Results 1 to 8 of 8
  1. #1
    Join Date
    Oct 2005

    * requesting checklist for fraud prevention

    Other than installing fraud guardian, there are some things we can do ourselves.

    Can you give a **checklist**** of steps to take , there are many hosts here who are experienced and i would really appreciate their help here.

    For example checking ip address of the person requesting a hosting account ( what tools do you use to check ip address)

    for a newbee like me it would really help me if you can give some details.

    Thanks in advance

  2. #2
    Join Date
    Jun 2003
    Proud She-Geek
    1,722 has a great IP Whois tool that will give you information about a user's IP.

    Other things you can do to combat fraud is comparing the address they signed up with against the address of the (if you take Paypal) Paypal account holder and also against the IP you looked up - after all, if someone says they're from Detroit but their IP says China, then that's not a good thing. You can voice verify orders as well (manually). Check to see if the domain they signed up to use is registered (unless they are registering through you).

    I don't know that a lot of hosts are going to go through *all* of their fraud check steps, for their own security. Hopefully this will get you started.

  3. #3
    You can also make sure the billing address matches. We also use Verified by Visa and MasterCard Secure Code to help us some. We also implemented LinkShield to help prevent other fraud.

    It might cost a little to get everything started or a few cents more on each transaction, but in the end, it is worth it.

  4. #4
    Join Date
    Jan 2004
    Luzern, Switzerland
    If the billing address is different then the registration address does that mean fraud?

    I am a student in Switzerland. I have a CC provided by my parents back home in the United Arab Emirates. If I sign up for webhosting, and enter the address that I live in (Swiss Address) and billing address of the card (UAE Address), then get a reply that I am fraud? That won't be very nice. I think that the difference in billing address and shipping/registartion address should not be very critical because it can cause confusion, my case as an example.

  5. #5
    Join Date
    Mar 2007
    New Zealand
    Quote Originally Posted by SeRiaLKiLLa
    I am a student in Switzerland. I have a CC provided by my parents back home in the United Arab Emirates. If I sign up for webhosting, and enter the address that I live in (Swiss Address) and billing address of the card (UAE Address), then get a reply that I am fraud?
    If you were to sign up with me this would FLAG your order. We would then call you to verify your order over the phone to make sure you're ok. You're an exception to the rule because in 95% of the cases it'd turn out to be a fraudster

  6. #6
    Join Date
    Jul 2006
    We use Maxmind Minfraud with WHMCS

    Also we check the address against PayPal and do various tests on the IP address

    Also we check the domain they signed up with (if its taken)

  7. #7
    Join Date
    Mar 2007
    New Zealand
    yeah that's right forgot that.

    We check WHOIS of the domain (if registered) and match that against customer' data. All these fraud checks are automatic and they arrive inbeded in the order form (all you gotta do is look through them and compare info)

  8. #8
    Join Date
    Sep 2003
    A lot of this has been mentioned, but this is what I do (keep in mind that this is after MaxMind has checked for fraud and phone verified).

    - Check fraud score on Maxmind.. If it's above 0.01 then it's reason to investigate for peace of mind

    - Check address supplied, cross reference against address listed in PayPal/2co

    - Check name and email supplied, cross reference against name/email in PayPal/2co

    - Check domain name WHOIS, cross reference against PayPal/2co and data supplied

    - Check domain registration date (if the domain is something very generic and has content such as just a page of ad words etc. then it raises suspicions if the domain was registered a long time ago). If the domain is a new registration, we do further checks (registrar, IP it is pointing to, any IP changes etc.)

    - Search Google for the domain name supplied and the name supplied (there could be a post somewhere on the net saying this guy is fraud - watch out etc.)

    If *any* of the tests fail, we contact the customer and ask them
    - What the nature of the website is
    - Explanation of why certain information does not add up

    Obviously, the method is not absolutely fool proof. Still probable to get round it. But those are the basics steps we take before activating an account..

    We do a couple of other checks as well, but you never know who is reading these forums, so I will keep that to myself...
    MaxMind detects a good 95% of fraud, the rest of my routine has helped in detecting the rest of the 5%. Ever since I've started doing all of this, I haven't had any fraud for over a year now.

    We're thinking of requiring user signatures and proof of ID for higher end packages and yearly accounts..
    If the user is legit, then they should have no problem supplying the necessary information. Takes a few minutes and after that it's easy sailing..

    Hope that helps
    Last edited by IH-Rameen; 03-26-2007 at 10:45 AM.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts