Avoiding fraud and abuse in the web hosting industry
The web hosting industry is a target for fraud and abuse. It's easy and inexpensive or even free for people to try to sign up for a web hosting account using a stolen credit card number or PayPal account and then use that web hosting account for spamming or phishing. There are two ways to avoid these problems: risk reduction and account verification.
Contents |
Risk factors
Each of the following makes a web hosting company a target for fraud and abuse. Web hosts can choose not to offer the following or to offer them and be thorough with account verification.
Free web hosting accounts
If a web hosting account is free, account holders don't even need a stolen credit card to get a web hosting account, and they don't need to provide accurate personal information either. One way to make free web hosting less desirable for undesirables is to charge an account setup fee. Even a low fee will deter those who don't to provide any payment details.
Free first month of web hosting
Offering the first month of a web hosting account free will draw clients you want and clients you don't want. Instead of making that first month free, consider requiring clients to sign up and pay for more than one month when they get the first month free. Or you could offer the second month free. Either way, you're still giving away a free month of web hosting, but with payment required, you're less of a target for fraudsters.
Very low monthly price
Cheap web hosting packages attract more fraudsters than more expensive ones do. Why pay $7 a month for spam and phishing sites when you can get the same for only a dollar or two?
Account verification
Instant (automatic) account setup is convenient and easy, but it it increases the risk of fraud accounts. Many web hosts use a fraud screening service, while others manually screen new accounts themselves (before or after activating accounts) via some or all of the following steps. Another option is to use a fraud screening service and then manually check accounts that don't pass the automated fraud screening.
IP, address, and phone number matches
If the IP used to sign up for an account isn't from the same area as the address and phone numbers provided, this is a red flag. There may be a reasonable explanation, such as that the client was travelling when he ordered a hosting package. However, it could also mean that a stolen credit card or PayPal account is being used. Telephone verification can help identify these cases.
Telephone verification
With phone verification, the first check is that the phone number is from the same area as the address and IP for the account. With the current availability of disposable phone numbers, though, this step in itself is less useful than it used to be.
To rule out credit card theft, you can call the phone number listed with the account to check that the person who has that phone number signed up for a web hosting account with you. Telephone verification can still catch fraud accounts set up with stolen credit cards.
ID request
Some web hosts request some or all new clients to fax a copy of their driver's license or other government-issued ID, especially when other details don't line up. The name and address should match the details provided with the account signup, and the age on the ID will confirm that the client is at least 18 years old. Fraudsters aren't likely to bother creating false ID just for a web hosting account when some unsuspecting web host will be easier to sign up with.
See also
Web Hosting Wiki article text shared under a Creative Commons License.
