Page 1 of 5 1234 ... LastLast
Results 1 to 25 of 104

Thread: Fraud Orders

Hybrid View

  1. #1
    Join Date
    Aug 2001
    Location
    Houston, TX
    Posts
    377

    Fraud Orders

    We have recently started seeing a very large inflow of fraudulent orders – wonder if others are also seeing this – perhaps we can all get together and come up with ways to battle this …

    Any suggestions?
    < < E Z Z I . n e t > >
    Best-of-breed Hosting Services
    http://www.ezzi.net | 1-866-GET-EZZI : sales@ezzi.net

  2. #2
    Join Date
    Jun 2011
    Location
    Kansas City
    Posts
    142
    How many are you getting? I usually get maybe 1 a day, nothing out of the ordinary.
    SCOTT CORBIN http://www.zipservers.com/
    Managed Hosting | Virtual Private Servers | Dedicated Servers
    "Award Winning Hosting" TOLL FREE: 1-800-560-3450
    DATA CENTERS : Dallas, Seattle, Washington, D.C., and London, UK.

  3. #3
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,662
    You probably had 1-2 get through and now they are slamming you with more.

  4. #4
    Join Date
    Oct 2009
    Location
    Cleveland, TX.
    Posts
    228
    Quote Originally Posted by RyanD View Post
    You probably had 1-2 get through and now they are slamming you with more.
    What Ryan said. We had this happen last month. Two got through that looked completely legitimate and was processed and activated. After that we got like 10 more within a week, but we caught those. You just have to scrutinize everything about the orders. What alerted us to it was the person used the same secret question and answer for every account they tried to open.

  5. #5
    Join Date
    Apr 2008
    Location
    England
    Posts
    553
    Are they using proxies to make the orders?

  6. #6
    Join Date
    Aug 2004
    Location
    Kauai, Hawaii
    Posts
    3,799
    Quote Originally Posted by ispclub.com View Post
    We have recently started seeing a very large inflow of fraudulent orders – wonder if others are also seeing this – perhaps we can all get together and come up with ways to battle this …

    Any suggestions?
    Ask all customers to sign and return your T&C and provide ID. You'll turn away maybe 1% of legit orders (some people don't like to show ID) but you will also eliminate near 100% of fraudulent orders. Losing 1% of legit customers is worth it IMO, the problems associated with fraud (charge-backs, SPAM, network abuse etc) are costly.

  7. #7
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    Asking for signed terms and service + ID may be a bit extreme, but I suppose it's not a bad method.

    At the minimum, you might want to start voice verifying orders. Most customers shouldn't have a problem with that (in fact, I doubt any will).
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  8. #8
    Join Date
    Jan 2003
    Location
    Chicago, IL
    Posts
    6,957
    Quote Originally Posted by layer0 View Post
    Asking for signed terms and service + ID may be a bit extreme, but I suppose it's not a bad method.

    At the minimum, you might want to start voice verifying orders. Most customers shouldn't have a problem with that (in fact, I doubt any will).
    I agree, and that is what we do. When you call you can even make it just sound like good customer service, saying you're calling to see if they have any questions, clarify anything about the order, etc. and ask them to confirm some data. Then you've made the customer happy that you took the trouble to call them, while you now know it is a legit customer.

    Note: That is of course part of a comprehensive system, not a complete solution by itself.
    Last edited by KarlZimmer; 01-31-2012 at 03:20 AM.
    Karl Zimmerman - Founder & CEO of Steadfast
    VMware Virtual Data Center Platform

    karl @ steadfast.net - Sales/Support: 312-602-2689
    Cloud Hosting, Managed Dedicated Servers, Chicago Colocation, and New Jersey Colocation

  9. #9
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by KarlZimmer View Post
    I agree, and that is what we do. When you call you can even make it just sound like good customer service, saying you're calling to see if they have any questions, clarify anything about the order, etc. and ask them to confirm some data. Then you've made the customer happy that you took the trouble to call them, while you now know it is a legit customer.

    Note: That is of course part of a comprehensive system, not a complete solution by itself.
    Also, might want to check timezones.

    Amazon AWS verification called me (in a completely incomprehensible indian accent) at four in the morning, then five, then six. Six times.


  10. #10
    Quote Originally Posted by quantumphysics View Post
    Also, might want to check timezones.

    Amazon AWS verification called me (in a completely incomprehensible indian accent) at four in the morning, then five, then six. Six times.

    If at all possible you should call at the same time the person placed the order. If it's legitimate, they'll be awake. If it's not legitimate, they won't be.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  11. #11
    Join Date
    Jul 2008
    Location
    Luxembourg
    Posts
    347
    Quote Originally Posted by funkywizard View Post
    If at all possible you should call at the same time the person placed the order. If it's legitimate, they'll be awake. If it's not legitimate, they won't be.
    I feel terribly bad to call someone at 4am if it turns out that it actually wasn't him who did the order and you just killed someone's sleep :-)
    • Dedicated Servers in Europe and Asia: http://www.server.lu
    SINGAPORE and LUXMBOURG Servers with IPMI
    • Peering @ AMS-IX, DE-CIX, LINX, FRANCE-IX, EQUINIX SINGAPORE-PARIS-ASHBURN-CHICAGO-DALLAS-PALO ALTO-LOS ANGELES and LU-CIX •

  12. #12
    Join Date
    Jun 2010
    Location
    Panama
    Posts
    267
    We receive 2 fraud orders a day on creditcards, we wait for 2checkout fraud check but sometimes it pass fraud checks and the next day we receive the charge back so we wait 24 hours on creditcard customers and 98% of them are aware of this problem and they are ok on waiting, paypal customers get activated instantly.
    Offshore Hosting & High Privacy in Panama
    Cloud Servers & Shared Web Hosting | Daily Backups | 99.9% Uptime
    www.OffshoreRacks.com

  13. #13
    Join Date
    Aug 2004
    Location
    Kauai, Hawaii
    Posts
    3,799
    Quote Originally Posted by OffshoreRacks View Post
    We receive 2 fraud orders a day on creditcards, we wait for 2checkout fraud check but sometimes it pass fraud checks and the next day we receive the charge back so we wait 24 hours on creditcard customers and 98% of them are aware of this problem and they are ok on waiting, paypal customers get activated instantly.
    We experienced the following with a PayPal order, which is why we started requiring ID:
    • customer called our office, discussed custom setup for over an hour
    • client paid via paypal high $x,xxx amount for 8x SAS, dual proc, high RAM, RAID, dedicated gigabit server setup
    • customer IP geo location matched phone number area code
    • call back to the client answered promptly
    • custom hardware ordered from our vendor
    • 4 or 5 days later paypal reversed the funds stating that the paypal account had been hijacked/stolen
    • call back to the client's phone number resulted in no answer, found out it was a google voice number
    • found out the client IP was a VPS machine
    • emails to the client started bouncing

    Most fraudsters I would guess don't ever get on the phone with you, but with the availability of google voice / skype, etc phone verification simply isn't enough. It's a pain forcing customers to provide ID etc, but losing a few hundred dollars in sales is better than getting scammed with custom setups (which probably would of been used to send masses of SPAM).

    Whatever you decide to do, just realize that you can't be too careful. You either risk fraud against yourself or risk turning away legitimate clients.

  14. #14
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,645
    Quote Originally Posted by gordonrp View Post
    We experienced the following with a PayPal order, which is why we started requiring ID:
    • customer called our office, discussed custom setup for over an hour
    • client paid via paypal high $x,xxx amount for 8x SAS, dual proc, high RAM, RAID, dedicated gigabit server setup
    • customer IP geo location matched phone number area code
    • call back to the client answered promptly
    • custom hardware ordered from our vendor
    • 4 or 5 days later paypal reversed the funds stating that the paypal account had been hijacked/stolen
    • call back to the client's phone number resulted in no answer, found out it was a google voice number
    • found out the client IP was a VPS machine
    • emails to the client started bouncing

    Most fraudsters I would guess don't ever get on the phone with you, but with the availability of google voice / skype, etc phone verification simply isn't enough. It's a pain forcing customers to provide ID etc, but losing a few hundred dollars in sales is better than getting scammed with custom setups (which probably would of been used to send masses of SPAM).

    Whatever you decide to do, just realize that you can't be too careful. You either risk fraud against yourself or risk turning away legitimate clients.
    was this the HP box you were selling a while back
    AS395558

  15. #15
    Join Date
    Aug 2004
    Location
    Kauai, Hawaii
    Posts
    3,799
    Quote Originally Posted by Dougy View Post
    was this the HP box you were selling a while back
    You must have me confused with someone else :-) I've never had HP. This was a supermicro box from one of the vendors on this forum that we use a lot. Fortunately I managed to rent the server to another client within 30 days or so.

  16. #16
    Quote Originally Posted by gordonrp View Post
    We experienced the following with a PayPal order, which is why we started requiring ID:
    • customer called our office, discussed custom setup for over an hour
    • client paid via paypal high $x,xxx amount for 8x SAS, dual proc, high RAM, RAID, dedicated gigabit server setup
    • customer IP geo location matched phone number area code
    • call back to the client answered promptly
    • custom hardware ordered from our vendor
    • 4 or 5 days later paypal reversed the funds stating that the paypal account had been hijacked/stolen
    • call back to the client's phone number resulted in no answer, found out it was a google voice number
    • found out the client IP was a VPS machine
    • emails to the client started bouncing

    Most fraudsters I would guess don't ever get on the phone with you, but with the availability of google voice / skype, etc phone verification simply isn't enough. It's a pain forcing customers to provide ID etc, but losing a few hundred dollars in sales is better than getting scammed with custom setups (which probably would of been used to send masses of SPAM).

    Whatever you decide to do, just realize that you can't be too careful. You either risk fraud against yourself or risk turning away legitimate clients.
    For a custom server order I can definitely see how that would be a big problem. For your specific case you've given, it wouldn't have been a serious problem if it was hardware you already owned and typically offered to customers. For that matter, you have the same problem when offering even a legitimate customer a custom server as they could stop paying at any time (even if under contract) and then you're stuck with this albatross. It just makes more sense to only offer servers that you have a ready market for if the customer cancels. If they want something that you can't easily rent to someone else later on, they should be colocating. If you have a regular supply of customers who want a server configured like this, no problem. If you don't, it's a problem regardless of fraud or not.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  17. #17
    Join Date
    Nov 2007
    Location
    New Jersey, USA
    Posts
    4,740
    Quote Originally Posted by OffshoreRacks View Post
    We receive 2 fraud orders a day on creditcards, we wait for 2checkout fraud check but sometimes it pass fraud checks and the next day we receive the charge back so we wait 24 hours on creditcard customers and 98% of them are aware of this problem and they are ok on waiting, paypal customers get activated instantly.
    It's funny, with 2checkout, we had an order that was processed and it was not marked as fraud.

    It was fairly large over $1500. We reviewed it, everything looked good and we processed it.

    3 MONTHS later, 2CheckOut shoots us an e-mail saying that the order is fraudulent. I don't know how they can do that after 3 months, but it happens!

    But usually 2-3 orders a week are fraud on our side.

    - Daniel

  18. #18
    Join Date
    Jun 2010
    Location
    Panama
    Posts
    267
    Had this same problem with 2checkout it was only like 85$ 2co said it was good to go, but 2 months later charge-back saying was a fraudulent transaction. Here is the same 2 fraud orders / week

    Quote Originally Posted by TmzHosting View Post
    It's funny, with 2checkout, we had an order that was processed and it was not marked as fraud.

    It was fairly large over $1500. We reviewed it, everything looked good and we processed it.

    3 MONTHS later, 2CheckOut shoots us an e-mail saying that the order is fraudulent. I don't know how they can do that after 3 months, but it happens!

    But usually 2-3 orders a week are fraud on our side.

    - Daniel
    Offshore Hosting & High Privacy in Panama
    Cloud Servers & Shared Web Hosting | Daily Backups | 99.9% Uptime
    www.OffshoreRacks.com

  19. #19
    Join Date
    Jul 2008
    Location
    New Zealand
    Posts
    1,225
    Quote Originally Posted by OffshoreRacks View Post
    Had this same problem with 2checkout it was only like 85$ 2co said it was good to go, but 2 months later charge-back saying was a fraudulent transaction. Here is the same 2 fraud orders / week
    This REALLY annoys me. Happens to our large orders as well and there's nothing you can do about it.

    It seems people have found a way to easily pass 2co's fraud checking.

    At least with PayPal you find out within a week or two.

  20. #20
    Quote Originally Posted by bhavicp View Post
    This REALLY annoys me. Happens to our large orders as well and there's nothing you can do about it.

    It seems people have found a way to easily pass 2co's fraud checking.

    At least with PayPal you find out within a week or two.
    With paypal I usually don't find out until about 2 months in. Someone uses the card without a paypal account (unregistered) or creates a new account for this purpose, and then they get two payments through before the victim realizes their card has been stolen and issues a charge back. We're usually about to suspend the customer for nonpayment on their third month when we get the chargeback notice from paypal.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  21. #21
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by TmzHosting View Post
    It's funny, with 2checkout, we had an order that was processed and it was not marked as fraud.

    It was fairly large over $1500. We reviewed it, everything looked good and we processed it.

    3 MONTHS later, 2CheckOut shoots us an e-mail saying that the order is fraudulent. I don't know how they can do that after 3 months, but it happens!

    But usually 2-3 orders a week are fraud on our side.

    - Daniel
    Asking for a photo ID would have stopped that one in its tracks
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  22. #22
    Join Date
    Nov 2007
    Location
    New Jersey, USA
    Posts
    4,740
    Quote Originally Posted by rasputin View Post
    Asking for a photo ID would have stopped that one in its tracks
    We would only ask for a photo ID if there was something suspicious on our side. But all records matched, so we approved it.

    Now everything that is over $500 requires a photo ID.

    - Daniel

  23. #23
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by TmzHosting View Post
    We would only ask for a photo ID if there was something suspicious on our side. But all records matched, so we approved it.

    Now everything that is over $500 requires a photo ID.

    - Daniel
    There's always something suspicious.

    We just had some numbnuts sign up for a server, pay with paypal then complain when we asked for further identification. He listed his address as an Airport. Paypal seems to indicate otherwise.

    Every order is suspicious. Especially when a CC can be disputed 6 months later. It pays to get the extra insurance! The only people that have a problem with it are the ones who are going to screw you.
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  24. #24
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,615
    I've seen plenty of fake ID's and CC's submitted (ane they look VERY legitimate). To the point where we no longer accept faxed or otherwise low resolution scans and it's STILL hard to tell at times.
    Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  25. #25
    Join Date
    Apr 2001
    Posts
    1,045
    Quote Originally Posted by FastServ View Post
    I've seen plenty of fake ID's and CC's submitted (ane they look VERY legitimate). To the point where we no longer accept faxed or otherwise low resolution scans and it's STILL hard to tell at times.
    Exactly what I was going to say as we see the same thing.

    The one thing we have noticed is they do not like to sign our CC authorization form. You'll hear that they dont have a scanner or a printer(but they happened to have their ID and CC scanned already, the highres ones) and to cancel the order.
    » ReliableServers.com
    » Dedicated Servers | Colocation | VPS
    » 973-849-0535

Page 1 of 5 1234 ... LastLast

Similar Threads

  1. Fraud Orders
    By HostingOne-Jeff in forum Running a Web Hosting Business
    Replies: 12
    Last Post: 02-24-2007, 04:01 PM
  2. How many fraud orders?
    By TechnicGeek in forum Running a Web Hosting Business
    Replies: 11
    Last Post: 05-17-2005, 02:01 PM
  3. Fraud Orders all Over
    By EpicServers in forum Running a Web Hosting Business
    Replies: 16
    Last Post: 07-02-2004, 11:29 PM
  4. Fraud Orders
    By tazd9t9 in forum Web Hosting
    Replies: 3
    Last Post: 10-24-2003, 06:53 PM
  5. Replies: 15
    Last Post: 09-21-2003, 05:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •