credit cards. If their position is that they failed to do that for two years and they have no responsibility, that is wrong.

> There can be exceptions to this but I have never heard of a chargeback over this period and certainly charges a year or two old would be crazy.

> Maybe what happened is that the cardholder initiated a chargeback on the most recent charges and Upwork decided on their own to refund them all?

What's to say this is "them all"? I read it as these $12,500 being what was charged back; this doesn't tell us how much has been paid earlier and not charged back.

Remember, companies will always look after themselves before anyone else. If Upwork is the middleman here providing a payment platform, then I'd expect them to swallow the cost of card fraud, not the freelancer. I suspect individual freelancers have a theoretical dollar value in their calculations and it's never going to be bigger than the company accepting a financial risk.

I do wonder why the author is still on Upwork, their rating & exposure on there must be worth more to them than working several weeks for free, but personally I'd walk. I also don't understand why the pay back is not pro-rata instead of full time, allowing freelancers in this position to earn some money to pay the bills whilst paying back the chargeback (although they shouldn't be paying it at all). If the author is in the same country as the client then they should also be taking legal action to reclaim the money (which again, Upwork should be doing).

> I do wonder why the author is still on Upwork, their rating & exposure on there must be worth more to them than working several weeks for free

why should they have to walk away? why even suggest such a strategy?

UpWork already has a 10% market share. so if there were 1000 employers, 100 of them would be the same company.

i'm not sure if you're aware of all the gigification and precaritization of digital labor going on? it's emerging as a frontal assault; a full-force attack on labor rights.

"For all of its forward-looking ‘innovation’, there’s something suspiciously feudal about Silicon Valley. Tech royalty compete for dominance in platform wars [...] They hoard resources while showering key personnel with lavish gifts to ensure loyalty and peddling a compelling story about their right to rule. Meanwhile, the remaining workers, dependent on ‘gigs’ for their livelihood, are made to battle with each other for scraps."

https://tribunemag.co.uk/2019/01/abolish-silicon-valley

I think looking at devs contracting as "gigifying" is abusing that word and cheapening it for actual gig jobs which is an actual issue. Devs have been doing independent contracting since it was viable to do so and we can make a lot of money doing so. Upwork provides a platform to get contracts but it's not quite the same as the auto priced marketplaces like Uber, Lyft, Doordash etc.

The last time I was looking at contracting I was negotiating $100+/hr contracts through Upwork. I had high leverage and negotiating power whereas gig jobs do not. I also had recourse for stuff like what happened here as long as I worked it into the contract I was signing, again not something you get in a gig job.

For 12.5 grand my next words to Upwork would have been, "My lawyer" and if that didn't make any headway I'd be going after "Robin" in court too. These are not avenues that a typical gig job have either because the amount of money doesn't make it worth it or their contracts which are created by the company don't give them the option.

12.5k seems like a difficult amount to recover. Would the time/legal costs involved really justify it, considering that Upwork presumably employs many lawyers who will make it as painful as possible?

I had a client stiff me for 6k once and it seemed like the only reasonable options were to go to small claims court and hope for a small portion of that or take the hit and move on, which is what I did :-/

They should file consecutive small claims cases (one for each charge). If they file concurrently, the lawyers will get them consolidated.

If my entire market was based on getting my freelancers good jobs, I wouldn’t be trying to screw them over.

This could have been an article about how Upwork is awesome and ate 12.5k for this dev. They could write about how they go to bat for their freelancers and are prosecuting the scammer.

That story would still be upvoted and the free advertising would far exceed the cost. Instead, they bought tons of the worst kind of publicity (hitting peoples wallets) and their best outcome is now an apology that nobody will actually believe and eating the cost anyway.

This is because the customer for Upwork is not the freelancer it’s the entity hiring the freelancer.

It may appear they’re on the side of the freelancer however that’s not the goal of the company. They make money off the other end and likely think that even if n percent of freelancers drop the platform there will be more in their place

That's the calculation they'd be doing too though. Paying an army of lawyers to defend against my 12.5k claim sounds more expensive than eating it for me.
If it was the same situation, Upwork would likely ask why you added so many hours manually. They warned the writer many times they had no chargeback protection if they billed manually.

It’s hard to reasonably blame a platform for capping its losses when confronted with a client who chooses the highest risk billing, despite knowing the risks well enough to write about them at length.

I don’t see where you or the writer would have a case. Heck, you can’t just ignore hundreds of warnings, discover they were good things to be cautious about and claim the company was wrong for enforcing the terms it told you about constantly.

I mean you can't just not validate the payment method when your sole purpose is to act as a payments facilitator so you can skim money off the top and then lump that onto the freelancer when you fail to catch fraud. I consider this a fraud issue between Upwork and Robin because they never validated Robin was the correct card holder. Whether manual hours or tracked through Upwork, Upwork has a duty to validate that the person paying isn't a fraudster and they failed to do that over a multi year period. That strikes me as strictly negligence by Upwork and the burden shouldn't be on the contractor.
And they skim 20% of the earnings which is a lot for doing almost nothing.
> I think looking at devs contracting as "gigifying" is abusing that word and cheapening it for actual gig jobs which is an actual issue.

author is not a dev.

> Upwork provides a platform to get contracts but it's not quite the same as the auto priced marketplaces like Uber, Lyft, Doordash etc.

yes this is a great point that makes me reflect on the term 'gig', thanks for sharing it.

if the author was a dev contractor who was contracting through UpWork, i would agree completely with your statement about 'gigifying'. since he's not, i'd argue that this non-dev work is still part of the gigification because 1.) it's part of the shift where more and more administrative and creative labor, which was formerly structured as full-time (and in Europe, unionized) jobs, is being atomized and increasingly mediated through faceless unaccountable corporate platforms (where labor rights are shit on, exactly like in author's story), and 2.) one's reputation is stuck/held hostage on a third party platform (where things like author's story happen often [1]) who can essentially ban you and erase you (and your reputation/testimonials/positive feedback) anytime.

[1] https://www.google.com/search?q=upwork+banned+site:www.reddi...

Forgive me, I read the article but I really didn't look at more than that. I checked it again and saw that their title is on the left on the menu. That does change my thoughts a bit.

Before places like Upwork you might have to found a consultancy and pay staff to manage the overhead and spend more time sourcing contracts where as Upwork handles that overhead and takes a cut, which is lower than having staff or doing it yourself. That's why people are driven to these platforms.

I'd argue that as anyone that is skilled labor, like the author, has the option of moving off of Upwork and doing things the old fashioned way even though it is more costly and laborious, whereas a gig worker, as I think of them, does not have the option at all. So while I don't think it's all the way there since a skilled worker has more leverage and optionality I admit that Upwork here still does have much too much power and is partly gigafying/commoditizing this work.

> why should they have to walk away? why even suggest such a strategy?

Why would you want to continue doing business with someone who will unpredictability charge you large sums of money?

(comment deleted)
> If Upwork is the middleman here providing a payment platform, then I'd expect them to swallow the cost of card fraud, not the freelancer.

I don't understand why. This isn't how it works with other systems. If I get a ton of chargebacks on Paypal, they'll try to take the money back out of my bank account. And if they can't they'll grab it later the next time someone pays me (what Upwork is doing here). And if even that won't work, they'll just close my account. There's no scenario where PayPal is expected to continue working with me, because I'm now a fraud risk in their eyes.

Ditto on Amazon: get a bunch of returns and you'll need to make that up or be cancelled.

People are not really understanding the situation here. The OP's complaint isn't that Upwork is suing him or otherwise attempting to force payment. It's just that Upwork won't work with him anymore unless they get their losses covered.

And... maybe that's not fair, but that's how life works on the internet of payments. Upwork's behavior is very typical here, and no one should be surprised.

The contract of sale is between you and the buyer. The contract for work is between UpWork and the contractor. Find the difference. eBay doesn't take a 30% cut for that reason.
Upwork isn't in violation of their contract. They paid the OP. The question is if they should be required to continue working with the OP under new contracts. And obviously nothing forces them to do so.
Upwork is asking for return of payment from the OP. From the article's title: "Upwork is asking me for a $12,500 refund". From later in the article, this is not an isolated incident: "A day after, a few other freelancers whom we were working with, started contacting me saying that Upwork is asking all of them for a refund as well."

This is not the same as Upwork refusing to continue working with the freelancer. This is Upwork attempting to modify the terms for previous work done by the freelancer.

They’re only modifying the terms for future work done. Namely, the freelancer won’t get any money for it. They’re not requesting them to pay back $12500 right now.
I'm not a contact lawyer, but that sounds like it would be an invalid contract for lack of consideration. In the terms for future work being done, Upwork is requiring the freelancer to do more than a month of work without Upwork providing any consideration in return. No payment for work done, no promise not to extract the same unpaid labor again.
This is one of the most disingenious and bent takes i have seen in my life.

its like arguing that homeopathy shitheads that 'helps with cancer' are not scammers because of placebo effect

the credit card is also a party. a significant one in that they do the chargeback. this is why credit cards are not that popular in europe.
The only time I've been to Europe was an airport layover, so hopefully you can answer my dumb question: what sort of payment cards are popular in Europe? We periodically see threads on HN in which people who claim to be Europeans chastise Americans for our use of cash and/or checks. I had assumed that was because you thought credit cards were great. That may be wrong, but now I don't want to just assume you think debit cards are great. Maybe there is another sort of payment card?
Debit cards are certainly the majority in my country. Banks offer subaccounts for people who reasonably don't want to connect their life savings to their payment card, or new vendors like revolut are popular for similar reasons.
Bunq is another alternative. I use both revolte and bunq
As others have replied, debit cards. Credit cards, too; I've had at least one or two for over a decade. And have, uh, at least four; more probably five or six, at the moment. Only ever used... Three or four, in total, and I think only ever two in the same year.

One form of actual piece-of-plastic physical card that's popular here in Finland is the combination debit-credit card. When I insert it into the checkout payment terminal it first gives me a selection of "Debit / Credit?", then I tap in my PIN, and then it either charges my bank account or my credit card, depending on which I selected in the first step.

These same cards work in ATMs, and abroad too. I lifted cash in Turkey ten years ago, I think from Visa (IIRC my bank switched to MasterCard after that). In Sweden, supermarket payment terminals have one or two steps more: you need to confirm the amount, and if you want you can tap in an additional amount and have the cashier hand you cash in stead of going to an ATM. (Can't recall the order for sure; I think confirming the amount came first, before even selecting credit/debit, and the additional withdrawal last.) Never seen the amount confirmation in Finland; I suppose here it's taken for granted that it'll be the same as what the cashier just told you (and what you can see on the customer-facing display of their register, usually right next to the payment terminal). The additional cash withdrawal does exist (or at least did, can't recall when I last saw it) in some shops, but it's rare.

The reason they're not that popular in europe is differing attitudes to short term debt and the fact that the cap on interchange fees prevent many of the rewards schemes that US credit card companies use to incentivise credit card use from being profitable.

I don't think chargeback policies are a major influence either way.

I don't think Paypal would be the correct comparison here. Something more like eBay or Etsy.
Paypal, Amazon, eBay and Etsy all behave the same here though. If an account is a vector for fraud, they want compensation or else they won't work with it anymore. Literally no one continues working with an account with $12k of chargebacks, that's the point.
The account with 12k chargebacks is not the freelancer, it is the person who employed them. Their account is the one at issue. This is not a normal chargeback from fraudulent behaviour on the end of the freelancer.

It is a chargeback because of fraudulent card misuse which should have been vetted by Upwork OR the payment provider. It is not the freelancers responsibility to do the payment or vetting. If it was their responsibility, you could cut Upwork out after the first transaction, but you can’t.

One of two people should be missing out here: Upwork for failing to verify the credit card or the actual persons bank for kit identifying fraudulent transactions.

I (naively) think the best comparison would be how we want such a company to work, one that protects the actors within it's ecosystem, especially de facto employees, and takes responsibility for accepting fraudulent transactions.
If someone made a bunch of purchases from you with a stolen credit card, Amazon expects you to eat that cost and pursue the buyer to be made whole?
That it works that way in other systems is not a defense of those systems. Rather, it is indicative that those other systems are similarly broken. Upwork has the ability to vet clients, which the freelancer does not. Therefore, Upwork also has the moral responsibility to perform the vetting of clients. If Upwork views a freelancer as a fraud risk, they can terminate their ongoing relationship with you. They may not require you to return payments for work done in good faith.

There are two separate agreements in play here.

1. The freelancer made an agreement with Upwork. In exchange for the freelancer performing work for a client, the freelancer will receive payment by Upwork.

2. The client made an agreement with Upwork. In exchange for arranging for a freelancer to perform work for them, the client will send payment to Upwork.

If the client fails to adhere to agreement #2, that doesn't give Upwork grounds to unilaterally cancel agreement #1. Upwork has been scammed, and unless they are claiming that the freelancer was part of the scam, they have no moral right to cancel agreement #1.

Edit: In support of this interpretation, Upwork's tax requirements indicate that freelancers must file a W-9 with Upwork, not with the client. This indicates that Upwork is the entity paying the freelancer, not merely acting as a payment facilitator between the client and the freelancer.

[0] https://support.upwork.com/hc/en-us/articles/211067918-Tax-R...

(comment deleted)
Upwork is not the only middleman. There is deep network of middleman(s) going on Upwork which we have discovered in the span of last 8 months. We have also posted this on upwork https://community.upwork.com/t5/Coffee-Coconut-Break/Why-com...

May be there is a need of new Upwork. Shall we start a new platform given the fact that remote work is going to be the future.

> May be there is a need of new Upwork. Shall we start a new platform given the fact that remote work is going to be the future.

Even if you make your own Upwork, how are you going to avoid those exact same problems?

From the article, it sounds like like they do cover the costs of card fraud if the time is tracked using their tool. It's only when hours are manually entered that they don't. And honestly, I get that. It's very hard for Upwork to tell the difference between this and a conspiracy between freelancer and client to steal money from a credit card.

Even so, my initial sympathies were with the freelancer. But then I looked at the main page of his website. he is a "Blockchain & AI Focused Tech and Investment Consultant" specializing in "investments related to Blockchain, Cryptocurrency, Fintech, Artificial Intelligence". It seems to me that a) somebody claiming this level of business sophistication should be walking the walk, and b) anybody working in the cryptocurrency space should vet clients very carefully given the high level of fraud and insanity in the space.

So I think what I'd really like to see here is Upwork saying, "We're very sorry the client screwed us all over and we suggest you consider suing them to get paid. Have your lawyer contact us and we'll turn over any records you need to that end."

> It's very hard for Upwork to tell the difference between this and a conspiracy between freelancer and client to steal money from a credit card.

I agree that it's hard to tell the difference, but do not believe that gives Upwork the authority to require a refund from the freelancer. The freelancer made an agreement with Upwork that, in exchange for payment from Upwork, the freelancer would perform work as directed by the client. By requiring a refund, Upwork is claiming that the freelancer either (a) did not perform work as directed or (b) is conspiring with the client to scam Upwork. In the case of (a), the client may give evidence against the freelancer. In the case of (b), the burden of proof lies with Upwork to prove that such a conspiracy existed, not on the freelancer to prove that no such conspiracy existed.

Upwork has four ethical options going forward. First, Upwork may accept the cost of fraud as a part of doing business, and continue working with this freelancer. Second, Upwork may accept the cost of fraud as a part of doing business, but limit that cost by refusing to hire this freelancer in the future. Third, Upwork may recover payment from the client through the courts. Fourth, Upwork may accuse the freelancer of being part of the client's fraud, and may recover payment through the courts. Instead of taking any of these options, Upwork has chosen the unethical option to require payment from the freelancer without first establishing any culpability on the part of the freelancer.

> he is a "Blockchain & AI Focused Tech and Investment Consultant" specializing in "investments related to Blockchain, Cryptocurrency, Fintech, Artificial Intelligence". It seems to me that a) somebody claiming this level of business sophistication should be walking the walk, and b) anybody working in the cryptocurrency space should vet clients very carefully given the high level of fraud and insanity in the space.

I agree, considering Blockchain and Cryptocurrency as realms of unmitigated fraud whose entire existence consist of nested pyramid schemes. However, I do not think that establishing a precedent allowing abuse of a power differential in somebody's livelihood is acceptable, even when the victim is part of the larger Blockchain/Cryptocurrency scheme.

> So I think what I'd really like to see here is Upwork saying, "We're very sorry the client screwed us all over and we suggest you consider suing them to get paid. Have your lawyer contact us and we'll turn over any records you need to that end."

Except that the freelancer's agreement is with Upwork. The client screwed over Upwork. A bank is responsible for verifying the identity of somebody accessing an account, and may not pass on the costs to the account holder. Upwork is responsible for verifying the identity of a client's payment, and may not pass on the costs to the freelancer.

> gives Upwork the authority

It is the rules Upwork sets that gives it the authority, rules everyone agrees to before entering in a relationship.

Contracts are constantly litigated and various terms get struck all the time. It’s not that everyone agreed with Upwork that gives them control it’s the near impossibility of litigating amounts in question without losing money. Upwork in the other hand has extreme incentives to make these terms stick because they have a lot more at stake than just ~12k.
> The freelancer made an agreement with Upwork that, in exchange for payment from Upwork, the freelancer would perform work as directed by the client.

Do you have proof of any of this? I'd bet cash money that everything that happened here is entirely covered the actual agreement.

>anybody working in the cryptocurrency space should vet clients very carefully given the high level of fraud and insanity in the space.

Normally I'd agree, and I'd just flat out refuse to do crypto work for people over Upwork.

But these payments came over the course of two years. After the first few settle, I can't blame him for assuming everything is hunkydory.

What's insane is that the bank is letting someone do chargebacks going back two years.

How do we know they did chargebacks for two years? I see 6 items, which I'm guessing is the 6 months that my card issuer limits chargebacks.

If that's the case, then the freelancer could still be well ahead on his slice of the credit card fraud.

Their tool is a spyware. They eat 20% of all their freelancers earnings and it's up to them to verify the client credit cart and identity so they should do better and cover this. What is worse is that it took then 2 years so the freelancer possibly paid taxes and withdrawing fees. Fraud sucks but I don't think someone should be able to make a refund years past an event. Due time is important.
It's utterly ridiculous. If you want to be the 'merchant of record' then you absorb the risk, it's that simple. What tool gets used has nothing to do with that, then they need to improve their KYC work.
>It's utterly ridiculous. If you want to be the 'merchant of record' then you absorb the risk, it's that simple.

Are you saying that as something to aspire to, or something that's standard practice? I don't think most people would have a problem with bigcorp absorbing the risk, but in practice most e-commerce platforms pass the chargeback risk to their sellers.

Generally, in the payments space, the “merchant of record” is who the banks go to with chargebacks and disputes. I haven’t heard of this as an industry standard.

Large platforms where the customer thinks they are paying the platform, such as Lyft or Uber, take on the chargeback risk. Etsy, Shopify, and others where the customer is paying a vendor tend to pass on the fees to the vendor.

Ultimately, it’s up to the platform how they want to handle this. It’s most likely listed in the terms of service.

It is the expectation they create, by taking care of the drudgery of having customers Upwork puts itself in an excellent position to reap a chunk of the turnover of the freelancers they put to work, but it also puts the onus on them to ensure that customers pay their invoices and do so promptly and properly.

Note that there is absolutely no dispute at all about the work being performed or the quality of the work, and if there was they might have a leg to stand on, even if that came to light this long after the fact (though, again, that would point to some process errors at Upwork).

The responsibility of payment processing and due diligence with respect to which customers they do business with and how they arrange the various payment options lies entirely with Upwork. In this case Upwork is the seller. They buy the product from someone else and that's two separate relationships, Upwork now suddenly wants to pretend that they weren't part of the transaction after all and that the relationship ran directly from buyer to their supplier but that isn't the case.

Upwork would presumably say that freelancers who don’t use the Upwork tool are deciding they’d prefer for Upwork to not be part of the transaction. In particular this seems unambiguously right for “service not delivered” chargebacks, where managing chargeback risk kinda requires being able to prove that the services were performed.
That's a pretty weird reading of the concept of the gig economy. Upwork clearly wants to own the customer relationship, which is why they do what they can to avoid being cut out of the deal. In a world where Upwork would be happy to be compensated by freelancers invoicing customers directly for work found through Upwork you'd have a point, but that is not the world we live in. Upwork processes the payments, and both clients and freelancers are aware of this and that Upwork takes a cut for providing the matchmaking and process services they offer.

Service not delivered is normally dealt with by services like Upwork through escrow like arrangements or review procedures where the customer will only pay for approved work. Upwork chooses the second method, which means they have all of the control they need to ensure that freelancers only get paid if they deliver, substantially reducing the risk of such chargebacks.

And if these do happen, then the problem, again, lies with Upwork and the fact that they choose a payment method that offers that possibility. They could choose wire transfer instead if they were concerned with customers charging back after approving the work.

It's not a one-sided problem. They could do wire transfers, but that would be a substantial cost for their client side users, since most (American) banks charge $20-30 for outgoing wire transfers. It's not obvious to me why avoiding chargeback issues should dominate all other concerns, as bad as it is.
Credit cards also have fees. When you start talking thousands of dollar transactions CC start being more expensive.
At 1000 dollars 4% is $40.
Apparently the cost of credit card processing amounts to $12.5K, on account of something that the freelancer could not have been aware of. The thing to watch for is whether Upwork improves their processes on account of this happening, changes their terms of service (supply side) changes their terms of service (demand side) or does nothing at all. That will tell you all you need to know.
I think the point is the insecure payment method was Upwork's decision (they don't even allow their freelancer to propose an alternative their own payment solution) as was accepting the stolen card; risk management of non-reversible payments has a cost too, but that's a decision Upwork made. The only security decision the freelancer made was not to use Upwork's spyware. Which would give Upwork valid reason to default to siding with the client over the freelancer in the case of a dispute about completed work, but not to demand a freelancer reimburse them because Upwork had chosen to accept reversible payments with a stolen card and couldn't easily recover funds from their client after the chargeback.
Then Upwork would have no claim to a violation of their TOS. Upwork can't choose between protections and risk.

> We continued working via Upwork while locating in Zurich, as to not violate any Upwork terms.

If that’s the case I would expect Upwork to charge a lower fee when freelancers are not using the tool
> They buy the product from someone else and that's two separate relationships, Upwork now suddenly wants to pretend that they weren't part of the transaction after all and that the relationship ran directly from buyer to their supplier but that isn't the case.

Upwork asserts that they own the relationship between client and freelancer/agency, to the point that freelancers or agencies must pay Upwork thousands of dollars if they want to move their client off of Upwork.

There are different types of platforms:

If you sell something through Amazon and the buyer commits fraud, Amazon will still pay you provided that it was credit card fraud.

If you sell something on your Shopify store and integrate with Stripe, you are responsible for your KYC, and will have to take a loss for fraud.

The former takes a larger percentage of your sale for handling KYC, while the latter lets you keep more, but you're responsible for KYC.

The problem with Upwork, Airbnb, etc. is that they act like the merchant of record but not when it comes to fraud. They try to pass that onto the seller.

I don't disagree (nor totally agree) with your opinion about the matter. But they don't take a 20% of all their freelancers earnings, they take 20% on the first $500 of your per-client earnings, then %10 of the next $9500, then %5 of any more work with your client. Also, you are free to work with any client outside the platform 2 years after you start work with them.
And therefore when there's a chargeback they take 20% of the hit.

He needs to go after the thief. Upwork certainly ought to help with that, rather than trying to get the bank to not do the chargeback and screw over the fraud victim after all.

Even if track time with their tool Upwork can take money back from you. I’ve witness the case where client paid $40k with Amex card and then chargeback. Poor freelancer lost $40k because Upwork took that money from his account as soon as it saw chargeback from Amex.
> Even so, my initial sympathies were with the freelancer. But then I looked at the main page of his website. he is a "Blockchain & AI Focused Tech and Investment Consultant"

Whilst I have little time for the crypto world, this is totally irrelevant. They were using a large & popular freelance platform for legally acceptable work and the exchange of fiat currency for billable work. People use platforms like Upwork in the (often mistaken) belief that it adds a layer of trust and safety to a working arrangement, including billing.

I think it is relevant. If you work for crypto scammers, problems are more likely. If you work for normal clients, via upwork or some other way, problems are less likely.
Upwork handles payment. The freelancer has no ability to verify the card used for payment.
If you work for "crypto scammers" just take partial or complete payment up front, in crypto which can't be retroactively taken from you.
tbh he might try not to pay back anyways, but they might close his upwork account, so the payment method is irrelevant here, isn't it?
The actual problem is that chargebacks are possible when using credit cards, and chargebacks are possible because of the legal concept of card fraud (i.e. the person holding the credentials could actually not be legally "authorized" to realize the transaction), and the legal concept of card fraud exists mainly for two reasons:

1. Banks are bad at security.

2. People are bad at security.

3. The responsibility in the case of fraudulent transactions is not clear. Who is to blame? The bank or the user?

Cryptocurrencies either solve these problems or neutralize the negative consequences of these problems:

- There is no bank to impose dumb security rules

- When credentials are "stolen", the user has no one else to blame than themselves.

- There's no concept of fraud. Whoever holds the credentials (private key or nmemonic seed) is authorized to realize transactions using the credentials.

- There are no chargebacks. Once a transaction is confirmed, the receiver can be certain that their money is not going to get pulled back.

> Banks are bad at security.

I disagree. I live in Europe and all my online card transactions over a nominal sum (~$10) are tied to a certificate-based security application that requires confirmation on my phone. This same application is used by all banks and most government entities.

There are of course banks in the world that are bad at security, but “banks”, as a general term, most definitely are not.

The fundamental problem is, of course, that security is annoying, so any fundamental security improvement to online banking needs to be mandatory and centralized, and if there is no will to push something like that I’m not surprised nothing happens.

Shifting all liability to users ("the user has no one else to blame than themselves") is probably one of the most anti-consumer moves ever. Especially in the context of digital credentials that people do not know how to secure and for which good usable security mechanisms do not exist.

Also, what happens in transactions where the seller does not deliver the right item? What if I buy a laptop off eBay, but I receive a box of rocks instead?

So you are saying that cryptocurrencies are better because if I get scammed I have zero recourse to get my money back? Wow. And I was wondering why this modern marvel hasn't taken the payment industry yet.
zero recourse transactions sounds like a nightmare. screw everything about that
Charge backs are not only intended to solve card fraud. It's the most convenient tool you have as a buyer to deal with seller fraud. If you have good evidence, you can win them consistently.
> Have your lawyer contact us

That alone would cost several thousand dollars.

Upwork should provide free lawyers for incidents like this as part of their package.

There may be an arbitration agreement in their EULA, and that may allow them to settle this more cheaply than using lawyers.
The time tracking is to protect the client from the freelancer scamming. Time is not even being disputed here. Upwork is handling payments, and taking 20% fee for that risk (as I recall), so they need to eat it when they screw up by allowing payment with an unauthorized card. There is nothing the freelancer could do to know that payments are valid, because upwork is supposed to do that.
(comment deleted)
Reminder to anyone reading this:

NEVER EVER give access to your bank account to ANYONE.

e.g. INTUIT (They personally scammmed me out of a month's worth of subscription that I never used).

Do NOT give your bank account to Paypal, they WILL withdraw money if they have any excuse.

You can however, give all of these your credit card, as any wrongdoing can be ammended via a Chargeback, but there's no chargeback for direct-to-bank withdrawals.

This varies country to country. In the UK, direct bank withdrawals (via Direct Debit) are guaranteed forever. Ie. in 30 years time you can reverse a transaction from a company and get all the money instantly, even if the company no longer exists.
My bank doesn't even offer a dispute option in direct debit transactions.
you have to call them.
This bank and banking system specific. My bank (Canada) doesn’t offer any dispute option either.
How does it work if the account is closed, company out of business etc? Does the bank eat the amount? if so, seems easy to abuse.
The bank (or transfer provider) eats the amount. And yes, it gets quite some abuse. It's especially abused against gas and electric providers when they've gone bankrupt since people tend to have paid those companies tens of thousands over many years, and when the provider has gone bankrupt it's unlikely they'll provide any evidence to dispute any chargeback.
Though as a point of interest my small UK-based B2C has seen significant abuse of card chargebacks (i.e., chargebacks issued against legitimate charges and the banks rejecting our dispute) but never a single abusive reversal under Direct Debit, even though in theory the Direct Debit has that indefinite liability attached. I suspect this is because in practice you can issue a chargeback because you didn't like the way someone sneezed and a lot of banks will uphold it while you normally have to give a valid reason to reverse a Direct Debit transaction.
Probably because you can't dispute for any reason. But if there wasn't enough notice. If you don't give 10 working days notice (unless initiated by the person). An immediate refund can be requested.

Bad service isn't a reason for a refund. And if the person doesn't say "This debit was in error. I wasn't given notice" or similar the bank will usually say this is a legitimate direct debit [0] https://www.directdebit.co.uk/DirectDebitExplained/pages/dir...

Not ANY wrongdoing...

Despite Air Canada cancelling the flight (we didn't cancel our tickets), despite a public campaign waged to get them to refund passengers, despite the US Department of Transportation fining them $25 million (reduced to $2 million because US gov't), despite Air Canada changing their public website multiple times (I saved screenshots to include "we will fully refund") but then not actually allowing your ticket to be processed, despite me submitting DOZENS of responses to Chase for clarification on why all of this is wrong of Air Canada...

Chase: "I'm sorry, if they don't want to refund you, even if they said they would, there's nothing we can do."

https://viewfromthewing.com/dot-issues-largest-fine-ever-aga...

Have you thought of going to consumer court? Either that, or a class action lawsuit (if multiple people can group together) should definitely help you see your money. You might also be able to find a lawyer pro-bono as the case is clear cut in your favor (and charge for legal fees in the compensation).
Odd.

Did you use the magic phrase: “I need to issue a chargeback. They charged my card for services not rendered. I called their number to contest it and they did not issue a refund.”

That (or “they charged my card but did not send the product”) has worked 100% of the time for me. I’ve never provided documentation beyond that.

Chase has a strong financial incentive to issue the chargeback (Air Canada ends up paying Chase a fine), and it’s no sweat off Chase’s back if Air Canada sues you.

Card issuers have no incentive to investigate further, and (in my experience) never ask for further documentation.

If Chase was already involved, it seems like Chase denied the chargeback request. Banks have an incentive to not let bad chargebacks through to major merchants, it would reduce the value of the card networks over time, and hence incentivize less use of the card networks resulting in less profit for the banks.

I would have taken Air Canada to court though, assuming all the facts are true. A small claims court would have definitely supported them.

Not sure where this person is, but in the US chargebacks exist because they are required by law. There is also an arbitration processs they are required to provide for disputes, which is pretty cheap.
I second this comment. Your chargeback request needs to color neatly within the lines of their procedures if you want a smooth process. How you phrase your request is incredibly important. Do not go crazy on details specific to the situation, use a template.
I have had trouble with charge backs with Chase. Generally, I think they are pretty good to work with, but I would not suggest them for any large purchases.

You are correct about credit card companies, but for whatever reason, Chase has different incentives.

In my experience it’s almost too easy to create a chargeback and the whole system is grossly inefficient and ripe for abuse.

I once called in to make a price protection benefit claim (would refund the price difference of a purchase). The agent assured me it was done and I find out later all they did was create a chargeback and I got refunded the entire price because the merchant didn't respond to it.

The dispute resolution system seems like it gets no investment or attention from any stakeholder, a merchant could easily get DOSd by spam disputes if some sort of consumer protest were organized. That’s how overpowered of a consumer tool it is.

Same experience with an Air Canada ticket here.
Chase seems to be one of Air Canada's credit card rewards program partners[1]. My guess is that this relationship has something to do with Chase's refusal to issue a chargeback.

[1]https://www.aircanada.com/us/en/aco/home/aeroplan/credit-car...

that seems like a stretch to be honest.
These programs are worth billions for larger airlines according to https://en.wikipedia.org/wiki/Ancillary_revenue When there are billions at stake, it does not strike me as a stretch that the credit card partners would bend the rules to benefit their airline partners.
Right! This is why I always chuckle when the HN thought-leaders always say "just do a chargeback" as if it's easy and guaranteed. I've rarely had success doing them.
Anecdotally, I've never had one fail. I've probably done maybe 4 or 5 in 10 years. Though I despise Chase and don't use them, so that may be the key. Amex and Discover are top notch in that department.
The difference is often your bank. Some of my banks don't even have a way to initiate the charge back process (you have to write a free form email), presumably to reduce overhead and to avoid losing cases needlessly, while the others make it very easy with a web form.
> NEVER EVER give access to your bank account to ANYONE.

The thing is, that’s the only way to do direct deposit. It makes me uncomfortable too, but that’s been the standard for decades.

You should be funneling income into a separate account and moving it elsewhere after.
I have a friend that is extremely wealthy. He can pretty much buy whatever he wants.

He does this all the time. He has a "cannon fodder" bank account that gets just enough for the expected payments.

I do this as well.

This reminds me to look into a long standing request of mine. I want Chase to give me an account that has no external bank access allowed. Money can only be moved into/out of it from the other Chase account under my ownership. My immediate look a few years ago did not reveal any built in way to make this possible.

To allow someone a direct deposit they should only need your name and bank account numbers. You shouldn't be giving them access with things like your password.
Giving them your name/account number is all that's needed for someone to withdraw from your account. That's how gyms work. They just require your account number and/or a void check (which has your account number). They don't need you to sign into your bank account.
I don't think any responsible bank would let you withdraw using just an account number. What kind of security would that be? My bank certainly doesn't - allowing a debit requires me to authorise via 2FA - they obviously can't just take money.
>I don't think any responsible bank would let you withdraw using just an account number

What do you think a check is? It's a piece of paper with your account number, who to pay, and how much. There's a signature field, but it's not checked too closely (I don't think my bank even asked for a signature sample when opening my account) and signatures are trivial to forge.

> What do you think a check is?

My bank doesn't give me a cheque book any more - haven't see a person use a cheque in about a decade. I can't believe they'd let someone cash a random cheque with no authorisation.

Just guessing by "cheque", are you outside the US? The checking system & ACH might be more of a US-centric phenomenon. It's been busted forever, but it's just how we do things around here.
> It's been busted forever, but it's just how we do things around here.

Which is why the rest of the developed world wonders: So why don't you stop that and catch up to, say, the 1990s?

I do that when people send me money for birthdays once a year. Stick the check in the atm, i get money and the person wasn’t asked.
My bank allows me to deposit a check just by photographing it with their smartphone app. No more visits to ATMs needed.
This is every bank in the United States.

Our payment infrastructure ... has some legacy features.

>> I don't think any responsible bank would let you withdraw using just an account number.

That is literally how checking works in the united states. You can withdraw money from a bank account if you have a routing number and bank account number and "permission." The permission could be a signed check, it could be an auto-pay ACH you set up by handing a paper form to someone, it could be a web-form you signed without looking over the fine-print.

Most extractive companies (e.g., gyms, verizon) have so many fine print and so many lawyers that they can literally take anything from you without recourse. You'd spend tens of thousands in lawyer fees without getting the money back. You could go to the attorney general's office for your state. Good luck with that, unless its a common issue, you just have to eat the cost as part of being American.

Or it could be nothing. In this case, its still on you to figure it out and get the money back in time.

My state prohibits gyms from requiring ACH exactly to prevent this sort of abuse. It doesn't stop them from trying, or structuring their fees.

The gym industry is very predatory and it needs far more regulation.

It should be noted that in the US, some banks will allow you to request a default ACH block/lock on your account, and I highly encourage you to ask for such.

That's not only a States thing. Direct debit works similarly in Europe.

That said I haven't heard of companies or fraudsters abusing it

Direct Debit in Europe has strong guarantees in favour of the customer, e.g. reversing charges.

"A no-questions-asked, fast and simple Refund procedure available within eight weeks of the debit date."

Within 8 weeks of the charge, you just phone (or otherwise) your bank and ask them to undo the charge.

> That's not only a States thing. Direct debit works similarly in Europe.

Maybe it still works that way in some parts of Europe, but in others it has been changed to work differently, or doesn't exist anymore and has been replaced by other systems, depending on how you want to put it.

> I don't think any responsible bank would let you withdraw using just an account number.

It happens in Australia as, just fill up a direct debit form which has the client's name, account number and sign.

Are you talking about the paper forms you find at banks, because they dont work that way.
I got the form from the rental agency which directly debits from my bank account for the rent.
There is a similar thing in EU but it's very regulated (though all processes are very lengthy and paper-heavy) and used for paying utilities etc, not gym.
No, you can do it in New Zealand too. I’m so weirded out by it that I just pay these things manually, so have never actually filled in the form that allows it.
It’s the same in Canada. I had to setup direct withdrawal for a strata (condo) fee by visiting my strata’s bank with a “blank cheque” (print out of a .png from my own bank’s website, trivially forged). The teller had already set up the monthly withdrawal before I reminded her she forgot to even check my ID!

It gets worse too - once I moved and wanted the withdrawals to stop, my own bank claimed there was no way they could stop them, only the withdrawing bank could cancel it. Of course I wasn’t a signer on the strata account as I was no longer a resident, so was completely reliant on them to stop.

Legacy features doesn’t even begin cover it. Those people that keep all their money under their mattress aren’t quite as insane as you might think.

It's a carryover from before the internet. It still exists because it's still used.

You might enjoy looking at how things were done before the internet existed, because all the stuff that you do with the internet also was done before just in a different way.

> fucking crazy

It’s true though. This was essentially the plot of “catch me if you can”.

It is; the US banking system is a mess. Everything clears through the fed, believe it or not.

There are two things you can do, however: one is request your bank set a default ACH block, and the other is to create a sub/second account from which you do all your ACH transfers for utilities and whatnot. It's a bit of an extra hassle (unless your bank allows for scheduling automatic transfers; many do) but it assures that stuff like can't happen. I've done it for a business that took paypal payments, specifically to stop paypal from being able to yoink back funds a month or two later. Within hours of a payment coming in, I'd transfer it out of the ACH-linked account into the business's main account.

Honestly it's absurd that that we have two distinct numbers (account and routing) but you always use both, they don't change, and they are good for both deposits and withdrawals. It would be so easy to only require an account number for deposits and to have a unique routing number for each withdrawal. Maybe for convenience you have some fraction of your assigned routing numbers be good for repeat withdrawals but only for the amount and frequency specified for the first instance. Thus you can hand out your bank account number to anyone without concern, and they can give you money easily, but only those who you legitimately desire to pay can take money from you and their opportunity for abuse is limited, and all the infrastructure remains relatively unchanged.
I assume checks in the USA have the equivalent of sort code and account number printed on them (as well as name of the account holder) like they used to in the U.K.?
Checks in the US have two numbers; the number that identifies the bank, and the account number. That’s all you need to transfer money between bank accounts in the US.
It's easy enough to use one of the various online banks to establish a separate bank account for Paypal and the like.
> but there's no chargeback for direct-to-bank withdrawals.

This isn't correct within SEPA (the Single Euro Payments Area). You do need to issue the chargeback within 8 weeks, though. [1]

[1] https://stripe.com/docs/payments/sepa-debit#disputed-payment...

If the transaction was unauthorised (i.e. the collection does not relate to the signed mandate), the payer can ask for a refund up to 13 months after the direct debit.
Is this advice really practical. Where I come from my social identity number is public and not a secret, and my bank info is something we hand out all the time if we want someone to transfer to our account (as it is designed for).

Moving to America and finding out that these two are your top secrets certainly seemed odd at first, but then I found out that no matter what you are doing you always have to give out your at least your SSN, but also your date of birth and sometimes your banking info.

The amount of times you need to give out information which is supposed to be private is so often that for any normal person it is unreasonable to assume they know when their not. That is, there are so many situations where you are unable to refuse handing out this information, that when the time comes where the right thing to do would be to not give out the information, you won’t know it.

This system seems optimized for scams.

> If Upwork is the middleman here providing a payment platform, then I'd expect them to swallow the cost of card fraud, not the freelancer.

Yes. To me, it's whoever's in the best position to reduce fraud that should be responsible.

It's Upwork who can verify payer details, implement identity verification, require back-up payment methods, etc. If Upwork isn't the primary entity feeling the pain when a stolen credit card is used, then they're not as incentivized to address it. And there's nothing the freelancer can realistically do, aside from maybe limit risk by breaking the project up into smaller costs.

Upwork does almost no verification of clients, and they won't because it would add friction to the onboarding process. For freelancers, however, they have extensive vetting processes.
If the author is in the same country as the client then they should also be taking legal action to reclaim the money

But they still seem to be on good terms with the client. If I understand correctly the problem is that they insist on getting paid through upwork:

"When things were not making sense, I still followed the rules. I could’ve easily gotten paid from Robin outside of Upwork. Heck, he was physically in front of me. "

I think the OP's point in that sentence is that he was being a good Upwork customer and expects Upwork to hold up their spirit of the bargain, not that he hasn't realised that "Robin" isn't a scammer would have paid him with stolen money (which his own bank might have returned if charged back, but not if it was cash...) and isn't the guy who still owes Upwork money for the work. The stuff about being on good terms is all in the past, when he trusts Robin.

The key bit is "Let me translate this. Robin has been using someone else’s credit card for two years, and this other person realized that money was being withdrawn in the previous two years on a platform called Upwork without his consent." You'd have to be a pretty massive idiot to still trust someone after realising that...

> If I understand correctly the problem is that they insist on getting paid through upwork

Yes, because this is reeks of scam.

If you're in the same country and meeting physically... why on earth are you transacting via Upwork? Upwork was collecting 10-20% of the net payments. There's no reason to do that if you're physically meeting.

Because those are Upworks terms?
The point is that after the initial few contracts, the two parties could have very easily conducted all further business and contracts without the middleman, Upwork.
Exactly --

You use Upwork to facilitate international payments and for proof of work via their spyware when you don't trust the contractor. These two do neither.

You have to be obtuse and believe they just gave Upwork $1k from the goodness of their hearts... or there's some sort of scam. I don't know what the scam is; just this behavior is irrational to the tune of more than $1k if there isn't a scam involved.

You actually have to buy your way out of these contracts—-according to Upwork’s TOS.

You can still move it offline without saying anything but if you have a lot of credibility on either side you are doing what you can to avoid getting on the wrong side of Upwork.

So sometimes it is easier to leave it be. Also past $10k it is a 5% take which isn’t that bad if you’re rate is set to handle it and things are just cruising.

There are a lot of articles out there about how the contracts the freelancing platforms impose on contractors are bad. Maybe they dont leave freelancers with a lot of options in these cases?
> If Upwork is the middleman here providing a payment platform, then I'd expect them to swallow the cost of card fraud

Of course! How else would you be able to protect yourself if someone else is handling the payments?

My friend got scammed in a similar way via CashApp.

He sold something a few weeks ago and received payment via CashApp. Two days ago he's informed that the customer disputed the charge through his bank, and CashApp is taking the money back from my friend. CashApp says there is nothing they can do, they are simply the middleman.

My understanding is that this is not possible in Venmo and Zelle; their transactions are permanent.
That's funny. I paid for something using my CashApp debit card and the merchant took the money and never delivered it and CashApp say there is nothing they can do there either.

I just got banned from Twitter for posting the contact details of their VPs :|

They can't just walk, Upwork will go after them. 12k is an amount that is worth sending at least a few strongly worded legaleze letters by UW's legal dept. Essentially in this situation OP just owes 12k to Upwork. As much as it's a shitty situation, it's a debt. You can't just walk.
(comment deleted)
Is Robin not open to paying $12500 again through a separate method? If Robin is a scammer, then Upwork needs to take the loss here for not validating the money payment method.
That was my reaction, the $12,500 debt should land on Robin’s account not the freelancer. Robin needs to make their own account whole, especially since it sounds like there were other freelancers effected. The freelancer shouldn’t need to pay anything back.

These platforms claim to be “matchmaking services” so they can avoid this sort of issue. But if that’s really the case why do they handle billing at all? These platforms want to make sure they skim their profits from the top but when shit hits the fan they provide no protection for the freelancer.

Since Robin never paid the original bills or he did and they were just refunded, can’t he pay directly?
Exactly my thought... according to the article the freelancer and Robin know each other and are in good terms.

If Robin realized he defrauded Upwork by mistake, he should just pay up. If he doesn't, then he is actually willingly defrauding upwork, who should throw the book at him.

I think so, this story is strange. Working for a client you meet on Upwork or negotiating payment outside of Upwork goes against their ToS so you would expect them to deal with it at least morally if not legally.

If Robin were to pay the client outside Upwork for the $12500 charged back does the freelancer still owns Upwork 20% of the earnings? If Robin isn't paying and Upwork isn't covering the fraud is the freelancer still required to pay the 20% fees?

Dude, get off Upwork.

Do not do any work for them.

Invest that time and build your name on your own or some other platform.

Take your clients off Upwork.

Would love to see what you’re doing.

You don’t owe them a thing.

This! Middle man just adds risks and fees! Keep working 2 years for the same client via Upwork is not very smart.
There’s a few different ways to go here and a lot depends on your jurisdiction (presumably Europe?) but this feels like wage theft.

I’m sure Upwork has armies of lawyers who would argue that you’re an actual business and this is a business to business dispute. And I’m sure you accepted some 78 page document that says that too. But unless you have an incorporated entity and are operating like a business I’m not so sure a regulator would see it that way.

There’s a lot of laws out there involving freelance workers, subcontractors, and so on, and I’d figure out which of them apply to you.

Also like others have said you don’t owe them anything don’t do more work on Upwork to pay off this “debt” fuck that.

And also chargebacks in the US at least have strict time limits, so the amount of delay here in informing you seems relevant. But not sure what the rules are where you are.

> At the moment of this writing, I’m still on the platform. It’s a little bit demotivational knowing that the next 230 hours that I’ll work will go to Upwork instead of me because of this, so I’m slowed down on a motivational level.

The fuck is wrong with you. Drop Upwork

You're underestimating how hard it is to find paying customers.
This is true, but on the other hand, the alternative is to work 230 hours for free with no guarantee this won't happen again in the future. It's a difficult decision.
It’s a labor issue, not a “difficult decision” that an individual should ever have to make. It’s a failure of our society.
Clearly, because UpWork can’t even find paying customers.
Agreed. Drop it before you take on any cost. Get in touch with all current clients outside of Upwork and offer your services direct.
Why would you continue to work with such a crappy company, that handled it so badly? As a middleman they at least should absorb this type of events. They get a cut for every hour worked by the freelancer, this is outrageous.
That's the only possible alternative. You're an expert at a hot topic living in Zurich. There are plenty of alternatives to get work at even better rate.

Also forget the legal course. There's no upside.

(comment deleted)
People have trouble leaving abusive relationships. The author feels they have no real choice because their confidence in finding work outside of Upwork is low. They also are convinced Upwork is a good platform and won’t do this again, besides they believe this whole thing is really their own fault for not vetting clients appropriately. They will work obediently to pay off their $12.5k debt to make Upwork happy again, and then it will be like old times.
From a business strategy perspective, it makes a lot of sense not to eat the credit card risk, otherwise you commit yourself to a very bad position: scammers will signup on your platform as both buyers and sellers and effectively launder stolen credit cards.

From a labor rights perspective, they are clearly not a small business that can take contractual risk, they are a de facto employee dependent on the revenue the Upwork platform generates. Withholding payment for work done is a major abuse.

Each side has their truth and I cannot see how it can be resolved in the general case without regulatory intervention in the area of platform labor.

> From a business strategy perspective, it makes a lot of sense not to eat the credit card risk, otherwise you commit yourself to a very bad position

Well yeah but if they don't they put their contractors in an even worse position because it's unlikely they can each build their own fraud detection infrastructure.

Real advice: Use Upwork (or similar for legal, in the US there's Upcounsel) to find a lawyer in your country and post your job with a link to this article.

Getting a lawyer involved will straighten things out fast. Upwork should eat the loss, no question. It'll easily cost Upwork more than 12k in time and resources if they try to defend it.

It'll cost you a few hundred USD at minimum but it'll be worth it.

This is hilariously apropos. Kudos for the suggestion.
This is a great idea but what prevents Upwork from kicking him off the platform for pissing them off? Or maybe there’s an arbitration clause in the agreement too?
If I were Upwork, I wouldn't be measuring this against the cost to defend this one instance. I'd be measuring it against the cost of the next 10 years of instances of credit card fraud where there's insufficient evidence of people actually doing the work.

If they are seen as soft on this, it opens them up to a class of fraud where freelancer and client collude to milk stolen credit cards. Or where a fraudster just pretends to be both sides.

Honestly, if I was a fraudster and I read a description of Upwork's actions here I'd be delighted. If I pay myself with a stolen card via two accounts through Upwork, their standard policy is to ignore the card fraud account and tell the freelancer account(s) the transaction was laundered through that they'll have to pay Upwork back out of future earnings, if any. That's a fraudster's dream antifraud policy, because they have no intention of using any freelancer accounts they create for real work so there's nothing lost, no police are involved, and Upwork doesn't even care if someone is willing to testify that someone admits to using someone else's card and knows where they live!

Upwork's behaviour is no deterrent to actual multiple account fraudsters at all, and positive encouragement to fraudsters with stolen cards that can profit from selling on actual work done by actual freelancers.

The only context it makes sense is if they're pretty sure the freelancer account is an innocent party they're happy to continue to use their platform, but figure it's cheaper and easier to squeeze them for the chargeback than chase the person who entered the fraudulent cards.

I see your point, but you take it too far. Upwork's behavior generally seems to include significant anti-fraud deterrents. In this narrow case when the fraud has already happened, it's true that washing their hands of it doesn't act as a further anti-fraud defense. But it's a very narrow case where a credit-card owner is not going to notice thousands of dollars per month over a multi-month period and where the freelancer specifically doesn't use their time tracking system.

Where it does help Upwork is helping freelancers see that a) they really need to follow the rules, and b) if they don't, complaining won't get them any more money.

It's a very narrow case, but we're talking about how this case appears to fraudsters, not whatever their other policies might be. Fraud policies are necessarily somewhat opaque and often unfairly penalise innocent parties who come under suspicion but "we're so confident you didn't actually collude with this individual we're not even suspending your account, but we will take the $12.5k we lost off your future earnings with us because it's easier than attempting to pursue the fraudster" isn't even an anti-fraud policy.

If the freelancer is telling the whole truth, it appears they did follow the rules, and Upwork's client committed a felony, and Upwork's response is to try to recover funds from the freelancer. If carders pay any attention at all which they probably don't that's a positive signal.

HN coverage is probably more relevant to freelancers (and genuine paying clients). Its possible it'll scare a few more into using Upwork's spyware tool, but also likely it'll just persuade more to look elsewhere. Not sure the PR damage is necessarily less than $12.5k either..

Again, I see what you're saying, but you take it too far. You have to look at the whole basket of outcomes if you want to evaluate the policies from Upwork's perspective. Is the PR damage less than $12.5k? Maybe. But the proper number to compare with is 12.5k * all the other times this happens or even could happen if the freelancer gets slack.
They should also measure the loss of "sales" due to bad publicity.
> Getting a lawyer involved will straighten things out fast. Upwork should eat the loss, no question. It'll easily cost Upwork more than 12k in time and resources if they try to defend it.

This may work with smaller companies that don’t want to have in-house counsel to engage in lengthy legal debates, but it’s not actually very effective against big companies with corporate counsel and clear-cut contracts.

Unless you think you have an angle to show the upwork contracts

1) Don’t have any provisions covering this situation (extremely unlikely)

2) Are unenforceable due to specific laws

Then it’s a dead-end to sue Upwork. You have to sue Robin, not Upwork.

> It'll cost you a few hundred USD at minimum but it'll be worth it.

Nope. Suing corporations with corporate counsel and well-tested contracts is not cheap. You might get a letter from a lawyer for a couple hundred, but then you’re just going to get a letter back from their lawyers. They will likely also threaten to collect on the reversed charges to raise the stakes.

Don’t sue Upwork with a bargain lawyer. Sue Robin, the client, to collect payment.

Writing severely one sided contracts can be cause for a judge to throw them out (unconscionable contracts). My understanding is that lack of bargaining power and understanding is the usual reason for this ruling. Pitting a megacorp with loads of lawyers vs a self-employed freelancer is definitely the right environment.

The freelancer can’t possibly vet clients payment methods. A contract holding them financially responsible for the big corporation’s mistakes that they can’t prevent or even review seems like a textbook example of this.

The question is if this freelancer (or a reasonable person in their position) would sign a contract like that if they knew what it could cost. I don’t think anything would. Upwork certainly would not.

> Writing severely one sided contracts can be cause for a judge to throw them out (unconscionable contracts).

You still need to convince a judge that, which means lengthy court trial. Also, I suspect the law is slightly more complicated than "it seems pretty unfair to a bunch of HN readers so the contract is unconscionable", which means tons of billable hours searching up relevant court cases.

I’m surprised you can charge back charges from two years ago. To a certain extent, not noticing this fraud does fall on the card owner. They were paying fraudulent bills for years and they just now noticed? I’d think allowing even a three-month old chargeback would be generous.
I believe the problem here is that upwork thinks Robin and him are the same person. They probably have proof that both Robin and you login from same IP (since you met each other).

If robin is not cooperating (not wanting to pay for your work - which then you give money for charge back), then you can go after Robin. You got scammed.

My initial reaction was incredulity against Upwork because this story as described doesn’t seem to make sense.

You reminded me though that freelancer sites are one of the easiest ways to turn stolen credit cards into cash.

It does sound like OP flagged for this at Upwork.

However, OP claimed to have sent Upwork proof of two years of actual projects completed.

While Upwork doubtlessly asked for them to verify that OP had not been scamming the client, it also shows that two years of real work had been done. A credit card launderer would not have had such material at hand.

So he got scammed by Robin. And Robin was smart to meet the guy so Upwork has reason to believe that contractor is also a scammer (the account is not closed because they want to recover the money first).

Without cooperation from Robin this is a hard case for the contractor. If he had logging by screenshots it might be easier but with manual logging of hours there is very little reason to believe.

In short, Robin scammed the contractor using “contractor friendly” tactics: manual logging, let’s meet, etc. Upwork does warn about that, but scammers will tell something like “I trust you”, “upwork invides your privacy”, etc.

> If he had logging by screenshots it might be easier but with manual logging of hours there is very little reason to believe.

OP wrote "I sent Upwork two years’ worth of projects". I assume that meant he showed them the actual work, rather than simple activity logs.

With any luck, the content of the projects should be sufficiently specific to "Robin"'s business that it could show it was not unrelated work being passed off as Upwork activity. And if I were in OP's place, I would have sent any chat logs I had had with Robin.

At some point the effort required to fake all that evidence should be high enough to make it exceedingly unlikely for OP to be a simple credit card fraudster.

I should note that none of the above is my key reason for siding with OP. The key reason for siding with OP is that Upwork, if I understand the system correctly, process the payments themselves and does not give its freelancers any way to actually prevent credit card fraud, so it cannot demand that they take on that responsibility.

If I buy products on Amazon Marketplace with a stolen CC, does Amazon demand money from the sellers? I sure hope not.

> If I buy products on Amazon Marketplace with a stolen CC,

> does Amazon demand money from the sellers? I sure hope not.

Of course - if the seller says "I do not have FedEx tracking number, but here is the picture of me walking to the post office". Or the seller says: "I trusted this buyer and I just drop it at his house".

The key here is that there is no verifiable way for Upwork to know that this hours really happen.

I understand what you’re saying.

What I don’t understand though is OP said that two years of charges were charged back. My understanding is that is not possible.

Isn't this the eBay problem in a nutshell? In that, it's the coordinating party's job to combat this as best they can, because they're in the most information privileged seat?

If Upwork thinks Robin and the freelancer are the same person, they're the ones best able to sort that out, no?

Presumably the freelancer doesn't have access to the full activity history and profile details of Robin, but Upwork does.

And if they do believe that, this seems a bizarre outcome. Why would you allow someone you believe to be a scammer to remain on your platform?

(comment deleted)
If UpWork thinks they are the same they should sue Robin in court not take money away without a court order. (At least in Germany) if you rent some parking space but don't pay the parking space owner is not allowed to tow your car to force payment.
But surely the owner is allowed to tow the car to regain use of his parking spot?
Not sure about Germany, but in a couple of other European countries I am familiar with, they aren’t. They are only allowed to ask the police to tow the car.
(comment deleted)
You wouldn't even be allowed to clamp the car or interfere with their property on your property. The police won't help you either. It is the task of the civil court system to liquidate damages until then they will have to be tolerated. See somewhere in this podcast by a public radio by a lawyer. https://www.mdr.de/nachrichten/podcast/rechthaber/audio-stro...

You would be able to tow after contract is terminated usually after two months without payment but until then you are not allowed to touch their car.

I think that upwork will first try hard to recover money from the client (and they will get the client into collection if the chargeback is fraudulent). Then, upwork will dispute chargebacks if chargebacks do not seem to be valid (so-called friendly fraud).

But if the chargeback is valid and the client is really using a stolen CC, they will check if there is some suspicious activity in the relationship between the client and the contractor. If there is no clear proof (no screenshot logging) and similar login locations + VPN, then they will assume this is orchestrated CC fraud.

So Robin committed fraud and scammed the contractor. Sadly, Upwork will not protect a contractor if the contract and the scammer had a “trusting” relationship (no screenshots, etc.).

So what if it is inconvenient, unless UpWork proves in a court of law that robin is the contractor it shouldn't be able to garnish the contractors income for scam Robin done against UpWork.
I'd be looking to get "Robin" to put in writing that he used the wrong card. Surely it is Robin who owes Upwork, not OP who owes Upwork. I'd also want Upwork to answer a few questions:

1. Did the cardholder receive their money back?

2. If so, how much exactly?

3. How much of that amount did you receive, after fees?

4. Is "Robin" still active on the Upwork platform?

5. Do Upwork have the contact details of "Robin"?

6. What actions have they taken to recover these costs from "Robin"?

7. Who was the person whose card "Robin" had access to?

8. Why did it take them so long to spot the charges?

There are so many questions here. They can't just close the case. It's not a support ticket. This is a legal matter. If OP stops working right now, then he does pay the costs, but he does then have to find another income.

For anyone wants to try and help OP, consider liking/retweeting this: https://twitter.com/imdsm/status/1480176898600845312

Agree -- particularly #8. Credit cards generally have a 120 day time limit for disputing charges for fraud.
Do they? Mine is 6 months. And probably not coincidentally, it's 6 months worth of payments that he has had pulled back.
Isn't the whole point of Upwork to safe guard both sides and why people pay them?

What is the benefit here. This is as good as directly working with a client. Atleast then you keep all the money without having to pay Upwork a cut.

Why continue working on Upwork? They are clearly not providing any value if they did not even do a basic verification to see if the card belonged to the client.

Exact same thing happened with me couple of years back on Freelancer. They take a 10-20% cut and don't do anything to protect you against frauds. If the client used someone else's card to pay your fees, It's you who has to return it back to freelancer when the payment is reverted by the CC company.
what’s the point of upwork being a middle man in the transaction if they don’t assume any risk?
this is the entire point of business model innovation that you then sell to your investors so that they can have a good nights sleep knowing they will be richer in the morning.
Not sure about Upwork, but not having to setup sole proprietorship or LLC. Possibly simpler taxation and so on.
I hope this gets the visibility it needs and some lawyers get involved.

As many others have mentioned, if this is a fair world (i really want it to be), this is Upwork's problem and them eating the cost.

Funds not being "good" is not the freelancer's problem. It's literally why you use/pay a platform like Upwork. So you don't have to deal with wether the bank transfer happened.

i.e. How does the freelancer have any knowledge, power or ability to know whether the credit card being used is legit?

I've since learned from other threads that this exists because otherwise creditcard fraud would be very easy to perform.
How does passing the cost to the freelancer (who has ZERO ability to verify credit card ownership) make CC fraud any harder?

If anything it's the opposite. If I were a fraudster, this blog post would encourage me to use stolen CCs on Upwork, knowing that the platform will simply steal from the freelancer instead of coming after me.

Super late, but the analogy is eBay/Amazon seller. With tangible goods, it's way more obvious that, if the seller delivered, the chargeback should fail.

As the writer of the article points out, proof that the "seller delivered" wasn't strong enough so the chargeback went through.

This is a poor case of Upwork <> Mastercard/Visa/etc company.

It is is much easier to see in the eBay example, that if the chargeback was successful it's the seller's problem.

This keeps the credit card fraud system "turning".

Clearly "Proof of Work" is a huge issue. Even if Upwork 100% says the guy did all the work, the credit card company can still judge "no" and everyone is SOL.

Quit the platform if the platform isn't eating the loss as a matter of failing with their own diligence work.

And if they come after you, hire an attorney and manage it away from.... the internet...

The blog post went pretty easy Robin. It sounds like he is a criminal that stole money and the question now is who is going to end up being the victim. Maybe that should be upwork or the credit card bank, but they aren’t the main bad actor here.

Why hasn’t Al filed a criminal complaint?

This is crazy. As far as I can tell, responsibility for payment/refund should fall to: 1) The entity ordering and accepting the work 2) The entity coordinating payment

In the case of 1), the work was performed and the output approved and received. So it seems pretty obvious that the money is owed by them to the freelancer.

In the case of 2), this entity bears responsibility for ensuring that payment is done properly. Things like, is the person paying the same as the card owner. (Btw, it sure seems like "paying with a card for an account that is not yours" is tantamount to fraud.)

In other words, either the client or Upwork should be on the hook, but DEFINITELY not the freelancer.

They think Robin and the freelancer work together secretly or are the same person and this is just a credit card fraud.
Isn't the solution for this Robin character to provide another card, one that this person actually owns, and provide 12,500 from that card directly? And if Robin doesn't want to pay, to start legal proceedings toward recovering the funds from Robin?

How is the bank or Upwork the bad guy here when it is Robin who doesn't want to pay?

What is the value of Upwork if they are not the middle man here? They were taking the payments, they should take the risk of fraudulent payments.
It's a very common business model nowadays. Turo did the same w.r.t car rentals, there's endless stories about people getting screwed on the platform (both renters and rentees). In every single instance Turo's answer has been "Sounds like the two of you have a dispute. Sounds rough. Hope you two can figure it out!"
Providing an illusion of service for a high price has always been a popular business model.
> How is the bank or Upwork the bad guy here when it is Robin who doesn't want to pay?

Upwork takes: * 3% fee on each payment on the client side; * 20% fee of first $500 earnings with the client; * 10% fee of $500-$10k earnings with the client; * 5% fee of earnings over $10k with the client.

So in this case Upwork took at least 8% of this $12.5k or 1000 USD but I think they took even more. If they don't take risks of fraudulent payments then why do they continue to take a cut in each time?

You can understand Upwork's idea: they just want to pass on the risk and recover their loss. It's a normal business relationship.

But I think many people are not ready for the real world that their skills lift them into: being a contractor really is being your own business, and despite all the schtick about "platforms taking care of their freelancers", it's a business relationship, and really you all need to be looking out for yourselves.

At the same time, it comes across as pretty tone deaf of Upwork, and the developer attitude is understandable as well: can you imagine that if you faced similar risk from your financial / payment / banking services (such as, Payoneer or Pay Pal freezing your funds) Upwork would agree to cover you into another account until it was resolved? Highly doubt it.

Shouldn't Upwork have insurance for these types of fraud cases so they specifically don't have to pass the cost onto devs?

You can just refuse to refund Upwork. They are giving you the collections treatment, you can tell them to stop harassing you as well as report their behavior to the competent authority in your jurisdiction or theirs. Tell them to instead chase down the money from the payer.

edit: I remember I deeply reviewed a contract for a Russian Freelancing platform that was precise and fair -- I'm quite sure it had a clause that was like, once the payment hits your bank, it's yours no matter what. But the sensible thing was they had enough other precautionary stuff in the contract about how they handled payments, disputes and clients and so on, that it looked like they could make that work. They basically covered you for any clients that tried to abscond, I think.

"It is just business" - this kind of thinking is why we have shitty situations like this. Upwork is a billion dollar company, 12K is a joke to them whereas 12k is a lot of money for an individual. The customer paid Upwork using someone else's card, he didn't pay the freelancer. So the party that got duped is Upwork. They should either eat the loss or recover the money from the customer, if that is possible.

Notice the only party that is getting screwed here is the little guy? Why is this acceptable?

Maybe this should NOT be "normal business relationship"?

Agree, totally.

The only thing I disagree with you with is--

> "It is just business" - this kind of thinking is why we have shitty situations like this

I mean I get what you mean, that we sort of normalized it. That's one way to take that: lower our expectations, don't expect better. But I think that's missing a really important piece of the picture: the main other way to take that.

So the statement that, in other words, facing that reality calmly and being prepared for it--is causative of that reality. I don't agree with that.

That reality is caused by shitty human behavior (what I like to call "ape brain shit"), it is not caused by people accepting this is the way things go (sometimes, right? not always), and taking precautions to protect themselves. Being ready to defend yourself doesn't normalize crime, it does the opposite, I believe. Because fraud may be enabled unfortunately by people not doing that--without at all pushing any responsibility for fraud onto victims--the more you can protect yourself, the less fraud you risk you will face.

But none of this practical preparedness makes it OK, nor does it take away from what a shitty situation it is. Very very shitty. Most definitely. But that's what we humans still are, right now, at this stage of our development. Otherwise we would not be so shitty to each other so often.

So...exactly, we got to protect ourselves. But you can't do that effectively unless you realize these things go on. People will push risk downhill. It's how it works. So you got to be prepared to handle that. Unfortunately, that's normal business relationship. I agree that it "shouldn't" be that way. But then a lot of things in the world "shouldn't" be the way that they are.

When it comes to money, why should we expect that to be any different? I think we can expect that to be worse. Because of how much greed, and obsession and dependency there is on money...But I firmly believe the way to deal with that is to face it with eyes open and work out ways to handle it. Rather than hoping, "Man I wish the system was different." I sure would like to tho...Would love to just let my guard down, not give a shit about contracts. Not think I need to "protect" myself. Would love to do that.

But I'd feel I was being irresponsible to myself if I did that--if I expected that somehow someone else was gonna look for the little guy--for me--except me. I'm the one's that got to do that. And I hope you all do that, too--so you stay safe and protect yourselves. Know the world can be crazy out there, people can rip you off--so figure out ways to handle it, and even avoid it, if you can! More power!

>The customer paid Upwork using someone else's card, he didn't pay the freelancer. So the party that got duped is Upwork.

For me that is the key here. Upwork is the one accepting payment so it's their responsibility to verify that payment. It's actually impossible for the freelancer to do that.

If the freelancer had taken a credit card directly, he would be in the same situation as now.
But he would have had the opportunity to manage the payment himself whether that be not accepting credits cards, using a payment processor with charge back insurance or at the very least trying to verify that the credit card actually belongs to the client. As far as I know he can't do any of these things because the client isn't paying him, they are paying upwork and upwork is paying him.
Sure. And he always had that opportunity. Both in general and specifically with this client when they started meeting in person. He chose to bill through Upwork and then specifically declined to use the time-tracking software under which they would cover fraud.

I get that this was a surprising outcome for him, and I feel bad for him. But as a business consultant working specifically in fintech, I don't feel very bad for him. Looking at the dates, I also suspect he isn't telling us about the fraudulent payments he did get to pocket.

> He chose to bill through Upwork and then specifically declined to use the time-tracking software under which they would cover fraud.

That software is for detecting a different kind -- exactly the opposite kind to what happened here -- of fraud.

[Edit to add:]

> Looking at the dates, I also suspect he isn't telling us about the fraudulent payments he did get to pocket.

I thought he mentioned that he had worked for "Robin" for two years? And he never says he was paid with a different credit card for the first eighteen months, does he? So as I read it he does indeed tell us about the fraudulent payments he did get to pocket: Those for those first eighteen months. It's just that the legitimate credit card holder couldn't issue a chargeback for those, so there's nothing for Upwork to try and claw back from him there.

He did vaguely gesture at it. But I think he hasn't really come to grips with how much he personally profited from credit card fraud. He certainly isn't up front about it.
If the freelancer had taken a credit card directly, they would have been in the position to check with the card holder for proper authorisation beforehand, or to deny in case it looked shady.

Plus, the freelancer would be able to just sue the person they were working for directly, rather than having to sue Upwork, risking his ability to continue working there. If the freelancer didn't know client personally, it would have been impossible.

Back when people used checks, it was common for companies to either deny third-party checks or ask for the buyer sign the check over to someone else. This would put the buyer on the hook in case anything bad happened.

Marketplaces just removed all those protections that sellers could implement, while taking none of the risk.

As I mentioned elsewhere, I recently purchased by-the-hour services via credit card over Zoom. They never checked the physical card; they just took the numbers and punched them in, with the charge instantly being made (Amex notified me within seconds). There's no reason to suspect that this guy would have done any more verification.

Are we sure the freelancer can't sue the person directly? And if we believe they can't, why could they do it in the case of the credit card company? In both cases, there's a chain of intermediaries; the chain's just one hop longer.

Were you also using a third party credit card like in this case? Are you really 100% sure this freelancer would do the same that the person in your example did? Were you also doing months-long transactions totalling 12k? If this were with me, it would definitely raise red flags.

If the client is really speaking in good faith ("there was someone else's card in my UpWork account"), all this wouldn't have even happened in the first place, and the client would have noticed it himself.

And even if the same thing happened with Upwork, in this case the choice of verifying was completely taken out of the freelancer's hand entirely. There was zero possibility of him checking a name on a credit card.

If it were a direct transaction, the credit card company would be entirely out of the picture in case of fraud. A credit card company is not an intermediate in the same way Upwork is. Also, are we 100% sure Upwork is not trying to collect the amount from the client at the same time? Have them forfeited the fees?

> If the freelancer had taken a credit card directly, he would be in the same situation as now

Point is: it is impossible to claim that one thing or the other would have happened if the situation were different.

EDIT: Added quote.

> Point is: it is impossible to claim that one thing or the other would have happened if the situation were different.

Then I guess it's a good thing I didn't claim that. If somebody else did, maybe reply to them?

I'm talking about your first post: "If the freelancer had taken a credit card directly, he would be in the same situation as now." part.

It is impossible to claim that.

Was it literally someone elses name on the credit card? Perhaps the freelancer would have rejected the credit card as payment for this or other reasons if they had taken the card directly. Who knows?

Also they would be fighting with the credit card company against the chargeback -- whether and how much they can take back in situations like this depends on the nature of your agreement with the credit card processor, and whether you followed it -- that is, whether Upwork did. Perhaps the freelancer would lose if they had directly charged, but it would be their fight to have. Instead, they are just told by Upwork they owe Upwork money now, because it was Upwork that took the card, not them. But sure, maybe they'd have ended up in the same place anyway, it's true. They would have at least known they were responsible for vetting the credit card themselves -- which you can't be when you never even see it because Upwork is the one charging it.

Would the freelancer have even known? Their initial contacts were remote. I just purchased some by-the-hour services from a sole proprietor a few weeks ago; I just gave them the credit card number. They never saw the card.

Bringing up the agreement with the credit card processor is an important point. I suspect that Upwork's agreement like that involves certain protections when freelancers use the timekeeping system to create real-time proof of work. As the freelancer explains, he's only in this pickle because he entered the time later. I get why that didn't seem like a big deal to him at the time, and I'd be very curious to know how clearly Upwork explained the difference. Was it only in their T&C? Did they warn him when he first tried manual entry? Does the manual entry page warn him every time?

Just taking a US credit card number without the name, CVD code, or zip code, is indeed a dangerous way for the person taking a payment to take one, opening them up to more possibility of fraud and chargeback.

In this case, it was Upwork and not the freelancer who decided whether or not to charge a credit card with only the number, if that's what they did.

I agree it's dangerous. But this guy clearly liked and trusted the client, a client that I'd guess is a fast-talking serial fraudster. So in the hypothetical case of the freelancer working directly, I think it's likely he would not be any better off.
Yes, but in this case it was out of his control entirely, he didn't have the option of verifying the name on the credit card. It was Upwork who (apparently? we don't even know) chose not to do that, not the freelancer. If he was taking the card directly he would have the option of doing it more responsibly; if a hypothetical freelancer read a story like this, they might be more likely to do it next time. Upwork, apparently not?

But if your point is that people taken credit cards get scammed all the time even when taking them directly, I agree, that's a thing that happens.

I don't think there's any reason to assume Upwork didn't properly verify the credit card.

And my point is not just that people get scammed via credit card, but that we don't have much reason to think that this particular person would be better off under your hypothetical case. Sure, he could have done it. He could have also read and taken seriously the requirement to use Upwork's time tracking if he wanted more anti-fraud protection. He could have detected that the client was dodgy and declined to work for him at all. There are all sort of possibilities, and we can't just pick one to draw lessons from.

This is true, but surely dealing with these issues is part of what upwork takes their share of the revenue for?
Maybe! An essential element of designing contracts is figuring out exactly who's taking what risk. From what the freelancer says, it sounds like Upwork is saying, "If you track the time directly with our tool, we'll take the risk of fraud. But if you track time your own way, the risk is on you." I assume that's what the guy actually agreed to, as he didn't say otherwise. So in this case, it sounds like it's something UpWork isn't taking a share of revenue for.
All that is actually required to charge a credit card is knowing the card number. (Some people think the expiration date is required, but it is not. The expiration date is only checked at the payment processor, and there it is just a simple check that it is in the future. You can just make up any future date when submitting the card and it will work).

However, when submitting the card you can supply name, address, and CSC (and maybe telephone number?) and ask the processor to check those. Those will be checked against what the card company has on file.

Details vary between payment processors, but all will have a way for you to bail out of charging the card if you don't get matches on a subset of those fields you chose.

Like most things with credit cards, those checks aren't free. If you are using a payment processor where you see all the little fees it will cost you a tiny amount to do the checks, but if you are with one of the processors that bundles it all together into tiers the fees for checking will almost always not be enough to bump a given charge up into the next tier.

The only real downside of doing the checks is that the more data you make the customer enter, the higher the chance they will not complete the purchase. If you are doing something that has an extraordinarily low chance of attracting people who are using stolen cards and the transaction isn't for a very large amount it might be worth it to not do the checks.

For everything else, you should do the checks and if things don't check out do not accept the card.

> The expiration date is only checked at the payment processor, and there it is just a simple check that it is in the future

Wrong, at least for Raiffeisen Bank in Russia. Once I called their support why the payment didn't go through. Their answer: "you made a typo in the expiration date, try again" (and it worked).

Yeah, great point. There's lots of assumptions here from American posters.

This depends heavily on the country where the processing is being made and in the bank that issued the card to the customer. The data is (in the cases I saw) passed down to the card issuer via an API and the issuer gets to decide what to do.

In Europe for example, CVV seems to be required, except when the merchant requests an exception, or when a pre-auth token is used. In Brazil I've had my card rejected because of a typo in my name, although "forgetting" the middle name was alright.

It's not as clear cut and as insecure as in America or as people are making it seem here.

Can you explain why this matters here? The issue is that Upwork was/is responsible for taking payment from the customer, keeping their cut and paying the freelancer. If they got duped, they should eat the loss. Whether the freelancer is or isn't able to collect payments correctly on his own, is irrelevant here.

Freelancing websites go to extreme lengths to monitor freelancers - including installing monitoring software, taking screenshots every minute etc. Why can't they spend some of this effort making sure they aren't duped, and when they are duped (it will happen at some point) why can't they go after the person who cheated them instead of the little guy?

My point is that Upwork not creating the problem, just passing along the problem.

From what the freelancer says, Upwork would have eaten the loss if the freelancer had actually used that monitoring software. But he chose not to. I get that sucks for him, and I get how he got taken in by a serial fraudster. But I also get why Upwork only covers fraud under specific circumstances.

> My point is that Upwork not creating the problem, just passing along the problem.

Yes it is Upwork creating the problem: They didn't vet their client.

> From what the freelancer says, Upwork would have eaten the loss if the freelancer had actually used that monitoring software. But he chose not to.

That's not how I read it. That software is to ensure the freelancer doesn't scam the client. They tried talking about that first, but then the freelancer gave them testimonials from the client that he had indeed performed the work, which AFAICS closed off that avenue.

The fact that this is even a matter of discussion...

That's like my mechanic getting scammmed on some spare pieces and trying to bill me for them.

> 12K is a joke to them

Not that I disagree, but I got the sense from the post that upwork has suddenly detected a lot of this exact same scam from a lot of clients. They may be dealing with hundreds or even thousands of the same situation.

Even if that is the case, that is still Upwork’s problem. Not the freelancer’s problem.
I know--but that kind of one-sidedness is the same thing that we are accusing Upwork of doing, by making it just the freelancer's problem.

I'm not defending them, and I don't know the facts, I'm just saying we should maintain a wholistic perspective about this--it makes our moral stance more credible. And it's better--it makes us better people. Because it's not just like, "well it's good for me, screw you" -- it's: "well it's the right thing to do." I think we need ethics to guide use, as well. In business especially. Even in the small ways that many of us are in business as contractors, we still need ethics.

Plus it's gonna lead to better karma for us, and better outcomes. If you protect yourself, tough but fair, know you did everything right, but still stood for your own interests, but didn't miss the chance to try to find a win-win: I think that's the way to go.

Yea exactly. I love how upwork charges upwards of 20% of the payment but as soon as they get duped they want to recover 100% of the money from the person who can least afford it in. Why are they taking such a large fee if not to cover things like fraud risk? I think it’s time for some laws to regulate these shitty companies.
(comment deleted)