Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   07-08-2013, 07:53 AM
HD Addict
 
Join Date: Apr 2013
Location: Utica, NY USA
Posts: 140

Status: hostmything is offline
Hello HD!
So as my thread title imply, I want to know how you handle fraudulent orders. I have received over $10,000 in fraudulent orders in the last week, and have responded by simply marking the orders as fraud.

To prevent fraud, I have Stripe.com (my CC processor) verify the zip code and CVC code of all clients paying by CC, but this does not help me if some CC ripper is the one purchasing the services. .

So far as a host, I have never had to deal with this scale of fraudulent orders :/. I get almost 5 a day now, and they take away my attention from my actual clients. 90% of them are for high end dedicated servers.
__________________
Scott Murray - Owner of HostMyThing.com
Shared, Reseller, VPS and Dedicated Hosting
HostMything.com - http://hostmything.com
 
 


Old
  Post #2 (permalink)   07-08-2013, 09:16 AM
HD Community Advisor
 
ughosting's Avatar
 
Join Date: Jan 2011
Location: London
Posts: 604

Status: ughosting is offline
If you are providing "non trivial" orders, you should always phone them first before making anything active.

Also MaxMind Fraud (very cheap) does a great job of making sure their tel number, IP addresses and recorded address are in the same location or thereabouts. And checks whether they are using a VPN or proxy to connect to your services.
__________________
DDoS Protected, LiteSpeed + LiteMage on CloudLinux with SSD Disks, R1Soft, Softaculous, SIteBuilder, BitNinja, LetsEncypt & Patchman
UnixGuru: Accounts with 1-16 CPU Cores, 2-32GB RAM. Why use a VPS?
█ Choose from Shared, Reseller and Elastic-Sites Hosting
 
 
 


Old
  Post #3 (permalink)   07-08-2013, 05:53 PM
HD Guru
 
HostLeet's Avatar
 
Join Date: May 2009
Location: Florida, USA
Posts: 874

Status: HostLeet is offline
Quote:
Originally Posted by hostmything View Post
Hello HD!
So as my thread title imply, I want to know how you handle fraudulent orders. I have received over $10,000 in fraudulent orders in the last week, and have responded by simply marking the orders as fraud.

To prevent fraud, I have Stripe.com (my CC processor) verify the zip code and CVC code of all clients paying by CC, but this does not help me if some CC ripper is the one purchasing the services. .

So far as a host, I have never had to deal with this scale of fraudulent orders :/. I get almost 5 a day now, and they take away my attention from my actual clients. 90% of them are for high end dedicated servers.
Hi Scott,

Unfortunately this is a never-ending battle that all of us vendors have to deal with on a daily basis, and constantly improve upon. Specially in the hosting business.

As ughosting mentioned, take a look a MaxMind, it works wonders for a hosting provider. But, don't think for one second that having MaxMind enabled will be the end of fraud for good and you can forget about it.. Once MaxMind is properly setup to fit your business needs (and only you can do this!), you still need to manually review each and every order that comes through.

I recommend you enable phone verification as well, specifically for high-end orders such as Dedicated Servers, VPS, SSL, ect.. This will "weed-out" a lot of the bad apples, but not all of them. Just remember; when in doubt, always contact the client ASAP. Sometimes you or your system will mark a legitimate order as fraud, so make sure you have this stated in your TOS or knowledgebase. Then, place the link to the article on your order page so everyone can see it. You may also want to place a warning for all fraudsters on your checkout page as well.

I've attached a screenshot of our warning box for your reference.
Attached Images
File Type: png checkout-fraud.png (141.3 KB, 20 views)
__________________
HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
Fast Reliable Affordable Secure Friendly & Courteous
RISK-FREE Money Back Guarantee PCI-Compliant Checkout
 
 


Old
  Post #4 (permalink)   07-08-2013, 06:38 PM
HD Addict
 
Join Date: Apr 2013
Location: Utica, NY USA
Posts: 140

Status: hostmything is offline
May I ask what you do with the funds that the scammer used? I'm almost 100% sure these scammers are using ripped cards. Do I just refund the money? Or hang onto it until its disputed? That is probably my main concern. I do not want to be in a legal pickle because some fraudulent client purchased my services with "John Smith's" CC.

Thanks for all your recommendations. I will be sure to implement something in addition to human eye verification.
__________________
Scott Murray - Owner of HostMyThing.com
Shared, Reseller, VPS and Dedicated Hosting
HostMything.com - http://hostmything.com
 
 
 


Old
  Post #5 (permalink)   07-08-2013, 09:01 PM
HD Newbie
 
Join Date: Apr 2013
Posts: 5

Status: Computerholic is offline
There are many things you can do. What we do is simple. If they pay using a credit or debit card and we have confirmed it as fraud, we refund the money back to the card holder. If it's paypal, we wait till paypal contacts us then we send the money back no issues.
 
 
 


Old
  Post #6 (permalink)   07-09-2013, 02:18 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
We use Maxmind along with the telephone verification service, it an order is marked as fraud then they invoice for the order is marked cancelled and the order marked fraud, We then will check the order report info provided by maxmind and if we agree with Maxmind then we just l;eave it and await the client to contact us to why the order was marked fraud. If it is a genuine order then the client will contact you asking why the system says its fraud, when a fraudster would never contact you.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #7 (permalink)   07-09-2013, 03:46 AM
HD Newbie
 
Join Date: Sep 2012
Location: Netherlands
Posts: 15

Status: itsmir is offline
We use maxmind (with phone verification) and also manually review any flagged orders. If in doubt we request a copy of some form of photo id (passport, driving license etc). All orders for dedi's are manually reviewed due to deployment costs.

Maxmind is a pretty good 'first line of defense' but manually checking orders is what keeps the fraud levels down.
__________________
ItsmirHosting Professional UK Hosting Solutions
Fast, Friendly and Reliable Hosting
Litespeed Powered cPanel CloudLinux Softaculous R1Soft
 
 
 


Old
  Post #8 (permalink)   07-10-2013, 04:54 PM
HD Amateur
 
Join Date: Jan 2013
Posts: 64

Status: DTN_VPS is offline
Quote:
Originally Posted by ughosting View Post
If you are providing "non trivial" orders, you should always phone them first before making anything active.

Also MaxMind Fraud (very cheap) does a great job of making sure their tel number, IP addresses and recorded address are in the same location or thereabouts. And checks whether they are using a VPN or proxy to connect to your services.
Yup second this one, they are reccomended from alot of people... and me
 
 
 


Old
  Post #9 (permalink)   07-11-2013, 11:18 AM
HD Addict
 
Join Date: Jun 2012
Location: India
Posts: 189
Send a message via Skype™ to Shine Servers

Status: Shine Servers is offline
MaxMind is enough for us, we have telephone verification setup as no fraudster gives his real number

Maxmind > 2CO > Order Setup (This is how we are secured)

From last 8 or 9 months we hit only 14 Fraud orders.
__________________
ShineServers.Com | Reliable Web Hosting Solutions
cPanel/WHM - SiteBuilder - Instant Setup - 24/7 Support and much more.
Web Hosting | Reseller Hosting | Dedicated Hosting
 
 
 


Old
  Post #10 (permalink)   07-11-2013, 12:41 PM
HD Guru
 
Join Date: Mar 2013
Posts: 811

Status: Alex HubRocket is offline
Quote:
Originally Posted by Shine Servers View Post
MaxMind is enough for us, we have telephone verification setup as no fraudster gives his real number

Maxmind > 2CO > Order Setup (This is how we are secured)

From last 8 or 9 months we hit only 14 Fraud orders.
14 out of how many orders? That could be a high or low count based on the total number of orders during that period .

You sort of conflict your statements: no fraudster gives his real number & in 8 - 9 months you've had 14 fraud orders (which can be a lot )

Though you sound satisfied so good to see your setup working
 
 
 


Old
  Post #11 (permalink)   07-11-2013, 04:00 PM
HD Guru
 
HostLeet's Avatar
 
Join Date: May 2009
Location: Florida, USA
Posts: 874

Status: HostLeet is offline
Quote:
Originally Posted by hostmything View Post
May I ask what you do with the funds that the scammer used? I'm almost 100% sure these scammers are using ripped cards. Do I just refund the money? Or hang onto it until its disputed?
Always refund the money, never wait for a chargeback!

If you know it's fraud then simply return the money asap, ban the IP and move on.
__________________
HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
Fast Reliable Affordable Secure Friendly & Courteous
RISK-FREE Money Back Guarantee PCI-Compliant Checkout
 
 
 


Old
  Post #12 (permalink)   07-11-2013, 04:03 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Yes if you suspect fraud, refund the money straight away, if the order was genuine, then the client will contact you asking why you refunded while a fraudster wont contact you as they will just move onto someone else.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #13 (permalink)   07-11-2013, 08:36 PM
HD Addict
 
Join Date: Apr 2013
Location: Utica, NY USA
Posts: 140

Status: hostmything is offline
I have refunded the money. Thanks for all the information
Don't the credit card companies usually pick up the tab for stolen credit cards? I let one of the more realistic looking fraudulent orders slip through to provisioning, so now I have already paid the data center for that server.
For the future: If something like that happens, can I wait for the charge back to occur, and dispute it saying I provided this "person" with e.g a server? Im almost 75% sure the credit card company picks up the tab at that point. Can anyone relate?
__________________
Scott Murray - Owner of HostMyThing.com
Shared, Reseller, VPS and Dedicated Hosting
HostMything.com - http://hostmything.com
 
 
 


Old
  Post #14 (permalink)   07-12-2013, 01:31 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by hostmything View Post
I have refunded the money. Thanks for all the information
Don't the credit card companies usually pick up the tab for stolen credit cards? I let one of the more realistic looking fraudulent orders slip through to provisioning, so now I have already paid the data center for that server.
For the future: If something like that happens, can I wait for the charge back to occur, and dispute it saying I provided this "person" with e.g a server? Im almost 75% sure the credit card company picks up the tab at that point. Can anyone relate?
If you think this then you wont be in business long. If you keep waiting until you get chargebacks thinking tough the CC will pick up the tab, then 1 think will happen.

Your bank along with CC providers (visa/mastercard) will all of a sudden decide your business is too high risk and refuse to do business with you, so you will be without any bank account ( as word will get out to other banks) and CC/DC providers will refuse to allow you to accept any of their cards, which would also mean Paypal/2checkout etc. will not be able to allow you to use their services.

So how long will you last without any bank account or any way to accept online payments.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 
The Following User Says Thank You to easyhostmedia For This Useful Post:
hostmything (07-15-2013)


Old
  Post #15 (permalink)   07-12-2013, 03:35 AM
HD Newbie
 
Join Date: Jul 2013
Posts: 22

Status: BlastPort is offline
We use MaxMind via WHMCS, and they give you 1000 free orders (which is awesome!). You can also just use 2checkout as your only payment gateway, as they do fraud checking on each order, and PayPal is an option with it.

However, even with MaxMind, we have had a few orders go through that need disputes auto-opened, due to potential fraud. Seems no method is fail safe when it comes to fraud.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: