How are some hosts automatically creating accounts for users when they register? I imagine their payment processor calls a script which creates the logins, sets the passwords, and applies everything else. Is this on target?
Just as a note that if you do use auto signup features that you are leaving yourself open to many (and I do mean many) fraudulent orders which will eventually cost you in charge backs and you may loose your payment gateaway.
Just make sure you consider this before weighing the "my it's so easy to use" factor.
Everyone saying that auto account creation opens yourself up to fraud is 100% percent correct!
I am with VPS Center, and man, let me tell you, when we used to have auto-signups, 70-80% percent of orders _were_ fake!
But even if the credit card order goes through your processor and the approval code comes back as a "Y" (meaning address match and zip matches), don't be fooled, that could still be a fraudulent order. In fact, even though we don't allow auto-signups anymore, still most of our orders are fake. There's _never_ a time when we don't call the card issuing bank _and_ cardholder personally to find out if they really made the charge. Most of the time, the cardholder's response is: "No, someone must have got my credit card number because a lot of weird charges started appearing on my latest statement, I'm glad you called to verify -- I wish all of them did that."
It's amazing how fast CC #'s are traded fraudulently around the internet. And I'm surprised at all the companies that still have the guts to just accept all orders. They are just shooting themselves in the foot. I don't know how they stay in business considering a chargeback will cost them $15-$30 bucks, and since over 50% percent of orders are fake, the chargeback fee will eat the remaining revenue.
It's not just fraud orders that are a problem, it is like leaving the door open to your servers for spammers as well. Spammers could sign up, get an instant account and have sent thousands of emails out causing you countless headaches by the time you get them suspended.
Just set it to create the account when the details are recieved, but not to activate the account.
Scripts like WHAP are excellent tools, but like anything, they will hinder you greatly if you do not use them properly. On the other hand, they will greatly streamline the application process when used properly.
I have a question. I’m using WHM Autopilot right now, and as suggested above, the accounts aren’t automatically activated. I screen them first.
However, I was wondering if it is possible to somehow integrate that “Max Mind” fraud detection service into your WHM Autopilot so that when people when to sign up, all of their information would be checked out, and if there were any red flags, instead of creating the account, it would move to the “pending activation” section. Then you could further screen it, possibly calling up the potential client or whatever other method you deem worthy.
It would be nice if WHM Autopilot did have the ability to screen info automatically. It could work like Spam assissin where it generates a numeric value of fraud possibility, and everything over that value went on "hold" for verification.
Also, Greg, 50% fraud? That is amazing. Your site must be listed on a Fraudsters BBoard someone as a good target.
Its funny though, because I have seen about 50 people on these forums say they call every client before they open the account, but they never called me when I was their client!
"Beer is proof that God loves us and wants us to be happy" -- Ben Franklin Twice Tied Laces
ModernBill has pretty good anti-fraud system called www.fraudguardian.com
It is really the only choice for anyone who is serious about their business. WHMAP limits you to cpanel only, what about customers wanting different panels? You just don't offer it because your billing system does not allow you? That's funny.
If you are interested in instant account setup I would recommend using Authorize.net as the fraud rate would be much higher with any other merchant provider. PayPal is also pretty good on fraud other then the fact they can simply charge back anything they like as its non-tanagble.
Yeah but I've heard another person state that they merged their MaxMind account with their WHM Autopilot and had the accounts run through Max Mind before they were created.
Liquidfire is saying he has that setup as well, and that'd be the perfect solution for me right now.
I don't need to move to modernbill, because WHM Autopilot is working on adding the "Fraud Guardian" to their product as well. So far Autopilot has been good to me, so I see no reason to make the move at the moment.
Ugh, I just don’t want to have to deal with all the charge backs lol. Fraud SUCKS.
I can integrate max mind into WHM autopilot for to varaify ip vs creditcard location for better fruad protection. if anyone is intrested please feel free to email me at [email protected] or instant message me at:
MSN: [email protected]
Originally posted by Scenes Its not all about the money, your server could be crashed in minutes if they are spammers.
That is a very good point. Is there a software that will detect and suspend any mass pop3 mailing that might all of a suddenly start. Then if someone is sending out a news letter they would have to notify my so that I could make the prober adjustments so they will not be shut down.
I wish accounts could be created but most services disabled.. it'd be nice for clients to be able to login to their cpanel, do certain things, but not be able to actually send email or even show a website by DNS name. There are probably other configurations I could think of, but this is very much off the top of my head.
For the record we do automated sign-ups and don't have any problems with chargebacks, this is because we just verify the CC order at first, making sure the address matches the billing address of the card, etc. but the orders aren't processed until midnight. This way, we just go through all the orders and look for ones that may be fraudulent. if it looks fraudulant we call the phone number provided to validate the order and cancel it if it isn't validated. That we we get no chargebacks AND automated setups.
We also keep a keen eye on the services, etc. and would notice a spammer in a couple minutes max.
Last edited by KarlZimmer; 03-18-2004 at 01:06 AM.