I had an accidental bath in salty sea water (but that's a different story) ... so my phone died. I got hinted that I could by a replacement phone at ebay.in (why I need an Indian Intex Aquafish ... that's also a different story). International shipping was supported ... so I followed the link and proceeded to purchase the item. Shopping telephones by internet should be pretty simple in 2016, right?

My expectations on "how to order a cellphone in 2016"

Find a link to the phone, press "buy", enter the shipping destination (i.e. Norway), get a quote including shipping, press "accept", enter full name and shipping address, get a payment request (a QR-code for scanning with the mobile, with a hyperlink), click on the hyperlink (since I don't have the smart phone available), and in my case I'll get redirected to localbitcoins.com (because I've been too lazy to install some bitcoin wallet software on this computer). There I just confirm by entering my password ... and both the seller and I (and anyone else knowing the details in the payment request) can see that the funds have been sent into escrow or directly to the seller, I just have to sit back and wait for the product and eventually release the escrow when the phone has arrived. Easy!

Unfortunately, with ebay.in things doesn't quite work like that.

First trouble - registering the account on ebay.in.

Among all the information I had to fill out, I also had to register with my telephone number. Is that really relevant? Well, whatever ... but then came the next step, I had to confirm my telephone number. First small problem, a potential catch-22, I sort of needed a telephone to be able to verify my telephone number. Well, VoIP to the rescue, I eventually managed to get some telephone number verified through their pin-over-voice solution.

The payment, attempt #1.

Choosing the payment type

I was positively surprised that it was many payment options. With such a big selection of payment options, surely Bitcoins must be covered? eh ... no. Looking through it over and over again, the only ones I could use was "debit card" and "credit card". I chose "credit card". One could choose between several credit card types, but Mastercard was missing - hence Visa was my only possibility for paying for this order.

Paying with a credit card

Some people insist that paying with bitcoins is "difficult". There are even many people within the bitcoin "small-block clique" that proclaims ... "forget about payments, credit cards does just an excellent job on that - bitcoin is for settlements and storing value". No, credit cards are not excellent for payments. I leave my rantings about how much the credit card duopoly rakes in on fees, the Wikileaks blockade, etc for another post - this post goes only on the user experience - and even that sucks.

To pay with a credit card on internet in 2016, one should first enter some 16 digits from the front side of the credit card, then an expiry date, turn over the card, enter three more digits from the back side of the credit card - and usually one is also required to enter the name of the credit card owner, sometimes also the full address. How easy is that? My browser can help a bit, remembering some of the information and filling it out, it helps a little bit but not much.

As there is very little security in this, one often has to go through some extra hoops called "3D-secure", where the browser is redirecting the customer from the shop to web pages controlled by the payment processor or credit card issuer, and then one has to enter some password (often an OTP to authorize the transaction. Then one gets redirected from the bank and back to the merchant, with some hidden message in the redirect allowing the merchant to get paid. It's quite complex and messy from a web programmers point of view, and there is also usually a risk that the whole thing ends with technical issues - and neither the customer nor the merchant really knows weather the transaction went through or not. On most of my credit cards I only get a monthly statement - hence I still don't know how many times I've actually already paid for this phone.

Try again, try again, try again ...

Surprisingly often international credit card payments fail. I ran through all my visa credit cards - no luck. I was supposed to be redirected to the 3D secure payment, but I never got there ... just some timeout error.

Next, I went to "debit card" and tried to use my debit visa card there ... and, yes! Finally I got to the next step - I got redirected to my 3D secure payment verification provider - just to discover that to fullfill the 3D secure payment I would need an OTP sent to my telephone. Oups. I ran through all my visa credit cards through the "debit card" payment method, and ... surprise, surprise, they all seemed to work now, but all of them required SMS verification. No phone, no payment. Damn.

The payment, attempt #2.

Next day - and I had managed to borrow a spare old telephone and set it up with my SIM-card (not that easy since the old phone required a bigger physical format on the card - I somehow managed) - so I was ready to pass that SMS 3D-secure validation! I went to "debit card", tried to add the information from my favorite credit card, but ... no, timeout while waiting for the 3D secure dialogue. Tried with my visa debit card, but same story. Hm. I tried the section for "credit cards", and ... it worked! I got to the 3D secure payment. How bizarre, just the opposite of the day before.

The reason why a merchant should go through the hassle of implementing 3D-secure is ... liability shift. If someone manages to get through the 3D-secure with a stolen credit card, then that could result in some "interesting" arguments between the credit card issuer and the credit card holder. The merchant is out of the equation - they should be guaranteed to get their payment. No chargeback. At least that's how I've been told that it works. My surprise was big when I got the next message in my face: "Please send a scanned/photographed copy of the front of the credit card used for this payment (with Expiry Date hidden), or a copy of your latest credit card statement". I thought ... "Ah, easy, I'll just grab my smart phone, photograph that credit card and send it directly by email from my smart phone ... uh ... except, I don't have a smart phone. Well, I'll fix it on the scanner in the office over the weekend". Before the weekend was over, my order had been cancelled.

As a customer, how can I be really sure that the payment also got cancelled? I get only monthly statements from my card issuer. With no-3d-secure I do have the right to get back my money, if the merchant won't refund I can complain to the credit card issuer and they will eventually revert the transaction - but with 3D secure I don't have this right.

Also, sending over a copy of the credit card to prove I own it ... it kind of defeats it's purpose, because as soon as I've done it, there will be lots of Indian employees having access to a copy of my credit card, they can again use that for shopping at other merchants having the same policy. I always try to be a bit smart in such situations, putting a note where it says "FOR MY EBAY.IN ORDER" on top of the credit card, but such a thing can easily be photoshopped, so not much security ...

The payment, attempt #3.

While the web page told me to send a credit card scan or a credit card statement, I also got an email where it actually says that I should send a credit card scan and a credit card statement. I'm lazy and I also don't want to send my credit card statement (easy to fake as it's just a pdf I get by email, contains lots of private information), so I opted to ignore that "and".

I decided, just for the fun of it, to leave "Visa" ticketed as the credit card type and anyway enter the information from my Mastercard. That usually don't work out, quite often there are checks both in the javascript and on the server side that the visa credit card number should start with 4. But ... it worked! I got right through to the 3D-secure dialogue, entered my fixed password, went to the scanner, made a scan of my credit card, and sent it to [email protected] as requested. I got two autoresponders, the first one ...

Hello ,Thank you for taking the time to send your email. However, the address
you sent the email to is no longer available to contact eBay India Customer
Service.
(...)

and the next one

Subject: Thanks for your email - we'll get back to you soon

Thank you for contacting eBay Customer Service.  
This is a system-generated response to acknowledge receipt of your e-mail. 
(...)

What should I believe? I'm lazy, so I chose to believe that the email got through. Alas, the order got cancelled again.

The payment, attempt #4.

Damn, I need that phone! It's actually available (sent from India) on ebay.com also, but for quite a markup in the price. Well, let's try once more to pay for my ebay.in order!

Using my favorite visa credit card, I ordered the item once more. I sent the credit card statement and the scan of the credit card to the given address. When receiving the autoresponder I immediately took contact with customer support. The promised response time on "online chat" was "less than one minute", so I chose that. The chat window opened up, I had to describe my problem in some few sentences (which I did), and then came a fat bold message up promising me service in less than one minute. Some five minutes later the representative from ebay.in chimed in, presumably with an automatic greeting:

 Welcome to ebay Live Help. My name is Atif. How may I assist you today?

Ehm ... should I repeat what I just wrote when describing the problem? Probably.

Be rest assured, definitely I will assist you with your query.

Right ...

Thank you for providing me information.

I think it's a cultural thing. I prefer customer service to be on-the-point, not wasting my time with empty politeness. I won't go through all the dialogue, but this one gave me a pointer:

please send the details on above email ID you have provide from your register email iD,

I didn't understand him at once, only after I had complained once more that I already tried that and got the autoresponder. The key words here are "from you register email iD". I tend to use throw-away email addresses, ideally I want my email addresses to be a bit like bitcoin addresses - so the email address in the From-field on the email I sent did not match up with the email address I've given to ebay.in. Tried again to send my documents, now with the correct email address in the from-field, and ... no autoresponder. I also got an alternative email address I could send the documents to, so now they for sure should have gotten them.

Well, this story ain't over until I actually receive my telephone ... 24 hours have passed so far, and my paisapay payment is still in the "action needed"-state. If it fails now, I'll definitively search somewhere else for a new phone ...