Last night I received this email:

==============================

Dear cprhosting,

I want to make you aware that you are hosting a domain name that has been using stolen credit cards to sign up for hosting accounts. The domain is THAT80SBANDROCKS.COM .

This same person signed up for several web hosting accounts with us in Dec 2002 and we just got socked with the chargebacks.

I hope this information has been helpful.

Best Regards,
Timothy Bowdler
Customer Service
sales@webdirecthosting.com

===============================


The credit card has gone though with Authorize.net who checks to some degree for stolen cards. Is there any way for me to do a double check on this, or should I just wait to get socked with chargebacks too? I don't want to suspend the client's account as that would not be fair to him either. Please give me your 2 cents worth on it.

Call your customer to verify that the information they provided is accurate. Call their credit card company and ask them to verify for you also.

Another suggestion would be to force your client to enter the CVV2 number -- 3 or 4 digit number after the credit card number -- and verify it. This number is located on the physical card itself.

Originally posted by rey
Another suggestion would be to force your client to enter the CVV2 number -- 3 or 4 digit number after the credit card number -- and verify it. This number is located on the physical card itself.
That helps, but it is not foolproof. The card-issuing bank has to be participating in the CVV2/CVC2 system for it to be effective. But I agree, it does help.

I'll echo dandanfirema's suggestions. As well, do a whois on the domain and see if the name and address match the details received in your online order. And the email can be a telltale sign as well. For instance, oftentimes the cc info will be someone in the US, but the email address will be @tr or @ru.

Vito