Page 3 of 3 FirstFirst 123
Results 81 to 104 of 104

Thread: Fraud Orders

  1. #81
    Join Date
    Jun 2010
    Location
    Philadelphia, PA
    Posts
    145
    Quote Originally Posted by funkywizard View Post
    One way to screen against this is to ask a post-sales question to the potential customer. "Hey I want to confirm your partitioning" or "I noticed you asked for X ips, we just need to confirm what you need them for", anything like that. Chances are if they used a proxy to sign up, they'll use a different proxy (or none at all) to reply to the email, and you'll get a shiny new ip located halfway around the world from the first ip they used. If you've got a bad feeling about an order but it seems to add up more or less, then this is a good way to disqualify it as fraud.

    Edit: also worth mentioning that fraud orders, even if I ask a specific question like this, or even if I email them only for the purpose of telling them the time the server will be set up, they'll reply back asking when the server will be ready and say nothing else.
    We do something similar but we actually call the customer and talk. We have yet to have any charge backs but we also have now been on a much higher alert then before because of the increase in fraud orders that other companies have been seeing.

  2. #82
    Join Date
    Dec 2011
    Location
    World Wide Web
    Posts
    122
    From last few months i am also seeing an increase in Fraud Orders, but thanks to 2checkout that keep regular checks and prevents situations like charge backs.

    And yes it corrects implementing Security Question or Telephonic Confirmation Service provide by maxmind can help in reducing such incidents
    Last edited by prohosterz; 02-22-2012 at 10:09 PM.

  3. #83
    We're receiving 4+ fraud orders on daily basis. Most of them are canceled by maxmind itself. However, if a client pays us via credit card we ask him for cc scans (no ID),and it works good. However, if a client pays using any other payment method for example paypal and if his account details and email account does not match with payapl account details we require ID's. Most of clients do not bother to give ID's but yeah sometimes we have to lose client.

  4. #84
    Join Date
    Jan 2011
    Posts
    31
    a while back I ordered a server from 100tb.com, pay via paypal. in registration form i submit all my personal info. The next day i received this from 100tb.com
    Dear Future Client,

    Thank you for your order! Unfortunately, we regret to inform you that our 3-tiered fraud prevention system has flagged your order as potentially fraudulent. Please be aware that there may be nothing wrong with your order and we would love for you to be our customer!

    In order to keep our prices as low as possible for you, we perform fraud prevention checks on all orders we receive to help reduce accounts from being created that might have malicious intent, or do not use valid payment types to purchase our services. Being flagged by the fraud prevention system is often the result of an issue that has no relation to fraud, so please don't feel that we are accusing you of doing anything wrong!

    In order for us to process your order, we simply will need you to go through a bit more verification to ensure that your account is not fraudulent.

    To verify that you are the owner of the PayPal account placing this order, please send the 2 items of information listed below by scanning and attaching the documents in a reply to this email, or you can fax the documents to xxx-xxxxxxx.
    I'm a legitimate customer which pay with my own paypal (my info on 100tb and paypal is 100% match). so i scan my id and send it to 100tb. all is ok and i received the server (the server very good probably the best server i've ever rent)..

    but the email kind a offended me and made me decide not to renew the server for the next month and switch to another provider.

    my point is. if 100tb want my ID, just ask politely, dont flagged my order as potentially fraudulent.

  5. #85
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,449
    Quote Originally Posted by giridara View Post

    my point is. if 100tb want my ID, just ask politely, dont flagged my order as potentially fraudulent.
    you are offended WAY too easily. i wouldn't want you as a client if something so simple made you leave.
    simplywww: directadmin and cpanel hosting that will rock your socks
    Need some work done in a datacenter in the NYC area? NYC Remote Hands can do it.

    Follow my "deals" Twitter for hardware specials.. @dougysdeals

  6. #86
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,035
    Quote Originally Posted by giridara View Post
    my point is. if 100tb want my ID, just ask politely, dont flagged my order as potentially fraudulent.
    Its a one way system for all orders and most likely an automated email, How exactly was the email offensive or not polite?

    Do you normally just jump host as quick as me saying 1.2.3?

  7. #87
    Join Date
    Jan 2011
    Posts
    31
    Quote Originally Posted by Dougy View Post
    you are offended WAY too easily. i wouldn't want you as a client if something so simple made you leave.
    I wouldn't want to be your client if you think it is ok to call your client a potential fraud.

    Quote Originally Posted by cd/home View Post
    Its a one way system for all orders and most likely an automated email, How exactly was the email offensive or not polite?
    Do you normally just jump host as quick as me saying 1.2.3?
    this is polite (OVH)

    "Dear Customer,
    We have received your payment related to the order xxxxx received by paypal and we would like to thank you for choosing OVH services.
    For your security, we would like to check the information that you have provided and specially the identity of the billing contact.
    Therefore, we would be grateful if you could send us the following documents as soon as possible in order to validate your order"

    see the different, with OVH I feel like the ID requirement is standard procedure and i'm not being accused of fraud. both 100tb and OVH ask the same thing. its the way they ask that make a different..

  8. #88
    Quote Originally Posted by Dougy View Post
    you are offended WAY too easily. i wouldn't want you as a client if something so simple made you leave.
    There is some percentage of customers who will be offended by a wide variety of things. As a business, you can either blame the customer for this or you can take it as an opportunity to improve your business. For example, we lost one customer because our reverse dns was more or less an advertisement, and even aside from that one customer who left immediately, there were several others who weren't terribly happy. So we changed our welcome email to let the customer know that the reverse dns mentions our company name, and that if they'd like it to be changed they can open a ticket and we'd be happy to do so. We also made our rdns include our company slogan rather than ad copy, which made it a little more palatable as well. The complaints regarding our reverse dns stopped once we made those changes, and I feel the default rdns still serves the same purpose of promoting our company.

    So instead of being angry at this customer for letting you know that they weren't happy and letting you know why, you should be glad that the customer let you know, because it gives you a great opportunity to improve your business. With a very simple change of wording, you can make customers feel good about doing business with you instead of feeling bad. That's a huge win if ever I heard one.
    Phoenix Dedicated Servers -- IOFLOOD.com
    Email: sales [at] ioflood.com
    Skype: iofloodsales
    Backup Storage VPS -- 1TBVPS.com

  9. #89
    Join Date
    Jan 2011
    Posts
    31
    Quote Originally Posted by cd/home View Post
    Do you normally just jump host as quick as me saying 1.2.3?
    if it took you 2 days to say 1.2.3, yes i jump host that quick.

  10. #90
    Join Date
    Feb 2007
    Location
    Tampa, FL
    Posts
    803
    Googleing all of their info they use to order and calling seems to be quite effective at thwarting most attempts. The ID and signed form is a bit off-putting.
    Dave Parish
    (727)755-4033

  11. #91
    Join Date
    Jan 2012
    Location
    Silicon Valley, CA
    Posts
    91
    When we see orders on regular price while "specials" are available, the chance for fraudulent order is high. A typical red flag.

  12. #92
    Join Date
    Jan 2012
    Location
    Silicon Valley, CA
    Posts
    91
    Another order was flagged by our MaxMind yesterday, for an order from Brazil. Asked for copy of ID & Credit Card. Never heard from him afterwards. I guess Maxmind + personal intervention works.

  13. #93
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,132
    Man, I am glad we don't do online ordering. Last time we opened up online ordering the amount of fraud was almost a full time job filtering the crap out. Not worth the headache... and of course just a different business model than the majority of people here.

  14. #94
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,358
    Quote Originally Posted by Spudstr View Post
    Man, I am glad we don't do online ordering. Last time we opened up online ordering the amount of fraud was almost a full time job filtering the crap out. Not worth the headache... and of course just a different business model than the majority of people here.
    You can eliminate 99.9% of that headache with your ordering system. There are things you can do to discourage most scammers and bots from even making it past the first page of your ordering system.

    From there, common sense catches the rest.
    Jeremy Anthony Kinsey ([email protected]) - 262-248-6759
    Budget Dedicated Servers/Colocation HostDrive.Com
    cPanel Hosting/Dedicated Servers HostingLizard.Com
    19 Years in the Hosting Business!

  15. #95
    Quote Originally Posted by rasputin View Post
    You can eliminate 99.9% of that headache with your ordering system. There are things you can do to discourage most scammers and bots from even making it past the first page of your ordering system.

    From there, common sense catches the rest.
    I believe yellowfiber primarily focuses on colo and transit (correct me if I'm wrong). I would expect a very high percentage of legitimate customers to make contact with a provider before ordering those kinds of services, and therefore most orders made on a website would be fraudulent just in general.
    Phoenix Dedicated Servers -- IOFLOOD.com
    Email: sales [at] ioflood.com
    Skype: iofloodsales
    Backup Storage VPS -- 1TBVPS.com

  16. #96
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    I am not a provider, but I thought I would throw in a few ideas.
    I am not sure of how reliable these are, but anyway just my 2 cents .

    • Use TinEye.com to check the ID the potential client sends you. If you find it with TinEye, it's almost certainly fraud.
    • Ask for 2 pairs of ID, like passport and drivers license, and cross check the information.
    • If they are using a domain e-mail, check the DNS or WHOIS information.
    • Check the credit cards BIN number with "BINDatabase.net" and verify the issuing country is the same.


    Hope this can help is some way or spark ideas for other counter measures.
    Last edited by MrEliasen; 02-27-2012 at 06:49 PM. Reason: Made the links "click-able"

  17. #97
    Join Date
    Jan 2012
    Location
    Silicon Valley, CA
    Posts
    91
    For Dedicated Server or VPS, the online ordering system is really important. Eamil order is just too long, and turn away many customers. Glad our Maxmind is working out well for us.. free for 1st 1000 order check monthly.

  18. #98
    Has anyone looked into using Experian? In my professional life my "big" customer is an Experian partner, they use that to cut down on fraud. Experian is pretty darn smart about identity verification.

  19. #99
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,358
    Quote Originally Posted by allquixotic View Post
    Has anyone looked into using Experian? In my professional life my "big" customer is an Experian partner, they use that to cut down on fraud. Experian is pretty darn smart about identity verification.
    In my experience these 3rd party verification systems and companies are a complete waste of money. You can eliminate most fraud by asking the right questions and requiring information at the time of order that most fraudsters just will not have.

    The rest can be qualified with about 5 minutes with google and some common sense.

    Quote Originally Posted by funkywizard View Post
    I believe yellowfiber primarily focuses on colo and transit (correct me if I'm wrong). I would expect a very high percentage of legitimate customers to make contact with a provider before ordering those kinds of services, and therefore most orders made on a website would be fraudulent just in general.
    The point is, you can disqualify most fraud orders before they ever even complete or attempt to complete the order process by asking for a few key items that they will not have or will be unable to produce.

    And you can get just as many fraudulent orders by phone as you can online.
    Jeremy Anthony Kinsey ([email protected]) - 262-248-6759
    Budget Dedicated Servers/Colocation HostDrive.Com
    cPanel Hosting/Dedicated Servers HostingLizard.Com
    19 Years in the Hosting Business!

  20. #100
    Join Date
    Mar 2010
    Location
    Reading, United Kingdom
    Posts
    21
    Quote Originally Posted by boonodoh View Post
    There are also known proxy lists that you can check against to further reduce those that come through proxy.
    A small addendum to this; TOR allows you to query its network for a list of all valid exit nodes to a given IP address. This can be used to effectively counter all TOR related activity, in addition to standard HTTP proxy lists.

    I can post links due to my post count however the python script to generate the lists is available from the TOR abuse page or through a bit of Google-fu.

  21. #101
    I know this is an old thread but i just wanted to give some input to it,

    althought ID, Utilitybill, CC scans sounds like a good thing, i can't seem to also think of the rick a potential customer does just by giving these tings.

    CC + ID and the host if they where not one of the good guys could actuly do alot of harm, since you would have there CC numbers and also there SS number, you could practuly do identity scams with those items on hand, opening bank accounts in others names and such.

    so basicly you need as a customer to but alot of trust into a company you never had buissness with before and only have reviews online as the best reffrence to if they are ligmit.

    sorry for the bad spelling..

  22. #102
    Join Date
    Jan 2003
    Location
    Chicago, IL
    Posts
    6,889
    Quote Originally Posted by DaFrog View Post
    I know this is an old thread but i just wanted to give some input to it,

    althought ID, Utilitybill, CC scans sounds like a good thing, i can't seem to also think of the rick a potential customer does just by giving these tings.

    CC + ID and the host if they where not one of the good guys could actuly do alot of harm, since you would have there CC numbers and also there SS number, you could practuly do identity scams with those items on hand, opening bank accounts in others names and such.

    so basicly you need as a customer to but alot of trust into a company you never had buissness with before and only have reviews online as the best reffrence to if they are ligmit.

    sorry for the bad spelling..
    Where are you getting their social security number? Your social security number won't be on your driver's license, etc. if someone asks for your social security number, go elsewhere.

    As a customer, you're looking at dealing with a host who will have access to all your data, including private keys, passwords, etc. I agree completely, if you don't trust them in the first place, don't do business with them.
    Karl Zimmerman - Steadfast: Managed Dedicated Servers and Premium Colocation
    karl @ steadfast.net - Sales/Support: 312-602-2689
    Cloud Hosting, Managed Dedicated Servers, Chicago Colocation, and New Jersey Colocation
    Now Open in New Jersey! - Contact us for New Jersey colocation or dedicated servers

  23. #103
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,358
    Quote Originally Posted by DaFrog View Post
    I know this is an old thread but i just wanted to give some input to it,

    althought ID, Utilitybill, CC scans sounds like a good thing, i can't seem to also think of the rick a potential customer does just by giving these tings.

    CC + ID and the host if they where not one of the good guys could actuly do alot of harm, since you would have there CC numbers and also there SS number, you could practuly do identity scams with those items on hand, opening bank accounts in others names and such.

    so basicly you need as a customer to but alot of trust into a company you never had buissness with before and only have reviews online as the best reffrence to if they are ligmit.

    sorry for the bad spelling..
    I've not seen anyone here suggest requiring a SS#. That is not something that is to be used for identification.

    A copy of a credit card and a photo ID are.

    I could do more harm to your identity digging through your garbage.

    If you have a concern about a business, it is very easy to determine if they are reputable or not. The first and most obvious is how long have they been in business.

    There are numerous other ways to research and validate a business.
    Jeremy Anthony Kinsey ([email protected]) - 262-248-6759
    Budget Dedicated Servers/Colocation HostDrive.Com
    cPanel Hosting/Dedicated Servers HostingLizard.Com
    19 Years in the Hosting Business!

  24. We would get 4-5 a day, USA is a hot spot but asking for ID usual deters them.

    If you are an honest individual, you should have no issue in sending these details,

    If you are really concerned, you can get this to 'Black' out the account details etc.

    What is important is that the address matches as does the name details etc.

    This works for us.
    Last edited by [email protected]; 05-11-2012 at 06:09 AM.

Page 3 of 3 FirstFirst 123

Similar Threads

  1. Fraud Orders
    By HostingOne-Jeff in forum Running a Web Hosting Business
    Replies: 12
    Last Post: 02-24-2007, 04:01 PM
  2. How many fraud orders?
    By TechnicGeek in forum Running a Web Hosting Business
    Replies: 11
    Last Post: 05-17-2005, 02:01 PM
  3. Fraud Orders all Over
    By EpicServers in forum Running a Web Hosting Business
    Replies: 16
    Last Post: 07-02-2004, 11:29 PM
  4. Fraud Orders
    By tazd9t9 in forum Web Hosting
    Replies: 3
    Last Post: 10-24-2003, 06:53 PM
  5. Replies: 15
    Last Post: 09-21-2003, 05:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •