Client who simply doesn't understand - very long, sorry

Business
1

This is going to be a long one.

I’ve had this client for two years. Ecommerce site. Everything was fine until September of last year. I’ll put the whole thing in a timeline (I already have done this for the client in anticipation of a court date that I’m sure is coming) and quote it below.

My question: Do I continue to explain the issues to this client? The issues are:

  1. I am not able to get proper feedback from the merchant account holder. She is the account owner and needs to set up a user with appropriate permissions there, but she doesn’t understand this.

  2. She compromised the security of the project by giving out the username and password to at least FOUR other developers, and swears that no one except the last guy accessed it (I have an email from her with feedback from her bank’s customer service that clearly came from the admin section of the site, so I know that this is not true). Now the site is completely broken.

  3. She has ignored my advice on several occassions (in the matter of shopping cart and merchant account processor, mainly) and has handled things in an unprofessional way, at best. There is a resolution to this issue (starting over with a new merchant provider). I wonder if she’ll listen to my advice then? The last guy who looked at it (a local developer who I know and trust) says that the merchant account is not fully compatible with OSCommerce (even though they claim to be).

  4. The merchant account has apparently done their annual PCI Compliance scan. She’s having a fit because she says it’s not in compliance. Well, gee. Could that be because it doesn’t function? This is the first I’ve heard of non-compliance… the merchant account holder required it and was supposed to make sure of compliance before they let her process transactions.

These are the events, in order of appearance (I’m going to x out proper names and such):

In September, the only work I did was to help you set up an email account and we set up a promo for $2.95 shipping. This was set up and working correctly. Then we set up a promo code for free shipping after 6 products. I installed and tested this, but did not realize that I was not getting feedback from the bank. The three hours that it took were never invoiced.

9/30 - customer uses promo code, but is not credited the discount by MERCHANT ACCOUNT. Our system’s back end DOES have the correct amount. The discount was not sent with the order to MERCHANT ACCOUNT. I changed the sort order in OSCommerce and tried testing. Testing with MERCHANT ACCOUNT is not working at all at this point, even though OSC is sending the {TEST} flag. The ONLY way I can test with MERCHANT ACCOUNT at this time is to send a live transaction (which I did).
I did many tests. Every time, it worked fine in YOUR site and the total was never correct at MERCHANT ACCOUNT. You forwarded the receipts from MERCHANT ACCOUNT, so you were getting the test transaction feedback.
This is when you said you were sending the username and password to your nephew in Bangladesh.

10/01 - Removed the discount code from the discount code module. So that customers would still get the shipping discount, I changed the shipping module to zero out after 6 products were ordered. You said you sent the username and password information to your college roommate. You didn’t say you might, you said you DID.

10/04 - . I have emailed MERCHANT ACCOUNT to ask them to send me the line item of the product that contains the discount code, so that I can see where I’m not passing the negative amount to them. They email me back and tell me I need to pass the {TEST} flag (which I’m doing, but doesn’t help me get feedback). You call MERCHANT ACCOUNT and give access to Emma there. Emma tells you that the reason the promo codes aren’t working is because I don’t have the module set up to use any (this is true… I had taken it out on 10/01). This is absolutely someone who has had access to the entire file system, if she was able to know that there was no code set up in the discount code module. That is the only place she could have seen it.
For that week, I try to explain to you that I must have test transactions cc:ed to me. You insist that if I talk to Emma, Emma will explain how to set up the discount code module. But the issue is feedback from the bank for test transactions, not the discount code. I can’t troubleshoot any module without that transaction email.

10/06 - You email me to ask what email address I’d like to give to MERCHANT ACCOUNT to cc: test transactions to.

10/11 - I realize that there is something very wrong with the session control on the site. As I look through some files, I find they all have an encoding appended to the top but that someone has opened them and added two line breaks to the end of each file that was opened. Since Emma, the nephew, and the college roommate have all had access to this, I can’t be sure which files have now been altered.

While trying to troubleshoot, I found that on 10/08, more than 2MB of bandwidth were recorded in the traffic of the site. My calendar and schedule show that I was not in my office that day. I do not know who downloaded and uploaded that much information. But someone did have access at this time.

10/15 - You tried to use the shopping cart and were kicked out twice.
At this time, you’ve engaged LOCAL DEVELOPER COMPANY to help you. The principal there, LOCAL DEVELOPER, got the above information and the usernames and passwords.
The last communication from you was on 10/25 when you said you had engaged LOCAL DEVELOPER to fix the site.

11/18 - I got the following message from LOCAL DEVELOPER: “Good morning. After hours and hours of troubleshooting–the error is in the OS Commerce code as in its relationship with her merchant checkout and we couldn’t spend any more time trying to “find a needle in a haystack”. There are posts on several forums indicating the same issues and no one (so far) has found a fix). I wish we could have helped and we did diligently try.”

01/05/2011 is the first I have heard that the site was not in PCI compliance. I was under the impression that since MERCHANT ACCOUNT required it, MERCHANT ACCOUNT had tested it already. If not, it has been 11 months since the site went live and they have been processing transactions.

She has asked for a full refund (two years’ of work) which I denied. She is now saying that she must have this issue resolved (she does) and will get affidavits that no one has accessed the site, except me and the LOCAL DEVELOPER.

My contracts, by the way, are airtight. After signing off on the initial project she switched to a per hour maintenance plan. I have no obligation to continue to accept work from her just as she has no obligation to continue to use me as her developer.

So, I’m covered legally. If this should go to court, I’m good. But this is not normally the way I do business. I would like this resolved to the satisfaction of both of us. But I have talked and talked and talked to her until I’m blue in the face. I have emailed all of this, too, many times. She does not understand, really, what the issues are and why I haven’t just sat down and fixed it.

I have not touched the site AT ALL since the 11th of October.

Feedback? Ideas? Similar situations? What would you do?

Thanks very much, everybody!!

M. Scott

2

Wow, Scott! Sounds like there are too many cooks in the kitchen and they’re all trying to cook a different recipe! As a result the dish is a mix of all those recipes and is worthless.

The best thing you could do here IMHO is to visit the client (or have her visit you) and walk through the required steps together.

If you can prove that someone else tampered with the site she can “swear” all she wants, but that’s kinda moot. You have the prove and from what I gather all she has is goodwill (hearsay at best).

You will never know if she’ll take your advise until you try, won’t you? :wink:
In all seriousness though, if you know and trust this local developer, and s/he says the current solution is no good, I’d really consider to persuade her to take something you know for sure will work.

Well, if it doesn’t work, than it won’t be in compliance with anything; that’s kind of a no-brainer isn’t it?

Of course as web developers we try our very best to satisfy each and every customer we get, until the point we bend over backwards and jump to rings of fire and it just gets ridiculous.
Surely her claim to get all her money back is nonsense (and sounds like a petty excuse for some other problems she may have IMHO!) and you should never give in to this.

At the end of the day, it’s like Mike Shinoda said:

Listen, it’s like poker, you can play your best
But you gotta know when to fold your cards and take a rest

Sometimes it’s just not worth it …

3

When a client relationship becomes this complex, it starts to become simple again - write a SHORT and TO THE POINT letter to her explaining your position in clear, simple language. Give her the option to drop the relationship entirely or unfortunately you will need to resolve the matter legally.

If you have all of your communications archived, are confident that you are in compliance with your contract and that she is not owed a refund, then there is nothing to be gained by listing out points or explaining things over and over again. At the absolute most, you could write a single, concise list of bullet points the detail your argument but avoid going into unnecessary detail - just make your point and move on.

If things are as you say, you should be fine. Remember, in a legal dispute the fewer words you write the better off you are.

4

Thank you both! Your feedback is much appreciated, simply because I needed to hear the same things from people with experience. One problem of freelancing in this industry is that no one really understands what I’m up against with this client.

  1. If it’s true what the other developer said and these systems (the merchant account and the OSCommerce) are not completely compatible, then I guess I need to suggest that she change merchant systems. What she really needs is a third party merchant processor like paypal (Virtual Merchant would be ideal for this client) as I suggested in the first place.

  2. I know that the problem of getting test transaction feedback from the existing merchant account has not been taken care of, so I could sit down and work on it and troubleshoot all I want, but I can’t finish the job in its present state anyway.

Sagewing:

When a client relationship becomes this complex, it starts to become simple again - write a SHORT and TO THE POINT letter to her explaining your position in clear, simple language. Give her the option to drop the relationship entirely or unfortunately you will need to resolve the matter legally.

I have actually already done this. This is when she started talking about affidavits. I know my a$$ is covered, legally, but the stress and time that it takes, even in small claims, is not where I want to be. Plus, I don’t really want to do business like that. Perhaps she does.

Again, thank you, both, Sagewing and ScallioXTX. Your feedback makes me feel better :slight_smile: Sometimes, it’s just nice to vent.

Anyone else that has input, I’d be glad to hear it. I’ll write her this afternoon and try to explain that since the problem is not resolvable as it stands, that she’ll have to change her merchant provider if it’s going to be resolved at all. I have to think of a diplomatic way to say, “It’s my way or the highway.”

M. Scott