How to Check Orders for Fraud
When you receive an order you are excited! You now have a new customer and are X dollars richer, but what if this purchase was done with a stolen credit card or hacked Paypal account? In a few months the person will contest it or use Paypal to take it back and you will have provided a possible scammer or spammer with web hosting. If you get a lot of charge backs this can also cause a rise in your rates at your credit card merchant, thus loosing you money. The answer? Screen for fraud constantly and if it doesn't feel right call and verify the order.

IP That Placed Order Doesn't Match Billing Address
Pretty obvious right? You would be amazed by how many people ignore this simple check. If you get an order from Matt Jones who lives in a small town Virginia and the IP address is from Germany or Romania it’s pretty obvious something is wrong. You will need to call and verify the order via phone or just void it. Hopefully you have order software that provides the IP that ordered the package so you can look that up using IP Whois at DNS Stuff or a similar service. There are also many sites that map an IP to a location but keep in mind these are not as accurate as an IP Whois. Billing software such as ModernBill can be setup to provide this info along with the order.

Email Address on the Order
This is another great way to tell if the order is fraud, check the email on the order and see if it is from a free provider and what name is used. If the email is john.doe@gmail.com and the order is from John Doe then it is usually a good order, but if the order is from Matt Smith and the email is Lee@FreeEmailVietnam.com you probably have a problem.

Order Amount
If the order is for six months or a year up front be suspicious especially if they didn't ask any pre sales questions. This is not as common but usually frauders try to buy a longer period since they know the credit card will be reported and are hoping that the one charge might sneak by on the bill.

Formatting of the Information
Does the information such as name and address appear to be formatted correctly? Frauders don't take the time to upper case their names or the right places of the address and state. Or they might just use all caps. Watch for both as they are good indicators the order is bad or from a lazy person. If you have a place on the order form for a company name and they fill that in that is usually a good indication they are real. Not many frauders take the time to fill that in.

Conclusion
Fraud can be avoided and never underestimate just calling all your new customers if you are a small enough company. This can be a great way to touch base, see how people are doing, and impress them with your customer service. This can also lead to better information about your clients such as what they are looking for and how they found you. This guide should help you prevent fraud and just use your common sense. If it’s too good to be true call them to verify. Not many people get upset if you call to verify their credit card or Paypal account in order to protect them.

Hope it helps,
Thanks, Ben
<<Snipped commercial link>>

Great Article Ben.

This is very useful information.

As well for those that don't have the time to manually go over orders programs like FraudGuardian can be a big help. It is still good to look at them quickly but it usually catch's any blatant fraud.

Great article though. Thanks for sharing.

Thanks :)

Ya I really like FraudGuardian esp when it ties into ModernBill, helps a ton.

In regards to IP Matching home address:

Military stationed overseas
out of town on business

There are a variety of reasons someone may be buying something online and the IP does not match there home address.

The others were excellent though.

Originally posted by l.stevens
In regards to IP Matching home address:

Military stationed overseas
out of town on business

There are a variety of reasons someone may be buying something online and the IP does not match there home address.

The others were excellent though.

If you are manually checking the orders for fraud this is something you can take into account. If I have noticed something like this where everything else seems ok but the IP is way off I might just send out a quick email and ask them what the reason for the difference is. If it is something believable then I probably approve the order.

very insightful article , all hosts should be using this process.

Thanks Ben, it’s a good article. We should share our ideas and information with each other in similar ways to combat online fraud.

we pretty much do all listed above , along with credit card authorization forms with copies of ID and credit cards for extra security.

Originally posted by HiVelocity
we pretty much do all listed above , along with credit card authorization forms with copies of ID and credit cards for extra security. Yep I forgot about that, faxing the old passport, although once I did that when I ran a hosting company and forgot I couldn't read any Chinese.

If you guys have stuff to add please let me know, the APOs a good one, I forget about those but usually if its a military email I just approve it because someone would have to be crazy to try to fraud with one of those.

Please post any tips you guys have run into so I can update it and plus this thread should be a good resource,
Thanks, Ben

People using AOL all have the same route if I recall, all ending in VA right? Pretty hard to tell there.

Something else we add, is the domain registration and credit card name/address need to match. Common sense would question a WHOIS that provides an overseas address and a credit card with an address in the States.

Also, nothing weeds out fraud faster than a quick phone call. You can easily track the exchange and area code to the address on the card. If they match and you have a CVV2 and AVS match, it would be very difficult to receive a chargeback...

The best practice for me is to use FraudGuardian that is with modernbill. If there is no voice authorization, I consider it no sale.

good guide. I have implemented most of those techniques already and I think alot of people skip these essential steps

Thanks :-p

Another extra step that may or may not help is to run a quick google search on the email address they used to sign up with and/or their domain name. If you do a search for the domain name you can pull up a google cache assuming they had a website before signing up for hosting through you.

Cheers! :)

Another good idea is to simply call the credit card companies to verify that the billing name, address and phone number match the records that the bank has on file for that card number.

In the US you can usually get confirmation via automated telephone.

MasterCard: 800-826-2181
Visa: 800-847-2750

You will need the whole card number when you call.

Cheers!

Great Articles bwb!!

Would like to share my opinion,another great way to stay from Fraud Order is to only accept payment from Verified Paypal member only, if you're accepting paypal payment.

By having a monthly recurring subscription fees, rather on a yearly basis. This would save you from paying a expensive charge back from the bank as well.

Thanks, hopefully some more coming :), RG is going to relaunch in Feb and I'm going to be writing full time on it while I travel for a bit.

Crossing my fingers and wait for more articles from you. Do you mind telling what is RG ?

Oh sure, www.resellerguide.com, we haven't had time to update it in about a few months but its still got lots of great stuff.

I would said another great resources, well i had already get 'em bookmarked.

I would said another great resources, well i had already get 'em bookmarked.
Thanks :), should get even better too...

If you are manually checking the orders for fraud this is something you can take into account. If I have noticed something like this where everything else seems ok but the IP is way off I might just send out a quick email and ask them what the reason for the difference is. If it is something believable then I probably approve the order.

Our Credit Card Gateway company does this automatically for us ;)

Our Credit Card Gateway company does this automatically for us ;)

Hey, just curious which gateway are you using ? If you dont mind letting us know :)

Sure! Why not! We use http://www.plimus.com :)

thx for the information. that is very helpful. i just have one quick question. I heard that fraudsters sometimes can change account information so that billing and shipping address match. what do you do in that case for checking fraud?

thx for the information. that is very helpful. i just have one quick question. I heard that fraudsters sometimes can change account information so that billing and shipping address match. what do you do in that case for checking fraud?
Calling them is the best way and checking to make sure the credit card info matches the zip and phone, do you mean they would use the person's address when ordering or their own in an attempt to order actual physical goods instead of web hosting?

thx for the information. that is very helpful. i just have one quick question. I heard that fraudsters sometimes can change account information so that billing and shipping address match. what do you do in that case for checking fraud?


Good question indeed, however for me this is not a problem at all. My web hosting company uses a really good Control Panel, it lets yu read the 'sign up' info that the customer used to sign up with, so that information will stay there even if the person decides to change thier details around at a later date.

For people who don't have a control panel that won't let you do that, you'll have to try the other methods that are listed by other users.

Personally, the following checks I make to combat fraud are:

IP Address:

If the IP address of the customer originates in a different country to the card holder, my system already knows I d not accept this, so the customer would not be able to sign up.

E-mail Addresses:

I accept customers who wish to sign up witha Yahoo!/Hotmail address, but checks would be made, such as customers name must be the same as on the Credit Card they used. Very easy to do. In most cases, when fraud is done, the fraudster does not know the name of the card holder.

Those are the only checks Imake, but in special circumstances, I may do further things.

I actually wonder who really uses master card and visa telephone support to verify orders and customers information? I have just call them and asked wether they provide this service and they say yes, sure. I think this will be very helpful in my future activity, I am starting a new web hosting company these days

Hey,

If we do discover a fraud or feel it is a fraud can we report it? Where can we report it?

Nothing really beats a phone call back to the customer, I like to call the customer repeat the order and if I am suspicious I ask to verify the customers billing information and make sure I make a mistake on giving them the information and see if they catch it, most of the time fraudsters wont give you a valid phone number and they usually never catch a billing error when you read back the information to them.

$.02

I just got a free 1000 checks with MaxMind (http://www.maxmind.com) Fraud protection and so far so good. I am thinking of paying extra for call verifications depending on how well the new system works!

Google the phone number to see if it comes up with a match on the name and check the domain's WHOIS to see if the info there matches. Neither of these methods should be used to determine fraud, but both methods can give you "one more piece of the puzzle" when trying to put together if its a fraud or not.

--Tina

Very good thread, Reading thi shas opened my eyes at what else to look for.

good work

It has happened to me a couple of times when the payment has been made by a friend or relative of the client and therefore the IP and the address did not match. I think it is quite rare for such frauds to happen. However, it is definately better to be cautious.

Very nice article.

If you are processing CC online and immediately, then you don't have time to check the ip, email address, and caps formatting as you've processed a fraud CC already. This is always better to use an automatic call verification such as Telesign. and use a CC fraud checker such as MaxMind. AWBS has already an addon feature, FraudGrabber which has everything MaxMin offers. maching cc address with the client address and ip location etc. Before we use Telesign we used to get several bogus signup each month, since we use it we've never got bogus signup.

im using the anti fraud system in WHMCS, and have never havd trubbble with fraud, but thanks, this was some really good advice!

I'm planning to launch a hosting company and fraud is a big concern for me. good thread :)

very informative article
thanks for share

These are all very good tips. Thank you for sharing. I usually have my fraud protection on in my AWBS setup but I will start manually scanning through all new clients. :)

I hate fraud. :(

very important stuff

Thanks for posting this is good advice for starting up companies.

Nice information, thanks :D

Thanks for the tips, I never thought about the IP thing, that's a great idea and i'll start doing that! :)

Thanks guys. I didn't even consider this before buying my servers. ;)

Thanks for the tutorial. I wouldn't go calling my customers unless I know for sure it won't be interrupting them. Right now I have auto provisioning, and manually checking orders when I have the time.