I've noticed some hosts that asks for extra credit card verifications, such as a scan of both the front and back of their credit cards.

I know this probably turns away many potential clients. Why would potential clients choose to do something that requires more time and can be such a hassle (especially those without scanners) -- when they can easily go to the next host that doesn't require such?

What's the trade-off? Is it really worth it to ask for more verification beyond the credit card#, avs, and card security#?

Extra credit card verification = Less business?

No! :)

Extra credit card verification = more business for the select few hosts who do this sort of extra verification.

I would imagine the Web hosting companies who do this have worked out that they can deal with orders more efficiently and gain more new sales in the time that it would take to deal with all the fraud orders they would receive if they weren't performing these extra checks.

At the very least, they may not make more money but they will be providing a better service to their clients due to the lack of time spent on dealing with fraud. Still, that means they make more profit per hour when you take out the hours of dealing with fraud that would be present without this extra verification.

Hosts who do this do it for a reason, and that reason will almost always be because in the end, they may not have more customers, but they make more profit per customer or per hour of work. :)

Extra credit card verification = Less business?

No! :)

Extra credit card verification = more business for the select few hosts who do this sort of extra verification.

I would imagine the Web hosting companies who do this have worked out that they can deal with orders more efficiently and gain more new sales in the time that it would take to deal with all the fraud orders they would receive if they weren't performing these extra checks.

At the very least, they may not make more money but they will be providing a better service to their clients due to the lack of time spent on dealing with fraud. Still, that means they make more profit per hour when you take out the hours of dealing with fraud that would be present without this extra verification.

Hosts who do this do it for a reason, and that reason will almost always be because in the end, they may not have more customers, but they make more profit per customer or per hour of work. :)

I have to agree, we recently turned down a customer due to failure to comply with our fraud checks. It's not worth the time or money to later end up with a chargeback and a dispute over fraud.

If you loose clients though card verifications, isnt that a bad thing because if they don't comply, then they might be using someones elses CC and be commiting fraud. The last thing you want is to be responsible for that.

thanks
tomsanders

Consider this example. Both Clothing Store (A) and Clothing store (B) sells clothes on the Internet. Both have similar items and prices. Store (A) requires a submission of a scan of the both sides of the credit card. Store (B) doesn't.

I really think 9 out of 10 customers would choose Store (B) simply because it's less of a hassle. The same can be applied to most other online businesses.

But, Web Hosting probably has a lot more incidents of fraud then online shops that sell tangible items. However, I have a hard time believing that in the long run it's worth it (more profitable).

Anyone been on both sides (i.e. tried both normal verification Vs. extra verification)? I'm thinking that AVS check and the Area Code check to make sure it matches the city + IP stamp of country/state/city of order would beat out the requirement of an image of both sides of the credit card in the long run.

Consider this example. Both Clothing Store (A) and Clothing store (B) sells clothes on the Internet. Both have similar items and prices. Store (A) requires a submission of a scan of the both sides of the credit card. Store (B) doesn't.

I really think 9 out of 10 customers would choose Store (B) simply because it's less of a hassle. The same can be applied to most other online businesses.

But, Web Hosting probably has a lot more incidents of fraud then online shops that sell tangible items. However, I have a hard time believing that in the long run it's worth it (more profitable).

Anyone been on both sides (i.e. tried both normal verification Vs. extra verification)? I'm thinking that AVS check and the Area Code check to make sure it matches the city + IP stamp of country/state/city of order would beat out the requirement of an image of both sides of the credit card in the long run.

Take this for example: Ever been to a store, and use a credit card when the cashier requests to see photo ID? This is verification that you are the owner of the credit card. There is no difference except it's online.

For your example, Store B will be dealing with much more fraud then Store A and may result in possible lousy customer service and long shipping times, while Store A takes 5-10 min out of your time to scan your credit card to do the proper fraud verification, however you receive your item much faster and have a lot better support than Store B.

I can think of many companies (will not post them in public) that I have dealt with in the past which require scanned photo ID verification before they hand over the product. A business will simply go bankrupt if every day they are dealing with disputes and chargebacks.

For the last thing, we used to do simple fraud verification ourself (match IP with state/country, phone with state/country, etc) however this was too easy to get by with proxies being all over the world now days. Also for an example, I live in Oregon while my IP (comcast) shows New Jersey, so simple fraud verification/IP matching is not always valid meaning you could loose possible orders that are suspected to be fraud while they are indeed valid. We also used to do phone call verification which was too easy to get by, the user would enter their real phone number (as charging a CC does not require a valid phone#) and when we call, they accept the charges; 1 month down the road the real card holder does a chargeback and we are out of the money + chargeback fee.

If you loose clients though card verifications, isnt that a bad thing because if they don't comply, then they might be using someones elses CC and be commiting fraud. The last thing you want is to be responsible for that.

thanks
tomsanders

Maybe I read it wrong or you misunderstood. The question was would hosting companies loose clients because the client refused to do a fraud check (ie: scan photo ID and/or credit card).

Take this for example: Ever been to a store, and use a credit card when the cashier requests to see photo ID? This is verification that you are the owner of the credit card. There is no difference except it's online.

For your example, Store B will be dealing with much more fraud then Store A and may result in possible lousy customer service and long shipping times, while Store A takes 5-10 min out of your time to scan your credit card to do the proper fraud verification, however you receive your item much faster and have a lot better support than Store B.

I can think of many companies (will not post them in public) that I have dealt with in the past which require scanned photo ID verification before they hand over the product. A business will simply go bankrupt if every day they are dealing with disputes and chargebacks.

For the last thing, we used to do simple fraud verification ourself (match IP with state/country, phone with state/country, etc) however this was too easy to get by with proxies being all over the world now days. Also for an example, I live in Oregon while my IP (comcast) shows New Jersey, so simple fraud verification/IP matching is not always valid meaning you could loose possible orders that are suspected to be fraud while they are indeed valid. We also used to do phone call verification which was too easy to get by, the user would enter their real phone number (as charging a CC does not require a valid phone#) and when we call, they accept the charges; 1 month down the road the real card holder does a chargeback and we are out of the money + chargeback fee.


Except that the mindset of a person shopping at your local Walmart is not the same as a person shopping at Joe's Online Shoe Store. People who shop online want things fast and don't want to take additional steps in verification unless there's some kind of added value, or the product is very very unique or a lot cheaper than its competitors.

Except that the mindset of a person shopping at your local Walmart is not the same as a person shopping at Joe's Online Shoe Store. People who shop online want things fast and don't want to take additional steps in verification unless there's some kind of added value, or the product is very very unique or a lot cheaper than its competitors.

Added value = better customer service

Although this is not the case sometimes, it is most likely the case 9 times out of 10. Would you rather the company be dealing with unwanted disputes or charge backs or answering your important tickets/emails?

If you sell $2/mo plans then who cares. If you sell $2,000/mo plans then you should probably do some checking.

If you sell $2/mo plans then who cares. If you sell $2,000/mo plans then you should probably do some checking.

What do you mean "Who cares", if its fraudulent you could still end up with a charge back & a hefty fee depending on your merchant provider.

If you sell $2/mo plans then who cares. If you sell $2,000/mo plans then you should probably do some checking.

No.

You should check either way. Believe it or not, I have had way more fraud on $5 shared accounts than on $129. dedicated servers. The time you have to invest to deal with fraudulent accounts is wasted time that could be spent improving other parts of your business.

Added value = better customer service

Although this is not the case sometimes, it is most likely the case 9 times out of 10. Would you rather the company be dealing with unwanted disputes or charge backs or answering your important tickets/emails?



I'm not disputing that those who do extra cc verification offer better service. That's not what I'm talking about. I am saying that they are losing valid clients to their competition that doesn't offer overly-strict cc verification.

Most prefer a simple Amazon.com, drugstore.com, walmart.com way of purchasing, and not the additional steps.

"VPSByte (http://www.webhostingtalk.com/member.php?u=131728)"

Well it was late when i wrote that, what im trying to say they might loose the little kids that signup for webhosting, they still keep the adult clients.

thanks
tomsanders

We do manual fraud checking on all our signups. (ie: We phone and confirm the order, etc.)

For any order greater then about $150 or so, we require the customer to send us the front/back of their CC and a photo ID. The order is cancelled within 7 days if we don't receive this.

We've never had a legitimate customer complain about this policy.

:)

I think that if you're running a low-cost budget cheapo hosting company, then you would lose a lot of sales to require a copy of the customer's credit card.

But if you are running a higher quality "premium" hosting company (like we are doing), then your customers will pretty much expect this kind of thing anyway.

Hope that helps.

Thats a good idea to do,

What do you mean "Who cares", if its fraudulent you could still end up with a charge back & a hefty fee depending on your merchant provider.

So in your opinion having to give back $25 is no different than having to give back $2,000?

No.

You should check either way. Believe it or not, I have had way more fraud on $5 shared accounts than on $129. dedicated servers. The time you have to invest to deal with fraudulent accounts is wasted time that could be spent improving other parts of your business.

If you choose to cater to the babysitting crowd and make up the difference by overselling large volumes then you're just going to have to deal with fraud either way. I'd bet more than half of the people who purchase such accounts do so through PayPal anyway, and their fraud screening is an absolute joke.

So in your opinion having to give back $25 is no different than having to give back $2,000?

Yes, there is a difference, but a $25 account could end up in a chargeback fee (in our case, a chargeback would cost us $75) so there is a $75 loss right there for not doing the proper verification. Either way, you loose out. I do not agree with skipping verification on $2-$20 accounts because if it's fraud, you're stealing the true card holders money.

If the client is really legit, he/she should not have a problem giving the information requested by the company.

Yes, there is a difference, but a $25 account could end up in a chargeback fee (in our case, a chargeback would cost us $75) so there is a $75 loss right there for not doing the proper verification. Either way, you loose out. I do not agree with skipping verification on $2-$20 accounts because if it's fraud, you're stealing the true card holders money.

If the client is really legit, he/she should not have a problem giving the information requested by the company.

Actually, the $25 figure was the chargeback fee. If your provider charges you $75 then you're getting screwed from more than one direction.

I've personally been the victim of tens of thousands of dollars worth of fraudulent charges (by offshore hosting companies no less), and I can tell you from experience that the true cardholder will get all of his or her money back the second they make a phone call.

For the main question does it loose business, sure it does. If Joe Bob doesn't want to give that information, he wont be your customer -- plain and simple. Should you be upset? Probably not. Those that understand your checks are for their and your benefit will be customers you'll want to keep forever. I would rather have 1 customer that will accept all my verification policies without complaint then 5 that will. In the end, you're filtering out the "bad apples" and that protects you and them from service issues and such.

Going off topic now, I can understand the front of the credit card and a photo ID, however, why the back? Scanning the back of the card gets you the CVV and if you save that one way or another you're breaking card association rules -- last I read anyhow -- and maybe fraud laws...? Heck, American Express having it's CVV on the front is probably the same way.

I can understand wanting to confirm that that person has the card in hand and that's fine for the front, but I wouldn't give the back no matter what. Yes, I do realize a cashier at a store can remember the card details and the CVV, but hopefully wouldn't know my address and hopefully AVS would be used at places they try.

I'm a little surprised that AVS is an option. I personally think it should be required and decline automatically if the card supports it and the details do not match up.

If you loose clients though card verifications, isnt that a bad thing because if they don't comply, then they might be using someones elses CC and be commiting fraud. The last thing you want is to be responsible for that.

What rubbish. What if the client, such as myself, doesn't have a scanner? They cannot use that service, even though they own the credit card they're using.

What rubbish. What if the client, such as myself, doesn't have a scanner? They cannot use that service, even though they own the credit card they're using.

What if someone stole your credit card and the company did not request such information from the person who stole it. Would you think it's alright for the company to accept your credit card and charge it without proper validation?

What if someone stole your credit card and the company did not request such information from the person who stole it. Would you think it's alright for the company to accept your credit card and charge it without proper validation?

Well, because I'd know if someone stole my credit card they wouldn't have chance to use it because it would already be cancelled.

Well, because I'd know if someone stole my credit card they wouldn't have chance to use it because it would already be cancelled.

There are many other ways than actually having someone physically steal the credit card.

IE: You submit your credit card online and a virus or such (just an example) picks it up. You would not have known this until your next statement in which there would be extra charges on.

Wouldn't you want the company they used your credit card (online purchases in this example) to do proper card verification? I sure would!

There are pros and cons.

Indeed, pros and cons,

tomsanders

If you don't have a scanner, you can always go to use a friend's or to a place like a printing store. They almost always have scanners/faxes.

We require id verification for all of our first time dedicated orders, no exceptions. We have had people complain and usually just comply anyway. I think it's very foolish not to require this. The business you *may* lose will be far less than the type of customer you will gain by this; usually a more serious one and one that will stay for a long period of time.

We have not had a fraudulent order after implimenting this at all. And I sure don't miss them.

If you don't have a scanner, you can always go to use a friend's or to a place like a printing store. They almost always have scanners/faxes.

We require id verification for all of our first time dedicated orders, no exceptions. We have had people complain and usually just comply anyway. I think it's very foolish not to require this. The business you *may* lose will be far less than the type of customer you will gain by this; usually a more serious one and one that will stay for a long period of time.

We have not had a fraudulent order after implimenting this at all. And I sure don't miss them.

I completely agree, and same here -- we have yet to have one fraudulent order since we starting doing this last year.

We're picky about who we accept orders from. I'm sure we lose a small percentage of valid customers, but we keep out a huge percentage of fraudulent customers. ;)

--Tina

If you are asking all of your customers for ID and scans, depending on who you are selling to, you may loose customers. I expect for things like dedicated servers to be asked for ID, while for shared/reseller hosting I generally don't. I know myself I’ve been influenced in the past and avoided providers who want to request a copy of my ID for a $10 transaction.

There are plenty of other things you can do rather than ask for extra ID up front - services such as Maxmind, FraudGuardian, Varilogix Fraudcall etc... all offer good automated fraud-checking services that don't really cause any problem for customers. And if there is ever uncertainty over an order, then you can follow-up and ask for more information and verification.

You need to find a balance between protecting yourself and not inconveniencing your customers. Using automated systems that run in the background and then following up with requests for additional ID if there is a problem has served me well so far – not a single chargeback.

And there’s nothing wrong with your gut feeling either – if an order doesn’t “feel” right, don’t accept it.

You can never have too much fraud checking.

But,

You'll want to try and strike a balance based on what a typical target client is going to be willing to deal with before they decide to look elsewhere. As Alasdair said, you should try and exhaust every sort of backend and automated check before asking the customer to start jumping through hoops beyond your typical sign up form.

Remember that the beauty of commerce on the web is how easy it is for people to order something of any size and value in under 5 minutes. Based on your product/service and your target audience, there's going to be a point at which any more effort required of the client is going to start losing you even legit business in the long run. The trick is to know where that is.

Personally, I wouldn't require a full scan of the card unless I had exhausted every other fraud check and still wasn't sure if they were for real or not. If there is any question at all, by all means, get everything you can from them.

We do manual fraud checking on all our signups. (ie: We phone and confirm the order, etc.)

For any order greater then about $150 or so, we require the customer to send us the front/back of their CC and a photo ID. The order is cancelled within 7 days if we don't receive this.

We've never had a legitimate customer complain about this policy.

:)
Well, I am a 'legitimate customer' for a number of companies, and I would either complain or go elsewhere.

Don't you realize that you may get a cold shoulder rather than a complaint?



I think that if you're running a low-cost budget cheapo hosting company, then you would lose a lot of sales to require a copy of the customer's credit card.

But if you are running a higher quality "premium" hosting company (like we are doing), then your customers will pretty much expect this kind of thing anyway.

Hope that helps.
Then I guess Softlayer and PowerVPS are " .. running a low-cost budget cheapo hosting company .." :rolleyes:

While I understand and agree that any company has the right to set their own policies .. why do some apparently feel compelled to talk down about another who does business a different way?

An afterthought: After asking a potential customer to jump through all those hoops, would you comply with his request for a copy of your business license?

We do manual fraud checking on all our signups. (ie: We phone and confirm the order, etc.)

For any order greater then about $150 or so, we require the customer to send us the front/back of their CC and a photo ID. The order is cancelled within 7 days if we don't receive this.

We've never had a legitimate customer complain about this policy.

:)

I think that if you're running a low-cost budget cheapo hosting company, then you would lose a lot of sales to require a copy of the customer's credit card.

But if you are running a higher quality "premium" hosting company (like we are doing), then your customers will pretty much expect this kind of thing anyway.

Hope that helps.

that seems reasonable! but... 2 credit cards? i dont even own one credit card... (just my bank card that works as a master card.......)

how many people would you loose that are legit that only own one card and cannot verify a second card when it doesnt exist?

even if thats one happy/loyal customer that you loose because of this method. that is 1 to many to loose!

id gladly go have a fax of my cc/id done to have it verified. but 2 cc is impossible for some! and thats wrong to "assume" any "real" customer. will have at least 2.....

IMHO, If a service company required me to scan the front and or back of my CC, I'd cancel the sign-up and look elsewhere. Just not worth my time. I wouldn't bother complaining about it.