Results 1 to 11 of 11
  1. #1
    Join Date
    Jul 2008
    Location
    Luxembourg
    Posts
    347

    How to avoid fraudulent orders?

    I am not sure if this is the right section to post this, but since my question is indirectly about dedicated servers I think nobody will shoot me.

    What are you guys doing to protect yourselves from fraudulent dedicated server orders? How do you deal with chargebacks from customers who have been using stolen credit card numbers?

    We have been thinking a lot about some sort of pre-validation that would require the registering user to undergo some sort of manual or automated process where he would either receive a phone call and receive a PIN code from some sort of voicebox and/or via SMS. More intense would be manual verification, but this is a major drawback for many potential customers.

    The last two months have been pretty interesting for us, because the amount of fraudulent transactions has increased dramatically and there is some sort of pattern behind all these orders. One would think that it is the same person over and over again, although the IP addresses are from different areas on this planet. We have now come to the point where we need to do something new to prevent credit card fraud. I am very interested to hear what other people are doing against it and if these measures have caused some unwanted drawbacks for their (potential) customers.
    Dedicated Servers in Europe and Asia: http://www.server.lu
    SINGAPORE and LUXMBOURG Servers with IPMI
    Peering @ AMS-IX, DE-CIX, LINX, FRANCE-IX, EQUINIX SINGAPORE-PARIS-ASHBURN-CHICAGO-DALLAS-PALO ALTO-LOS ANGELES and LU-CIX

  2. #2
    Join Date
    Mar 2009
    Location
    Chicago, IL
    Posts
    219
    Depending on what billing system you use, you may want to apply basic fraud checking using something like Varilogix (call verification) or MaxMind Fraud protection. Some of the more popular billing systems include the hooks to use these services by default.

    Also it never hurts to simply have someone scan a copy of their credit card and photo ID and send it in. Chances are that if they give you static about sending in a copy of the id/card, they don't have it anyway.

  3. #3
    Most dedicated providers require a copy of an ID to be faxed these days. Also, liek the poster above, I'd suggest using MaxMind to scan orders, and do a call back verification on orders. And most importantly, look at every order yourself and use common sense.
    cPanel Hosting
    Site5.com - Best support in the hosting business!

  4. #4
    Join Date
    Dec 2005
    Posts
    3,077
    We use Maxmind + we also manually hand-verify all dedicated server orders. If it doesnt come up as clean as a whistle we generally ask for some form of ID.

  5. #5
    Join Date
    Jul 2008
    Location
    Luxembourg
    Posts
    347
    Tools like MaxMind can make life easier, but not necessarily for us.

    We do not get any credit card information from the paying customer. This information stays on the payment gateway (an external company). So without the credit card information we cannot do any further processing. Now one would say that in this case the credit card gateway needs to do this checking. I think it does have some mechanisms, but in my opinion they are old fashioned and have never been adapted to the current real world scenarios. Right now we do not have to deal with too many charge backs, because they are covered by the credit card gateway's insurance. That company has however raised an alarm quite recently, so that is where I am currently standing.

    Providing an ID is just ridiculous. We tried that several times. You can generate an ID for 1$ with the same credit card you have used to purchase your server, so this doesn't help a lot.

    Verification via SMS sounds plausible. Doesn't necessarily avoid fraud credit card transactions, but if I were to receive an SMS before I can pay with my stolen credit card, I probably would think twice about what I'm about to do.
    Dedicated Servers in Europe and Asia: http://www.server.lu
    SINGAPORE and LUXMBOURG Servers with IPMI
    Peering @ AMS-IX, DE-CIX, LINX, FRANCE-IX, EQUINIX SINGAPORE-PARIS-ASHBURN-CHICAGO-DALLAS-PALO ALTO-LOS ANGELES and LU-CIX

  6. #6
    Join Date
    Apr 2009
    Location
    Dallas/FortWorth TX
    Posts
    1,677
    Maxmind also has some calling features, did u try that ?? or u can manually setup the calling verifcation
    IPStrada When uptime counts.
    Warren Buffet: Honesty is very expensive gift do not expect it from cheap people.

  7. #7
    Join Date
    Jul 2008
    Location
    Luxembourg
    Posts
    347
    Quote Originally Posted by IPStrada LLC View Post
    Maxmind also has some calling features, did u try that ?? or u can manually setup the calling verifcation
    We could do this with our inhouse VoIP infrastructure, so there is no real need to have a third party do what we can do easily. Actually that is not really the point. There are lots of mechanisms available, but most of them will imho frighten some new potential customers away.

    I had a similar conversation last week at NANOG46 with two guys from SoftLayer. They call every new customer and they say that if someone does not want to be called, then it is not a real customer. I do not share their opinion, because I think that lots of real and good customers would like to have a dedicated server without having to answer a phone call first.

    So, would you order a server if a nice lady from that company wants to call you first to verify your ID? I'm not sure I would...
    Dedicated Servers in Europe and Asia: http://www.server.lu
    SINGAPORE and LUXMBOURG Servers with IPMI
    Peering @ AMS-IX, DE-CIX, LINX, FRANCE-IX, EQUINIX SINGAPORE-PARIS-ASHBURN-CHICAGO-DALLAS-PALO ALTO-LOS ANGELES and LU-CIX

  8. #8
    Join Date
    Apr 2009
    Posts
    839
    Can you please provide your payment gateway company? At least in PM will be good enough for me, thank you.

    Some of these payment gateways paying all chargeback fees by themselves in case of fraud protection failure.

  9. #9
    Join Date
    Aug 2001
    Location
    Orange County, CA
    Posts
    532
    We tend to manually call people to verify an order if it looks at all suspicious. Since we sell software licenses to companies rather than individuals it's generally easier to verify their details using online records. We'll void orders we can't verify.

    As for how we deal with chargebacks, we've probably only had one in the past 18 months. When chargebacks were more frequent we just didn't challenge them *unless* we had a log of talking to the customer and they later filed a chargeback as fraud (e.g. didn't have card, without consent) rather than being honest about changing their mind. We tended to win those cases with the documentation we had (phone, helpdesk tickets, etc). In several cases we still issued a refund when we won a chargeback. It's the principle of the thing.
    Jeff Standen, Chief of R&D, WebGroup Media LLC. - LinkedIn
    Cerb is a fast and flexible web-based platform for business collaboration and automation. http://www.cerbweb.com/

  10. #10
    If you are having too much such problems then you can use phone verification system os maxmind.

    Always check the user ip and the revelent country.

    Also the person which pay for longer period must be in your consideration.

  11. #11
    Validate orders by SMS as it is simple and for people who do not speak the same language the provider can send different language messages without having multilingual operators to call up. Also if you validate by SMS you can request a delivery receipt for your records.

    Call backs are good as well but the language problem exits especially when the provider uses sub standard call centres.

    Some providers lose business by asking for passport / id simply because of the insecurity of email, would you send useful ID over insecure medium? If you need ID then provide an interface using SSL to upload it. I personally have aborted sign ups due to providers requiring that I email a scan of ID documents.

Similar Threads

  1. fraudulent orders
    By rhsadmin in forum Fraud and Abuse
    Replies: 29
    Last Post: 03-25-2008, 02:51 PM
  2. Let's stop fraudulent orders...
    By ICALIV in forum Running a Web Hosting Business
    Replies: 25
    Last Post: 05-27-2004, 03:31 PM
  3. fraudulent orders
    By eXecution in forum Running a Web Hosting Business
    Replies: 14
    Last Post: 03-26-2004, 02:18 AM
  4. fraudulent orders
    By JS-Hosting in forum Running a Web Hosting Business
    Replies: 16
    Last Post: 03-13-2004, 07:24 AM
  5. Fraudulent Orders
    By JKhoury in forum Running a Web Hosting Business
    Replies: 8
    Last Post: 11-16-2003, 04:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •