When you recieve a customer, what measures do you take to eliminate fraudulent orders? This post is in reference to swizi's about a malicious user, I noticed in your post swizi that you had a lot of valuable information about that customer, and you were able to determine where he was really from, etc.

I use MaxMind, and a few other steps, but that's about it. It hasn't let me down yet.

What do you other hosts do to minimize fraud?

Just post your routine, etc.

-Sam

Pick up the phone and call the number on the order form. Don't accept orders from hotmail, yahoo, gmail, etc. If the order is from (for example) John Smith in, say, Cincinati Ohio - but the email address is, say, vlad@whatever.ru, consider it fraud. If someone orders your most expensive package and prepays for 2 years, be suspicious...especially if they haven't contacted sales at least twice prior.

--Tina

Definitely. I also like to call customers to verify information. Thats usually helpful. Another good tactic is to check the location of the IP address they registered with.

A combination of IP to location, phone number to location, common sense, and a phone caller to the customer does the trick for us!

get the bank phone number for the credit card from your card processor. Call the bank and verify name, address, and phone number... Call Phone number and verify with card holder... Done

Paypal is a different issue.

What is exactly is the issue with fraudulent customers, chargebacks?

Chargebacks and abuse.

Pick up the phone and call the number on the order form. Don't accept orders from hotmail, yahoo, gmail, etc. If the order is from (for example) John Smith in, say, Cincinati Ohio - but the email address is, say, vlad@whatever.ru, consider it fraud. If someone orders your most expensive package and prepays for 2 years, be suspicious...especially if they haven't contacted sales at least twice prior.
I agree with all of that with exception of the e-mail accounts. Some newbies to the internet and web hosting, my not even know that their ISP offers e-mail accounts, which is why they have a hotmail, gMail, etc. type e-mail account. Just be sure to call the customer (as stated above) and be sure that the information they supply you with matches the information which they used to place the order (normally consists of the Address, E-Mail and last for digits of the credit card number).

Take a look at some of these threads. They should help you out:
http://www.webhostingtalk.com/showthread.php?t=548396&highlight=fraud
http://www.webhostingtalk.com/showthread.php?t=543298&highlight=fraud
http://www.webhostingtalk.com/showthread.php?t=509894&highlight=fraud

I agree with all of that with exception of the e-mail accounts. Some newbies to the internet and web hosting, my not even know that their ISP offers e-mail accounts,

They don't know they have email with their ISP, yet the want to purchase hosting and put a website online?

Trust me, you'll save yourself a heap of headaches if you disallow hotmail, yahoo and gmail. The chance you'll block a legitimate order is slim to none. This is years of experience talking and the fact that since we stopped allowing those our orders haven't suffered and our chargebacks are almost zero, at this point.

--Tina

They don't know they have email with their ISP, yet the want to purchase hosting and put a website online?

Trust me, you'll save yourself a heap of headaches if you disallow hotmail, yahoo and gmail. The chance you'll block a legitimate order is slim to none. This is years of experience talking and the fact that since we stopped allowing those our orders haven't suffered and our chargebacks are almost zero, at this point.

--Tina
I was actually using a metaphor Tina :stickout: - More clearly, what I was trying to say is I know quite a lot of smart, knowledgeble people that are in this industry that still use a gMail/Hotmail account for personal use (now, this doesn't nessecarily mean that is the account they'll use to order hosting if they needed it). However, I do see where you are coming from and I can agree. Most (if not all) fraud "guys" use free types of e-mail accounts.

Tina definetly knows what she's talking about. Perhaps you should listen to her :D.

Tina definetly knows what she's talking about. Perhaps you should listen to her :D.

Oooooh. I need to show that quote to my husband! :D

--Tina

Trust me, you'll save yourself a heap of headaches if you disallow hotmail, yahoo and gmail. The chance you'll block a legitimate order is slim to none. This is years of experience talking and the fact that since we stopped allowing those our orders haven't suffered and our chargebacks are almost zero, at this point.

--Tina

Hmm, we have lots of customers that signup with free email addresses including hotmail/yahoo. Maybe we attract a different client base. But a free email address is not a criteria we use to evaluate if an order is fraudulent.

We usually do two things:
1) Check or ask for a domain registered by the customer, with his contact details. Determine if the domain appears legitimate
2) Call customer up, verify a few basic details over the phone.

We have virtually eliminated any cases of fraud passing by us

I have maybe 1 or 2 clients using a free email address. But when it was something screaming "I'm fraud" - something like ibox100@yahoo.com I would have ended it there (after finding out his phone number was not his).
But I didn't.

I agree with not accepting free email addresses - but not with leaving it at that.

Do you accept orders if they use a proxy?
My answer - no.

Here is a nice guide of what i do :)

http://webhostingtalk.com/showthread.php?t=443306

We use LinkShield through LinkPoint. It has been very helpful and since we have implemented it, it has protected us numerous times. It uses the First Data platform so it can even show us if it the customer has a tendency to do a chargeback, something that we will then scrutinize the transaction a bit more.

The whole blocking certain email accounts will only be beneficial to some hosts and the complete opposite for others. It all depends on your target market and what they tend to do.

Here in SA we have a huge problem with internet access and service with ISP's so it's common for a large group of people to switch ISP's regularly. So these groups tend to use the free email services like yahoo, gmail and hotmail to prevent them from having to go through the hassle of having to tell everyone their new email addresses. In this case I would be shooting myself in the foot if I were to ban people from signing up with free email services.

So think a little about your target group and what habbits the have with regards to their internet and email use. If you target the more technical guys you can't block proxies and other security measures and if you target the normal guy who knows little you probably can block proxies etc.

Yeah, I am still rather new in the field ( < 1 year ) so it would not be profitable at this point to disallow free e-mails.

Just to clarify: a chargeback occurs when a stolen CC is used to place an order, and it is when you must pay the individual back since it wasnt them who bought the hosting?

(That may not always be the case, but im assuming that's usually what happens when people refer to the term.)

I'm also assuming (since I've never had a chargeback occur) that it is an annoying process?

Sure, chargebacks are annoying because you lose on so many levels.

You lose your time setting the client up.
You lose your initial sale charged to the card.
You have to pay a chargeback fee.
So on...

I had a very troublesome client order a dedicated server with us, stayed with us over 16 months, sending support requests everyday, several of them. He finally left for a cheaper host elsewhere and honestly, I was relieved. We lost so much money on this client due to the enormous volume of support requests.

This guy then goes and charges back the last 6 months of his hosting with us. For no apparent reason. Doesn't answer calls or emails. And although I tried to dispute the charge, I lost. Not only did I lose 6 months of revenue, I got dinged for 6 chargeback fee's!

how much is a chargeback fee on average? Im going to make an addition to my TOS that states the customer has to pay for them lol :P

I'm also wondering how much charge backs cost. I'm assuming that charge backs can't be done on online transfer initiated by the user unless substantial evidence is given that I hacked his account and stole it?

I have to start thinking about things like this as I don't accept credit cards yet, but will have to when I start growing big... I hope :)

Should be around $30.

Damn that is quite a bit... I wonder what it will cost here in SA. I am guessing probably more, our banks tend to do more taking than anything else :(

It is not really how much it costs but how many you get. You get too many, and Visa / MasterCard could actually fine you. Your merchant account might be terminated and then you might be MATCH (TMF) list

First is ALWAYS ip check.

You check the ip on the signup, and match it with the country the registrant claims to be. If it does not match, you very probably have a frauder in your hands.

On occasion an american living in uk. or italy might sign up, or an indian temporarily in uk. In such cases checking the email address is a good pointer. If the email is "crazyblackhat***@hotmail.com", or "kickeykiller**@gmail.com" whereas the name reads something like Katie Ho**s, that is another point of suspicion.

These are immediate pointers to fraud, though you should not move on these alone as evidence.

You should employ your routine spam check, whether you use fraudcall or other services, or manually call, or check some fraud database and such.

For us, 2checkout does good work in checking the fraud. If the suspicion issues i told above have risen, we wait for the 2co fraud check. If order passes, fine. If order does not pass, the account, already have not been activated yet, is deleted.

Rarely 2co fraud check cancels out a very sound looking order. There is not much to do at there. If it is still a valid order, you implore your client to replace the order, and it generally passes through the second time. If it doesnt, provide alternative payment methods.

Fraud check is not a 100% success thingy. The aim is to hold fraud percentage in low 1% - 3%.