Fraud prevention - blocking IPs of hosted servers, VPNs etc?
I know some places completely block IPs that are from a dedicated server, VPS of any kind, cloud hosting, VPN, etc, and possibly subject prepaid hotspot connections to further fraud checks. THey hveo therwise completely forced users to only use their real personal or corporate IP address to connect, the one that they had to be approved for a credit account with the ISP for.
How is this done and is it too much of an inconvenience on most users or no? (Specifically - what database are they using, what API service etc)
If you are talking about fraud check at checkout (I think you are), I recommend MaxMind. It will give you a fraud risk score. You can either flag for manual review, have them perform a telephone verification or block the order based on the fraud score.
██ BitronicTech Affordable Hosting and VPS Since 2007. Check out my Blog.
██ 99.99% Uptime Guarantee. 30 Day Money-Back Guarantee. 24/7/365 Support.
██ cPanel/WHM - CloudLinux - Varnish - CloudFlare - Softaculous - Daily Shared Hosting Backups
We also block orders from VPNs/proxy servers by default. It is true that some genuine people use them to protect their privacy but for those people you can always process orders manually which is what we do.
I recommend using Maxmind which has a option (if using WHMCS) to block these orders automatically. It does a decent job but once in a while Maxmind will get it wrong but this tends to be rare so well worth using.
█ Zomex ~ Templates & services for web hosting resellers since 2009!
█ #1 Responsive whmcs templates | WHMCS | Wordpress | HTML5 | Settings area
█ Hire us for responsive whmcs integration - enhance your website using the new "Six" template!
Maxmind - I was considering, it seems costly but perhaps worthwhile. I am wondering if it is a good idea to pay the extra money for a premium check though, and ask the user to enter their bank information?
As for privacy - sure, but if you're submitting a valid credit card number then it isn't as if you haven't just trusted me with something more personally identifiable than an IP address anyways. I don't know of any situation where allowing a proxy to place an order is ever a good situation.