I have been readin post on here about fraud for a while

I have not been able to find a website that i can go to to see if a domain anem or email address has ever tried to sign up with a host with a stolen credit card

So what i plan to do is create a subdomain on my site for all hosts to go to and check for stuff like that

It would be a webhosts only kinda thing
Think this is a good idea?

Let me know what features you would liek to see in there

Give me postive and negitive feedback i would really like both

If this idea works as a subdomain on my main domain i will then buy a domain for it

Ofcourse this would be a free service

Let me know
I will start developing the site as soon as im done writing this

I would also like if someone would create buttons for it
So hosts can put them on there site so ""possible fraud"" attempts might be stoped

Like i said its an idea and i think its a really good one but i would like as much feedback as possible

Well the first feedback i would like to give is for you to work on your grammar and spelling. :-)

The second is work out a fool proof method to ensure that the addresses and domains you're listing haven't been spoofed by the scam artist or you could end up being sued.

These kind of "blacklists" can be useful if done right and carefully but can turn around and devour you whole if you make a mistake.

Well how would you suggest doing this?

I was thinking of let web hosts only signup

This way only web hosting companies could see the info and add info

What ever ideas you may have will help

I would actually think it's good with negative impacts. Since I believe this is not any top secret thing, here's how we minimize fraud orders, maybe it would turn out some good suggestions for you.

Through our signup scripts, any IPs from open proxy will be detected and directed to a warning page:

You can find a lot of open/public proxy information on the web, these two are I found quire accurate:

http://groups.google.com/groups?q=202.139.16.179&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=hf8ja.193245%24WE1.24608029%40amsnews02.chello.com&rnum=2

http://groups.google.com/groups?q=202.139.16.179&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=b3drvp%244cet%241%40as201.hinet.hr&rnum=1

I notified 2checkout and I believed they also have those IPs blocked.

I assume you should logged the IP when someone signs up the service. Do a search on google for the IP, domain name, username, or anything you feel it is neccesery.

Anyone who uses free email to sign up the service, we will have someone to call and verify. Otherwise they will not be activated. If the domain name isn't registered, watch closely for the account and see if there is anything goes wrong.

etc, etc and etc......

Not sure if this helps, but hopefully it does. I just feel like typing. :)

Yeah it helps

Ok what if i set it up so it sneds a notification email to the email the host supply so they can argue about being on there?

Maybe that would work
this way they have the chance to argue that they didnt do it
And it was a spoofed address or something

Originally posted by volumeserver
Yeah it helps

Ok what if i set it up so it sneds a notification email to the email the host supply so they can argue about being on there?

Maybe that would work
this way they have the chance to argue that they didnt do it
And it was a spoofed address or something


not a foolproof solution.

imagine the real user's email address is abc@email.com

then, the scam artist submit a spoofed address and enter a fake email address such as whatever@whatever.com.

so, even if your system sends a notification email to the email address submitted along with the address, the real user will not know anything about it!!!!

UNLESS.... you send a SNAIL MAIL to the address... it cannot get more foolproof than this....

The only real way to prevent fraud is to do what elance and others are doing, as part of the signup process authorize a debit/credit of like .02 and .08 cents and have the user check his account and confirm the authorization on the website.

This would mean that the user has the card, access to the cards information and would basically leave the fraud up to visa/mastercard since if they have that much info you did EVERYHING you could to authorize the card (moreso then any vendor)

other then that, why are you having fraud problems? I've been in business for nearly 2 years in hosting and have had only a limited 1 or 2 fraud orders.

I am not having any fraud problems at this time i have had one
and i called the phone number and verified all of the info
and that was over a year ago

I just see so many other hosts having problems and trying to stop it so i figured that maybe something like this would help

Originally posted by turboweb
The only real way to prevent fraud is to do what elance and others are doing, as part of the signup process authorize a debit/credit of like .02 and .08 cents and have the user check his account and confirm the authorization on the website.

This would mean that the user has the card, access to the cards information and would basically leave the fraud up to visa/mastercard since if they have that much info you did EVERYHING you could to authorize the card (moreso then any vendor)

other then that, why are you having fraud problems? I've been in business for nearly 2 years in hosting and have had only a limited 1 or 2 fraud orders.


but WHAT IF the card is not stolen and the buyer is just a scumbag who wants to get free service/products?

i.e. he issue chargebacks after receiving the service/products?

what do you do with such scumbags? had a few from paypal. verified users and pretend that they never receive item 3 months after the transaction.

Originally posted by lobaloba9
not a foolproof solution.

UNLESS.... you send a SNAIL MAIL to the address... it cannot get more foolproof than this....

That is not a bad idea but that is not an option at this time because this will be a free service

I have a beta version of the site if you guys want to check it out and sign up

http://volumeserver.com/fraud

Let me know of any errors

Ok i have the beta version up and i know the domain im going to register
stophostfraud.com

What do you guys think of that domain?

I recommend hurrying and registering the domain before someone snatches it up. ;)

Regarding your script, I would add an IP address field and a reason field (i.e. stolen card, chargebacks, spammers etc). Not a bad start.

Thanks Coach
Great ideas i will add them now

:( i cant register it yet, paypal is too slow lol
anyway i can think of another if need be but i like that one
I hope no one snatchs it on me though

Also i am going to add a "is this you" link so the users can dispute it with the host

Good idea?

Ok after PHP being a pain i have the "appeals" section working
Any more ideas?

Come i know you guys have more ideas

Anything you want to add is ok
You can call me an idiot if you would like to
i want both negitive and positive feedback

For $7 we've joined http://chargebackbureau.org/ over a year ago. The site is easy to use, well built, and they even have a snazy little logo to put on your site that may (hopefully) deter potential fraudsters...

Anyways, this service already does what you're asking, and there is no need to reinvent the wheel. They even have a reporting and searching API that you can integrate into your backend scripting/order processing operations. Also, my favorite part is that when you enter a 'report' into their system, the customer/fraudster gets an email stating that they have been reported, and that if they do not respond within 90 days it will be reported on their credit report (although it *does not* do this) -- However, that scare really gets 'em shaking and has helped us collect on a high percentage of the chargebacks that we were owed.

Good luck!

Well i didnt know that

But i will still create this site in the hopes that it helps at least a few hosts

Thanks for the information though

You're welcome. ;)

Greetings:

In terms of lowering fraud against our company, we are using AVS settings with Authorize.net, and taking advantage of H-Sphere's ( http://www.psoft.net/ ) Signup Guard.

Signup Guard -- http://www.psoft.net/HSdocumentation/admin/signing_up_new_users.html#signupguard -- is awesome.

You get to set a number of rules for when a set up requires human intervention.

Between Authorize.net and Signup Guard, we've reduced fraudulent sign ups close to 0%.

Thank you.

AlwaysWeb thinks for that link never heard about that before and for $7 what a great way to help protect your companies back-- thanks again.

Regards,

Well i registered the domain

I am in the process of creating a script so that you can intergrtate the site into yours

Let me know of anything else that you might like to see

OK i just thought i would let everyone know that the new site is now live

http://stophostfraud.com

Hope to see you all there

And please send me all of your suggestions and comments

I am still wanting any suggestions about the site

The more i get the better the site can be

just be careful not to get sued.

How is there a way to get sued?

as someone has mentioned earlier in this thread, if the "fraudulent" customer claims that he is not fraudulent and threaten to sue you if you do not remove his info from your database.

Yes but then that is why we have the "appeal process"

The host can send all of the information he has and the user then has to submit what information that he/she can
If it matchs then it stays.
Like the ISP if he/she uses AOL and i trace the IP to AOL then
He/She can not argue

Thats just an example

Plus it will be noted that all information in the database is supplied by third parties all information is "assumed" accurate

You get my point?

ok. what if after the user appeal, you conclude that the merchant is correct and you dismiss the user's appeal. then 2 weeks later, the user sent you a lawyer's letter? how are u going to deal with such a situation?

Originally posted by alwaysweb
For $7 we've joined http://chargebackbureau.org/ over a year ago. The site is easy to use, well built, and they even have a snazy little logo to put on your site that may (hopefully) deter potential fraudsters...

Just curious: how many people have you 'caught' by using their "fraudster database"?

Respond to the letter or go to court if need be
Im not afraid to fight

Plus i dont think any lawyer would take it to court because somewhere on the site i will say "All information is believed to be true and correct" so just by saying that they will have no case