Results 1 to 26 of 26
  1. #1
    Join Date
    Feb 2004
    Posts
    166

    * Let's stop fraudulent orders...

    After seeing a lot of fraudulent orders myself and all the posts here warning people not to accept customers due to fraud and spam I've decided to build a searchable database of fraudulent customers. The site is called "Hosted Fraud" and can be accessed by either http://www.hostedfraud.com or http://www.hostingfraud.com

    Note to moderators: please don't delete this post as it's going to help all of us.

    What do you guys think?
    If you can't access the site for any reason this is because I just got the domain name yesterday.

  2. #2
    Join Date
    Feb 2004
    Location
    Southern California
    Posts
    749

  3. #3
    Join Date
    May 2004
    Location
    Mountain View, CA
    Posts
    226
    It's a good idea....but how would you track it?

    Most of the fraudulent orders we receive have information made up on the fly. The only real information provided would be the credit card. Since you can't really hope to post card numbers that have been stolen, there's no real way to track them. At least, I don't really see one.
    DreamLogic Cult Film and Music Reviews
    STOPware - Visitor Management solutoins

  4. #4
    Join Date
    Feb 2004
    Posts
    166
    Well, if you search these forums you'll see that you can find a fraudulent customer not just by credit card number but by number of things such as email address, first name or last name, ip address it's coming from etc. Before I "approve" a customer I always search this forum and google for their domain name or name to see if I can find anything. It takes time, but it helps a lot and I've prevented several chargebacks already.

    By using that database, I believe, it'll be much easier to find if the person has already been reported. Of course it won't be 100% proof but it's sure better than nothing!

  5. #5
    i don't get it. how does one stop fraud orders from coming in?

    you see it's like this for me:

    - customer places order (via whmap)
    - customer is directed to a 3rd-party processor payment page
    - customer is notified of "technical problem" but will be contacted soon (manual install)
    - i review his details.......

    ...but don't you see? he already went past the payment page! he already paid! well, whether or not it's his card or not, he already paid!

    if he's a fraud, i issue a refund to the card. but, that's not what i want.

    how do we stop them before they get to the payment page?

    for those who wrote their own billing system, i guess they could compare the would-be client's ip with the one on your site's db and if a match is found, the transaction is stopped.

    but how about most of us who use whmap, mb, or what not? what should we do?

  6. #6
    Join Date
    Feb 2004
    Posts
    166
    In the future version (if this one takes off), the database can be made available to the public to query against before taking user to the payment page.

    For now, even if they did pay with a stolen card -- you can stop before creating them an account and giving them access to your server. If you're using automated way then perhaps the future version will be for you..?

  7. #7
    Join Date
    May 2004
    Location
    Mountain View, CA
    Posts
    226
    Hmm. Maybe the database could be used like sorbs is for spam. The form could check the database, or a copy on the server side, and then deny the order if certain things matched up.
    DreamLogic Cult Film and Music Reviews
    STOPware - Visitor Management solutoins

  8. #8
    Join Date
    May 2004
    Location
    Mountain View, CA
    Posts
    226
    *wonders if he should have trademarked that first*
    DreamLogic Cult Film and Music Reviews
    STOPware - Visitor Management solutoins

  9. #9
    Join Date
    Feb 2004
    Posts
    166
    It is

  10. #10
    Join Date
    Jan 2004
    Posts
    7,033
    it is a good idea, but if someone puts on fake infomation (saying so and so in a fraud) then you can be in big trouble.
    I am back....


  11. #11
    true, some mischiveous people may start submitting correct information to the database and that means hosts who use your system will reject genuine clients. You need some sort of approval system where only actual genuine hosts can submit data instead of anyone off the street

  12. #12
    Join Date
    Aug 2000
    Location
    NYC
    Posts
    6,627
    You really should speak with an attorney about the legal ramifications of this kind of thing.
    Specializing in SEO and PPC management.

  13. #13
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    [i]you see it's like this for me:

    - customer places order (via whmap)
    - customer is directed to a 3rd-party processor payment page
    - customer is notified of "technical problem" but will be contacted soon (manual install)
    - i review his details.......

    ...but don't you see? he already went past the payment page! he already paid! well, whether or not it's his card or not, he already paid![/B]
    From what I understand of these various control panel systems, if the vendor specifies that payment will only be made when approved, no payment will have been made if the client is eventually turned down.

    Am I right? I'd like to know the answer to this as I hope to start a hosting business soon & would rather turn down a bad client without having to go through the refund process

  14. #14
    Join Date
    May 2003
    Location
    Ottawa
    Posts
    2,478
    I think it may work, however since personal information is usually fake in fraudulent orders, it may not be the best idea to make that part public.

    The easiest way I could see to track fraudulent orders is by either the domain name being signed up, or the email address. Afterall, it has to be valid if they plan on receiving their account info.
    Webmaster Forum webmastertalk.net Webmaster Community Forum
    Website Tools domainfocus.com Webmaster Tools | IP Lookup | Domain Whois | PageRank Checker | HTTP Header Info | Link Analysis | Favicon Generator

  15. #15
    Originally posted by Cloudmaster
    From what I understand of these various control panel systems, if the vendor specifies that payment will only be made when approved, no payment will have been made if the client is eventually turned down.

    Am I right? I'd like to know the answer to this as I hope to start a hosting business soon & would rather turn down a bad client without having to go through the refund process
    i may be wrong but as far as whmap is concerned, manual install means the client pays then you check out his details and if it's good, you install it. if not, you refund him.

    there could be another way but i haven't found it yet.

  16. #16
    Neither of those domains come up for me.

  17. #17
    Join Date
    Mar 2004
    Posts
    1,301
    I think it will be very hard. Fraudsters come in different forms everytime, the only same thing they use is credit cards. And we can never have hosts submit credit card details which they used. Its against the law to have someone else's credit info even though its for a good cause the person to whom the card belongs would never agree, thus making it very very hard to track.
    "Web Hosting is not just about selling space, it is about facilitating customers needs with your plans and supporting the customer for a long lasting mutually beneficial relationship."- Yaser

  18. #18
    Join Date
    May 2003
    Location
    Ottawa
    Posts
    2,478
    Originally posted by Yaser
    I think it will be very hard. Fraudsters come in different forms everytime, the only same thing they use is credit cards. And we can never have hosts submit credit card details which they used. Its against the law to have someone else's credit info even though its for a good cause the person to whom the card belongs would never agree, thus making it very very hard to track.
    You can still track them by email accounts and domain names.
    Webmaster Forum webmastertalk.net Webmaster Community Forum
    Website Tools domainfocus.com Webmaster Tools | IP Lookup | Domain Whois | PageRank Checker | HTTP Header Info | Link Analysis | Favicon Generator

  19. #19
    I think people are missing the real point of this, it is mainly to prevent charge backs from fraudulent orders which cost the hosting industry thousands if not millions of dollars a year.

    This is not designed to stop fraudulent orders before they get through third party payment gateways but to alert you of a possible fraudulent payment so you can refund it before it gets to the charge back stage, or am I getting it wrong.

    And yes I agree that this information alone wont stop fraud as the frauders can just change email address's and IP's can be manipulated, but it will help.
    DBH Web | 2 BUCK HOST | WHT Member Since 2002. | DBH Internet Enterprises.
    LiteSpeed, cPanel, Fully Managed WordPress, CloudLinux, DDoS Protection, Daily Backups,
    RAID 10 Pure SSD, Premium Network, 24/7 Support, 30 Day Money-Back Guarantee.

    Over 15 years experience in the Web Hosting Industry.

  20. #20
    Join Date
    Apr 2003
    Location
    Los Angeles, CA
    Posts
    244
    None of those domains mentioned work for me either. Page not found.

  21. #21
    Join Date
    Mar 2004
    Posts
    1,301
    Amdac, how can we do through email accounts? only if they use the same one again but they might be having 1000s of email addresses.
    "Web Hosting is not just about selling space, it is about facilitating customers needs with your plans and supporting the customer for a long lasting mutually beneficial relationship."- Yaser

  22. #22
    Join Date
    May 2003
    Location
    Ottawa
    Posts
    2,478
    Originally posted by Yaser
    Amdac, how can we do through email accounts? only if they use the same one again but they might be having 1000s of email addresses.
    They wont have thousands of domains though. And blocking email addresses still can't hurt. I'm not saying it's foolproof, it is however better than nothing.
    Webmaster Forum webmastertalk.net Webmaster Community Forum
    Website Tools domainfocus.com Webmaster Tools | IP Lookup | Domain Whois | PageRank Checker | HTTP Header Info | Link Analysis | Favicon Generator

  23. #23
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    I have a developer working on something similar currently, i'd be happy to keep everyone informed regarding its progress if so desired.

  24. #24
    Join Date
    Oct 2002
    Location
    New York
    Posts
    1,063
    brainstorm ..

    you can post the credit card, and the script will turn it into a MD5 hash, on the fly, then you can compare the hashes to keep track of a pariticular card or contact.
    The Hostworks:: Offering Managed and Unmanaged VPS
    Shared Web Hosting and Managed E-Mail security services.
    24/7 Support :: 10 year anniversary coming soon!

  25. #25
    Join Date
    Mar 2004
    Posts
    1,301
    Its a good idea though, can be improved over time
    and by the way those domains dont work for me either
    "Web Hosting is not just about selling space, it is about facilitating customers needs with your plans and supporting the customer for a long lasting mutually beneficial relationship."- Yaser

  26. #26
    Join Date
    May 2003
    Location
    Ottawa
    Posts
    2,478
    Originally posted by thehostworks
    brainstorm ..

    you can post the credit card, and the script will turn it into a MD5 hash, on the fly, then you can compare the hashes to keep track of a pariticular card or contact.
    There's your solution.
    Webmaster Forum webmastertalk.net Webmaster Community Forum
    Website Tools domainfocus.com Webmaster Tools | IP Lookup | Domain Whois | PageRank Checker | HTTP Header Info | Link Analysis | Favicon Generator

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •