Results 1 to 11 of 11
  1. #1
    Join Date
    Jul 2011
    Location
    ATL,DFW,PHX,LAX,CHI,NJ
    Posts
    700

    Thumbs up New Service To Help Identify Fraud

    http://www.fraudrecord.com/

    I ran across this the other night in a discussion about how do we has hosting companies deal with fraud when the usual suspects are failing us such as Maxmind, and other fraud detection systems. There's always going to be a hole, and when a fraudster finds it he will go all in on that hole.

    Fraudrecord is a database of hashes created from information hosts submit to them (WHMCS Plugin works great). You get an order you think might be fishy, you go to the fraud record module and ask it to check over a client's details. At no time is the client's information shared, what gets uploaded is a one way hash that can be used to match against others who make the same submission of information. So if your hashes match another's you get a report back with some details.

    I'm probably not explaining it completely, but here's their explanation http://www.fraudrecord.com/how-it-works.php

    The database is only as good as what you submit into it. I'm currently wading through a year's worth of fraud clients being submitted into this database so I hope it helps others as well if they give it a try.

    Even ID'd a current customer who engages in shady spam that I'm now taking a closer look at.


  2. #2
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    So if a client leaves my service or if I have a grudge against someone, I can submit details of them to this and harm their future chances of getting a host without any actual proof?

    Quote Originally Posted by FRCorey View Post
    The database is only as good as what you submit into it.
    Wrong, the database is only as good as everyone submitting to it, not just you. Do you trust all the other companies who use the service enough to refuse potentially decent clients from using your service?

  3. #3
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    I also find it very shady that one of the example results they use is that a client submitting loads of support tickets.

    Why oh why should that make them appear in a fraud list?

  4. #4
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Similar concerns have been raised in the past:
    http://www.webhostingtalk.com/showthread.php?t=1132087

    The short answer is, the system does not prevent any signups. It just displays the companies that reported the client, with the reason. If you choose to believe that particular company, you deny the customer. Otherwise the system doesn't do that automatically.

    And for the "fraud" name, it's just a name. You can report spammers or abusers.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  5. #5
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    Quote Originally Posted by Harzem View Post
    And for the "fraud" name, it's just a name. You can report spammers or abusers.
    Unless you include a fair-usage support policy, there is nothing abusive about submitting 20 support tickets in a week as their example suggests.

    For example, I use Coldfusion and if I signup for a host today and have 5 sites, if I need them to setup stuff on their side for each site (Coldfusion DSN connections, Coldfusion sandboxes etc) I could easily hit 20 tickets within a week, does that mean I am abusing support?

    I just don't agree with the whole thing of attracting any customer possible as most hosts do and then reporting a novice to a fraud list for asking questions. The site is useless unless it gives actual examples, dates, price paid, featues offered etc and it doesn't seem to do any of that.

  6. #6
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    Harzem,

    Just wanted to say I only just realised that you were affiliated with this site, so don't take my comments personally.

    I've just read that other thread and the data protection for the UK would surely apply to this site. People seem to be getting hung up on the hash not containing personal details but the hash is personal details, no matter how you look at it. If it doesn't contain personal details then your site can't function. The hash is basically a code version of those personal details and those details are still being shared.

    Don't get me wrong, I see no problem using this as an extra method on top of other solutions but I also see a lot of major problems with any service of this type, not just yours.

  7. #7
    Join Date
    Jul 2011
    Location
    ATL,DFW,PHX,LAX,CHI,NJ
    Posts
    700
    I don't think so Wullie, you're not sharing customer details, if this site was hacked, you just end up with a bunch of un-reversible encrypted hashes, when you query the db you hash your information and upload the hash to see if there's a match, if there is you get a report about how many times that hash was matched any comments tied to that hash.

    Every time you process a payment you share your clients details, every time a fraud service checks that payment it shares you customer details, your TOS/AUP should already have a provision for that. If this UK law is so tight how can anyone in the UK even process a credit card transaction?

  8. #8
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    There is no silver bullet to preventing fraud, abuse, theft, or other negative activity... but the more services that help companies protect themselves, the better life will be for the clients of those companies. I'm going to wait to see how this company develops but from what I've seen in their source code, I'm pretty impressed.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  9. #9
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    Quote Originally Posted by FRCorey View Post
    I don't think so Wullie, you're not sharing customer details, if this site was hacked, you just end up with a bunch of un-reversible encrypted hashes, when you query the db you hash your information and upload the hash to see if there's a match, if there is you get a report about how many times that hash was matched any comments tied to that hash.

    Every time you process a payment you share your clients details, every time a fraud service checks that payment it shares you customer details, your TOS/AUP should already have a provision for that. If this UK law is so tight how can anyone in the UK even process a credit card transaction?
    It's nothing to do with the site being hacked, it's to do with the sharing of data. When I transmit the customer's data, I am covered by the Data Protection Act. I am not just sending a hash of their details to this server, I am sending something like the following with details of this specific client:

    issue: "This client made a credit card chargeback after 3 months of server use, and made public threats on forums."

    That is sharing details of the account with third parties, no matter how you look at it.

    Sure you may say it's just a hash and can't be reversed to see what I sent, but the next person that submits details about them sees a screen saying exactly who I am and what I submitted about that specific client, don't they?

  10. #10
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Very true Wullie, criminals need more laws to protect them.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  11. #11
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,833
    Quote Originally Posted by ZKuJoe View Post
    Very true Wullie, criminals need more laws to protect them.
    That's unfortunately a side-effect of working with a site like that. I know your comment was tongue in cheek but criminals are unlikely to be using their own details when they signup, so that leaves a lot of potential issues when the unsuspecting user tries to signup for hosting and is refused because a host is using a one sided story in this database.

    Quote Originally Posted by Harzem View Post
    Similar concerns have been raised in the past:
    http://www.webhostingtalk.com/showthread.php?t=1132087
    One part I did notice and just wanted clarification on - you say a host is awarded a reputation score, what is this based on if you can't see the data they are submitting to your database and nobody gets a chance to dispute it?

    I think the biggest problem I see here is the submissions are private so there is no way for anyone to know they have been submitted to it or dispute any information that is incorrect. If all hosting companies using it were decent companies that is fine but we all see daily the hosts here (which are your potential audience) and a lot of them IMO I wouldn't trust with my money, never mind updating a database that could prevent me getting services elsewhere in the future.

Similar Threads

  1. Fraud protection service?
    By ntlntl in forum Ecommerce Hosting & Discussion
    Replies: 14
    Last Post: 04-16-2008, 01:25 PM
  2. How to identify and counter PayPal fraud transactions
    By andy_sg in forum Ecommerce Hosting & Discussion
    Replies: 27
    Last Post: 03-08-2006, 12:16 AM
  3. 2CO Fraud Service Bulletin
    By cnm72 in forum Ecommerce Hosting & Discussion
    Replies: 0
    Last Post: 08-18-2005, 09:45 PM
  4. How to identify the service in one port?
    By minotauro in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-10-2004, 04:41 PM
  5. how do i identify fraud and how do i deal with it and in what time frame ?
    By nanoman in forum Running a Web Hosting Business
    Replies: 6
    Last Post: 10-29-2003, 12:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •