Hello All,

Well I am not sure about you all but GH1 has gotten more fraudulent hosting orders in the past two months than we have in the last year. Just today we got two. One from Indonesia and one from Israeli.

The one that came from Indonesia had the card holders right name phone number and address. We are now calling every customer that places an order and have stopped accepting any over seas hosting.

Most of the fraudulent hosting orders want to buy a years hosting. The main thing these people are after are domain names. They hope that you will use Networksolutions to get the domain name so they can move the domain when you get the charge back and take it to a new host that will let them run for a month or so.

I tracked one hacker down and found 8 domains they had gotten. I am not sure what they are doing with all of the domains. The 8 I found this one kid in Indonesia has all had the Networksolutions banner up and he was using the email accounts to order more domains and hosting. The one account he had that had a web page up he had a photo of him on it.

Any way please join me in making sure you follow up on all stolen cards. Don't just not open up the account. Call the card company and call the owners of the cards!

Regards,
Dale Crow
GH1.com

It is truely sad. Credit card theft really angers me. I hope that all parties involved in such theft, get caught. You should report these stolen credit card numbers to the FBI.

FBI don't care, and the CC companies could give a hoot. :bawling:

Only way to avoid these sign ups is to screen all orders.

I wonder if anyone has started charging a account setup again because all of this. :stickout

Alot of host's have discontinued yearly hosting.I think the best thing is if someone wants yearly hosting they need to send the host a "check" or "money order" and make the person wait till the check or money order clears before they get there account.:o

I admit that I am a small hosting company, and new to this.
But just the sheer number of bad accounts is cutting into the thin profit margin.

I get no where with the credit card companies.

I had one customer post for a 1000/year account.

Just an unheard amount of badwidth, and sql.

First thing I did was call the card company and they said that the card was on hold for being stolen. They did not care about wanting me to track down IP address and helping them out.

Oh well....
host and learn...

We are getting a high number of these also. What we are doing is tracking the IP addresses, contacting the providers and letting them know what is going on. One person that was really interested in all of this (and I have not figured out why yet) was the Secret Service. They have been in contact with us when we started reporting these and are helping us out at this point.

We have already sucessfully tracked 2 people that were doing it, and it continues to get better every day. I guess people do not believe that we take the actions necessary when they submit a fraud order. Not much can be done, but we do all that we can.

The secret service was set up to find counterfeit money. Maybe that is why they are interested so much.

Well I had a friend who was a victim of Idenity theft and this guy charged up close to 50,000 on various credit cards under his name. He found out once the companies realized they weren't recieving payments and they did some investigation and harrassed him for month's . They actually found out who this guy was and the local police wouldn't touch it , FBI did nothing etc , the credit card compainies just wrote it off and the guy got off scott free without any punishment :mad:

It should be crystal clear these CC company's don't care as they write it off as a loss and go on .

That's a downer that is.Blame tony blair and that bush guy for this.
The little tramps, that's all they are you know.

No kidding... 7 this week.

We use Paysystems.com [aka Revecom] and although we get fraudulant orders, they are never cleared. They do all this fraud screening etc and sometimes even ring the cc owner to confirm. Heh - they earn their 10% IMO. :)

Fraud orders are truly at an all-time high. Its really quite sad to encounter such problems, especially when you are doing a legitimate business. :(

I've heard of the FBI's internet fraud complain center over at http://www1.ifccfbi.gov/index.asp but has anybody used it before?

All I do is report them to the IFCC, they will work on the case right away. Credit card theft mostly comes from people from other countries, so I am really careful when I accept a credit card from someone in a different country. A good thing to do is ask for the three digit code on back of their card as most of the dam # generators don't generate that #.
If I'm almost correct Visa and MasterCard have a # you can call to verify the correct information on the card... We might start doing that once we find that # out. If anyone knows the number for that let us know, it sure will help most of us out.

Sincerely,
Victor Garcia

Yes, I always use IFCC. They will get a detective in your city to call you up and gather information from you so that they can begin working on the case. I have used them at the most 4 times.

Even though everyone speaking in here are doing legitimate serious business, there is not much we can do, but defend ourselves all by ourselves agains that.

Seriously, how do you expect to catch them? Really, they are using a credit card over the Internet, the big anonymous network. All you really know about them is their IP, and the time you received order. What do you expect to do with that information? Believe ISPs will log everything and tell you who did the order with the stolen credit card? Sure they promise they will, but most of them will not store logs, it's just to much job for them. IPs are not tracable.

We are processing all orders by hand now. We are not opening accounts before the credit card is verified from the bank. Sometime it will go fine for the first month, then return 'stolen' the second month. When we got such a reply from the bank, we simply shut down the account immediately, banned for life (until he returns with a different credit card, different name, etc).

We found that most of those ordering with a stolen credit card will build a warez or other abusing type accounts that we are not telerating (usually it bursts the quotas within a few days). Those using stolen credit cards are not running a legitimate business, but they are abusing our own legitimate businesses. They are causing trouble to us from the first day until we find them.

Of course we could call everyones.... at what price? Of course we could deny orders from the other side of the oceans... at what price?

Here in Canada the air and ground mail went crazy since tragic September 11th events. We tried it ourselves: takes 2 weeks for a distance of about 6 hours by car. We can't ask everyone to send a check, it would ruin the business.

I believe the only way to go is to find a suitable method of detecting fraud and protect ourserlves agains it. We are receiving several legitimate orders a week, and a few fraudulent ones. We are not going to make the legitimate businesses pay for that, they already have their bunch of fraud and abuse. All we really can do about it is accept the frauds and substract them from our profit margin. It's innaceptable, but it's either choice: accept the lost or do no business at all.

Most of the time a stolen card will have American billing info, sometimes some other country. If the IP of the signup doesnt match the billing country for that card, most likely it is definitly stolen.

We get them all the time, but they rarely get thru. Most everything is automated, but ones where certain things dont match (like listed above) require moderated approval. We wouldnt be able to moderate all signups, I'd give up if we had to do that...

If a credit card is stolen, the thief won't know the card holder's address... and so the best way is to require all new signups to enter their address as they have it with their credit card company, then a check is done against to two addresses, if they don't match then be suspicious.

Alan

Originally posted by ho247
If a credit card is stolen, the thief won't know the card holder's address... and so the best way is to require all new signups to enter their address as they have it with their credit card company, then a check is done against to two addresses, if they don't match then be suspicious.

Alan

Unless of course, the thief is the merchant. I had an experience where the web host was the one who stole my credit card details including my address and made illegal purchases.

Originally posted by eddy2099


Unless of course, the thief is the merchant. I had an experience where the web host was the one who stole my credit card details including my address and made illegal purchases. True... but you can't guard against everything. There's no such thing as 100% fraud protection as there's always going to be someone who finds a new ways to submit fradulent orders... just like firewalls and hacking... there isn't a way to protect against it 100%.

Alan

no but we can sure continue to try ;)

I think the worst part about it is the fact that we not only have to do a chargeback, but if we run too many we are usually penalized by our bank co.

Loose-Loose situation