www.dnsstuff.com has a great IP Whois tool that will give you information about a user's IP.
Other things you can do to combat fraud is comparing the address they signed up with against the address of the (if you take Paypal) Paypal account holder and also against the IP you looked up - after all, if someone says they're from Detroit but their IP says China, then that's not a good thing. You can voice verify orders as well (manually). Check to see if the domain they signed up to use is registered (unless they are registering through you).
I don't know that a lot of hosts are going to go through *all* of their fraud check steps, for their own security. Hopefully this will get you started.
If the billing address is different then the registration address does that mean fraud?
I am a student in Switzerland. I have a CC provided by my parents back home in the United Arab Emirates. If I sign up for webhosting, and enter the address that I live in (Swiss Address) and billing address of the card (UAE Address), then get a reply that I am fraud? That won't be very nice. I think that the difference in billing address and shipping/registartion address should not be very critical because it can cause confusion, my case as an example.
I am a student in Switzerland. I have a CC provided by my parents back home in the United Arab Emirates. If I sign up for webhosting, and enter the address that I live in (Swiss Address) and billing address of the card (UAE Address), then get a reply that I am fraud?
If you were to sign up with me this would FLAG your order. We would then call you to verify your order over the phone to make sure you're ok. You're an exception to the rule because in 95% of the cases it'd turn out to be a fraudster
We check WHOIS of the domain (if registered) and match that against customer' data. All these fraud checks are automatic and they arrive inbeded in the order form (all you gotta do is look through them and compare info)
A lot of this has been mentioned, but this is what I do (keep in mind that this is after MaxMind has checked for fraud and phone verified).
- Check fraud score on Maxmind.. If it's above 0.01 then it's reason to investigate for peace of mind
- Check address supplied, cross reference against address listed in PayPal/2co
- Check name and email supplied, cross reference against name/email in PayPal/2co
- Check domain name WHOIS, cross reference against PayPal/2co and data supplied
- Check domain registration date (if the domain is something very generic and has content such as just a page of ad words etc. then it raises suspicions if the domain was registered a long time ago). If the domain is a new registration, we do further checks (registrar, IP it is pointing to, any IP changes etc.)
- Search Google for the domain name supplied and the name supplied (there could be a post somewhere on the net saying this guy is fraud - watch out etc.)
If *any* of the tests fail, we contact the customer and ask them
- What the nature of the website is
- Explanation of why certain information does not add up
Obviously, the method is not absolutely fool proof. Still probable to get round it. But those are the basics steps we take before activating an account..
We do a couple of other checks as well, but you never know who is reading these forums, so I will keep that to myself...
MaxMind detects a good 95% of fraud, the rest of my routine has helped in detecting the rest of the 5%. Ever since I've started doing all of this, I haven't had any fraud for over a year now.
We're thinking of requiring user signatures and proof of ID for higher end packages and yearly accounts..
If the user is legit, then they should have no problem supplying the necessary information. Takes a few minutes and after that it's easy sailing..
Hope that helps
Last edited by IH-Rameen; 03-26-2007 at 10:45 AM.
█ InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
█ Web Hosting - Virtual Servers - Managed Servers - Application Hosting
█ Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
█ LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business