I just spent 45 minutes composing this email to one of our resellers on what credit card fraud is all about, and I thought I would share it with you guys, for whatever it's worth...

---------------------------------------------------------------------------------

Re:Fraud

You do not have to tell them anything. They are criminals.

You are lucky the card was declined.

Guess it's time for a crash course in Credit Card Fraud 101.....

Credit card fraud runs rampant in the hosting industry. For most hacker-frauds, it is a "fun" thing to do. In short, they do it because they can. They don't get long term "free" hosting and hosting companies always catch up with them, one way or another. The fraudulent accounts are terminated. Somehow, this is "fun" for them, but it costs hosting companies untold time and money.

Stolen credit cards are used all over the internet. They are stolen and used immediately, so the owner of the credit card has no idea that anything is wrong until much later. If the correct credit card #, cardholder name, and expiration date are used on your order form, and no fraud checks are performed, nobody figures it out until the cardholder gets their monthly statement and starts screaming.

In this case, the cardholder will inevitably file a chargeback request against your company. The funds that you received for the order will automatically be taken out of your business account, and your company will be hit with a processing charge by your merchant account processor. Your risk factor will also increase with your merchant account processor. If your risk factor gets high enough, your merchant account processor says bye-bye to you.

Here are our Anti-Fraud guidelines:

- Any order from overseas is immediately suspect. Especially orders from Malaysia. Malaysian orders are automatically rejected by us. Period.
- Always check that the name on the order matches the name on the credit card.
- Always check that the billing address on the order form matches the credit card billing address.
- If the order is for more than 1 months service, it is immediately suspect. Hacker-frauds will usually pick the most expensive plans and sign up for the longest period, i.e., one year.
- Orders for domain registrations over 1 year are immediately suspect. Again, they sign up for the maximum term.
- Is the phone number on the order legit? i.e., if the order is from the USA, is it a USA phone number, not international.
- Does the area code of the phone number from the order form match the city listed in the order form? Use reverse phone # lookup.
- If the account is a domain transfer, do a whois on the domain. How does that look? Real addresses and phone numbers?
- Are the email addresses on the order legit? i.e., not @yahoo.com or @hotmail.com or @hushmail.com?
- Is the email address on the account legit? If it is snert@snert.com, go to snert.com, see what it is. Does it even exist?
Use a reverse email address lookup, see if the email address is real.
- Is the address on the order form legit? Go to mapquest.com and look it up.
- If you suspect fraud, email them. Ask for more info and confirmation that the order was placed by them.
- Lastly, if you are even the least bit suspicious, call the phone # on the order. Ask them if they placed the order. Ask them to repeat the credit card number, expiration date, and exact name on the card back to you. Ask them for the 3 digit number on the back of the card at the end of the signing line. This is the definitive way to assure that they have the card in their possesion and are not using stolen imprints.

Once you do all these things, you will either be confident in the order, or suspicious. In some ways, it's more instinct than anything. But rest assured; If it smells bad, It is Bad.

Thanks for the info. Im sure It'll be useful to me and other webhosts. :)

-Kyle

Kyle, thanks.

I just hate to see anyone go through what we went through. We had a rash of Malaysian fraud attacks back in June that we are still getting chargebacks for.

Thanks!

I think the msg by Coran is very exhaustive and detailed... but I personally think that the generalisation that Malaysians are frauds is rather discriminating...

I'm speaking as a Malaysian... and I know there's quite a number of Malaysians in this forum. I can clearly understand the situation that you're in, but it's not that credit card frauds don't come from any other countries.

I'm not trying to invite flames or what... but just would appreciate if you could post in a better tone about that. Just because you had tons of frauds from Malaysia, that doesn't mean you should get the whole world to shut its door from genuine Malaysians doing business here and on the web.

Ask around in the forum, there's quite a number of hosts who are happily serving Malaysian clients.

Ahh.. Coran.. Very educational but a little too late for me. =)

This past weekend, we just got hit by a fraudulent order worth ($397.02). This person ordered our most expensive hosting plan and paid annually including a domain registration. The contact info and billing info matches the name on the card and everything. So I confirmed the order and processed the card. However, while doing a routine check of our logs I noticed this person acted very suspicious and wasn't rational for someone looking for hosting especially with the package he ordered. He went straight to the order page and never bothered looking at other plans. Tracing his ip, discovered that he was from a university in Indonesia.. By that time, the order was already batched so I couldn't void it.. The following monday, I decided to call up the owner of the card (in Mass.) and inform her of this order also hoping she hired an Indonesian web developer to setup her site. Unfortunately the phone number on the order was also fake. With the help of technology ( hehe ), I found her number and called her. She then thanked me for letting her know and she later called me back and told me that the person who illegitimately used her card also purchased a bunch of stuff over the weekend. Eventhough I lost a few dollars ($10 for the domain and transaction charges on the credit card) and I'm happy that I helped someone out. I guess I learned to double check everything before I let my batch get processed.

I'll add one more that wasn't listed...

IP check. Just for the heck of it, you can attempt to match the IP with the address given. I'd flag an order with a U.S. based address that was submitted from an IP address elsewhere.

You know what's funny about this whole issue is how some of the banks could seemingly care less if their customers card numbers have been stolen or not.

While double checking a couple of fraudulant orders several months ago I found that the phone numbers and addresses where fakes. Obvious fraudulant orders using stolen credit card numbers. I called my merchant account provider who said the cards were not reported stolen but that I should call the card issuing banks. At this point all I wanted to do was to alert them so that they could tell their customers to cancel the cards or at least let them know to watch for fraudulant transactions on those cards. After getting run around for about an hour, one bank thanked me and said they would alert the customer. The other, I think it was Citibank, said that it was against their policy to tell their customer about the kind of fraudulant activity I described to them claiming it was a privacy issue. I told them I didn't want any info on the customer I just wanted them to call the customer and ask him if he was aware of the charges. Nope, wouldn't do it. I'm sure that customer was pleased to see his statement the next month.

I guess that some banks don't care if there is fraud as long as they can do a chargeback and screw the merchant. Spend the extra couple of minutes it takes to background your online credit card orders. It can save you charge back fees and quite possibly your merchant account.

Had a similar experience while confirming an order, but this was to the individual. The order looked odd, so we called the phone number listed either on the signup form, or the domain (can't recall), about the questionable transaction, asking them to call back (the person was out).

Next day, left another message, "This card was used for blah blah..."

No call back.

I'd think you'd want to find out some info about this if it was used without your permission, or confirm the order, but this person never contacted us, despite numerous attempts, so ohhh well...

Auyongtc,

Just to clarify, we are not discriminating against Malaysians. We just happened to get a bunch of fraudulent orders that said they were from Malaysia. The addresses, phone numbers etc. were all bogus, so who knows is they were really from Malaysia. I have my doubts, actually. Maybe they used Malaysia in the drop down list on our order form because they liked the sound of it. Maybe they were from the USA. Bottom line is, we had no idea where they were from because every peice of information on the orders was fake. I have absolutely nothing against Malaysians. I am going to retract my statement that we blindly reject orders from Malaysia, but we certainly scrutinize them very thoroughly and have found that with us anyway, most are fraud. Sorry if I offended you.

AP and Chicken,

I would have to agree. The banks that we have dealt with really don't seem to care about credit card fraud. You would think that at least the cardholders would care, but it seems that many of them know that if they request a chargeback, they will get it.

The thing that blows my mind is how brazen some of these people are. We had one that was absolutely fraudulent that slipped through somehow. Got the chargeback. Checked their account. They had a fully functional e-commerce site running on the stolen credit card. We repeatedly tried to contact them via email (probably bogus) and by phone (bogus), to no avail. Suspended their account. Nothing. No contact. Unbelievable.

After reading your writing
i want to share my experience about a fraud

six month ago i get ver very good offer from hosthem.net(they are scam) they asked for my credit card and other info but there is a strange thing hey want these to faxed them. As a people living in Turkey it was very difficult for me but at the end i do it.
after waiting one week i get no response and and a week after i learned they gone.

i forget them and made agreement with an other company
after 4 months i get my crdit statement and see somebody spend 1000$ in infrastructure.com

i called them they understand me and charge my money back
but what i want to explain

1-)you said alot of way for a host to find customer is cheater but what we(customer) can do a host is scam or not
2-)you said there s a chargeback fee i am sure i paid more for telephone and renewing my new card

what i wanna say i think visa mastercard or other card firms

must have a firm that handles all credit card process in world and they must have offices in all over world and every time somebody makes and purchase over 50$ 100$(i am ont sure) they call and ask"have you made this purchase"

yes it may be cost to much to settle it for them but they alredy have offices all over the world and i think it is the best until we pay our fees by our retinas rather than credit cards

Thanks Coran for the crash lesson in Fraud,
This morning we got a pretty interesting signup.

IP traced to US
Credit card address in Vanuatu
email for client is in Indonesia
Chose the most expensive plan for 1 year.

I checked the domain name he requested to be associated to the account and found out it was registered to a totally different person and different address. Also, by typing http://clientdomain.com
, I got "domain disabled, contact customer support" message.

So, I emailed the client and asked to confirm the domain and to my surprise (not really), he emails back with totally different domain name which is registered for a third person in Indonesia.


what a nice way to start the day.....

Joana, i got exactly the same this morning. Credit card address in Vanuatu and ordered the largest plan for a year.

SplashHost, is it Mencul ?

The dead giveaway is that, at least for us, they always order the most expensive package for a year. Our most expensive plan (that we advertise is $99.95/month), so those fraudelent orders are over $1000. Really easy to spot in our order log.

Joana, SplashHost, that's enough for me to declare it a pattern. I guess Vanatu is the new Malaysia.....

What's funy about the whole thing was when I kind of got alarmed about the order, I emailed the guy asking to confirm the domain he wants to use. Well, he emailed back 2 hours later stating a totally different domain name from the order.

When I checked the new domain name he requested, it was registered under a different name and diferent country. It was a Live domain with different contact Info.

That person got the billing cancellation notice due to fraud and asked to email us if he thinks it was in error. Guess what, No email from him yet.:(

Yeah the guys name was Mencul. Maybe he is filthy rich and just couldnt decide what host to use so just decided to try them all lol

Originally posted by Joana
SplashHost, is it Mencul ?


By cracky they hit me yesterday, IP traced to @Home in New Jersey.

Hopefully you were able to avoid them in the first place and did not create an account for them. Yes, IP traced to @ Home and it seems to be the same guy. Credit card info is correct by the way.

Originally posted by Joana

IP traced to US
Credit card address in Vanuatu
email for client is in Indonesia
Chose the most expensive plan for 1 year.


Joana, I'm from Indonesia.
I guess his/her IP is from inte**acket.net ??
For you reference that a lot of Indonesian ISPs using inte**acket.net as their direct uplink provider.
I know that a lot of carders here in Indonesia.
Take a look at this URL: http://go.to/yogyacarding
anybody care to report it to go.to and geocities.com?

The other possibility why you get an US IP, perhaps this pathethic bastard person log into a US server shell account and use lynx command to fill out the order form.

sodapopinski,

I checked out http://go.to/yogyacarding. I don't understand the language. Are carders credit card fraud people? Is this site offering stolen credit cards. If so, I will be more than glad to contact Geocities.

Originally posted by Coran
sodapopinski,

I checked out http://go.to/yogyacarding. I don't understand the language. Are carders credit card fraud people? Is this site offering stolen credit cards. If so, I will be more than glad to contact Geocities.

Yes, they are carders credit card fraud people community.
If you translate the languange you will see that they teach people how to use stolen credit card safely :( :(

I also try to explain it to go.to and geocities.

Coran,

You pretty much hit the nail on the head. We have an order screening protocol that is very similar to what you listed. Spotting fraudulent orders is usually pretty easy once you get the hang of it. I would say that the "most expensive plan/longest term" is one of the largest giveaways - that and invalid phone numbers (I suppose they figure that if they put an odd looking number in, we will just assume it is from some weird country where "92**401" is a valid number. ;) )

This is definitely a useful tutorial for those who would rather not learn things the hard way.

Regards,
Matt Lightner
mlightner@site5.com

Most of the countries we receive fradulant orders from are:

Russia
Ukraine
Lithuania
Indonesia
Pakistan, Islamabad (just started getting these about 2 weeks ago)


Jeff

you can probably add Singapore to that list as well. We've gotten a few from them as well.

Greg Moore

Yeah..that's another bad one. We've also received a lot of fraudulant orders from them as well.


Jeff

Indonesia, Malasya..... :angry:
I'd close access to Internet from those countries!

Last month we had 5 strange orders .

For example: from IP 202.159.64.92 (Indonesia)
Domain - k-elektronik.net (not registered),
Company name - http://indoraptor.com/ :) (Hacking For Fun - KnowLedge Is The Power),
billing address from the US


IP: 202.88.232.206 (Indonesia)
Doman is not registered
Billing address - US


etc.....

Hi
We had over $1000 in fraudulent orders yesterday from Indonesia, Malaysia and the Philippines.
We also had another order from one of our regular carders in the US who used a different e-mail address this time which led me to his personal web page, witha link to his school web site...... and a link to his school prinicipals e-mail address.
Its just after 9am there now so I wonder if he has been called up infront of the prinicipal yet?

I recommend checking the order IP country against the country stated on the order form as its a sure fire way of determining if someone is in the country they say they are in.

With one of the frauds I got the real card holders phone number fromthe phone bookand got him out of bed.
The card was only four days old and had been issued to replace one that had been compromised on the Internet.
It turned out he works or the nak that issued the card and is going to find out how it coul dhave happened as he had not even used the card yet.

The bizzare thing is that all those orders got through AVS and as such, were covered by our chargeback insurance.
I could have let them go through and then picked up the cash fromthe insurance company in a few months time.

But I just hate credit card fraudsters and I don't like them getting one over on me.

Gordon

Matt, thanks and I agree on the phone number thing. Speaking of strange phone numbers, here's a test. We flagged this one as fraud over the weekend, suspended it, but the guy has been emailing us insisting the order is legit. Any opinions? I xxx'ed out his personal info just in case...


New domain name: fullmoon.com
Registration Period (years): 1
Channel Identifier:
User Name: xxxxxx
Domain Package: Plus/$19.95
Contract Length: one year
Domain Registration: New Domain Registration
Comments: Yahoo


Name (first,last): xxxxxxxxxxxxx,xxxxxxxxxxxx
Company: None
Address: 06,cours de rive
City, State, Zipcode geneva,geneva,1204
Country: Switzerland
Phone Number: +852.25.29.75.78
Fax:
E-mail: xxx@prison.co.uk
Off Network E-mail: xxx@prison.co.uk

Gordon, that is bizarre. Every credit card out there these days requires the owner to activate the card before use, right?

Originally posted by Coran
Matt, thanks and I agree on the phone number thing. Speaking of strange phone numbers, here's a test. We flagged this one as fraud over the weekend, suspended it, but the guy has been emailing us insisting the order is legit. Any opinions? I xxx'ed out his personal info just in case...


New domain name: fullmoon.com
Registration Period (years): 1
Channel Identifier:
User Name: xxxxxx
Domain Package: Plus/$19.95
Contract Length: one year
Domain Registration: New Domain Registration
Comments: Yahoo


Name (first,last): xxxxxxxxxxxxx,xxxxxxxxxxxx
Company: None
Address: 06,cours de rive
City, State, Zipcode geneva,geneva,1204
Country: Switzerland
Phone Number: +852.25.29.75.78
Fax:
E-mail: xxx@prison.co.uk
Off Network E-mail: xxx@prison.co.uk

I hope your privacy policy mentions you will be giving out their address and phone number in a popular forum.....

Way to bring back a thread from 2001! :rolleyes:

Wow, what a great thread. I'm just wondering, how do you manually check against fraud? The merchant I'll be using is PayPal and people say they're one of the best against fraud. Also, as a new host, should I not accept orders from certain countries? Sure people'll complain but is it worth the risk of loosing your pation that is your hosting company?