For some time now we've adopted a policy of monitoring new sites over the first days/weeks or month in order to help pre-empt any of the annoyances or difficulties new users can be faced with as well as to introduce ourselves somewhat to the new customer.

As part of this obviously we get the occasional site suspected of phishing and or fraud, typically setting up a site with a new domain often with a blank index and obscure folder names. The dilemma being somewhat being certain in such cases a lot of the time they lack the coding skills to hide their intentions however what actions would you take against such a user?

It seems rather difficult in that the authorities need to catch the user in the act essentially and as such suspending them make the cat and mouse game of new domains/hosts more difficult. Equality when the appropriate company cottons on, they will simply request the removal on copyrighted material. Then add to the mix the authorities and associated companies may or may not be English speaking or of origin.

It seems a no win situation in essence.. with the new user no doupt continuing their actions elsewhere.

Hello,

I agree completely, and we have been experiencing very few fraudulent orders from the beginning. A majority of our fraudulent orders are placed with PayPal, and days later PayPal notifies us that a purchase was made with a paypal account which had been compromised days before.

The thing that makes me aggravated, is us getting stuck with the domains that clients with fraudulent payment methods are ordering. These domains are of course non-refundable, and I personally feel something needs to be done to stop these abusers such as the authorities actually getting involved.

An example, a client had placed an order with us for six domains, a month and a bit later we were informed a dispute was opened up for an authorized payment. We discovered the client who placed the order was not under a proxy, and we had the actual IP address. We had asked paypal if it would help the case, they simply replied "no, it was an authorized payment and the actual owner didn't place the order".

I'm not sure how to avoid such orders, because most of the ones we receive seem to be legitimate.

Anyways, just my two bits. Let's hope something in the near future is enforced which will not making companies out money.

The choices are: handle it before it becomes an issue or wait for the DMCA and eat the cost of a chargeback or domain registration fees, etc.

From a business standpoint, the choice is obvious. If you have sufficient proof the account is fraudulent or is going to participate in fraudulent activity, you should terminate the account and move on.

If you don't, it will more than likely just cost you more money and headache down the road.

I would recommend calling all orders. Most fruadsters use fake phone numbers.

I've been emailing customers Paypal accounts to ask them to confirm the order. Also looking at Maxmind now.

Phone verification is must in the web hosting business. However, you can also demand a scan copy of driving license or passport to match the information...

If using sms instead using " calling all orders " is it work also ?

We're using MaxMind, and on every occasion we've asked for verification, they've failed. Since our latest tweak of MaxMind, fraud sign ups have dropped considerably.

Fraud detection is often a difficult and tedious task that every hosting company must deal with on a continuing basis. Some clients don't understand when they must verify additional information in order to rule out a fraud risk. When you do have to make calls and obtain more detailed records then do advise your clients of the process. While providers understand the prevalence of the issue many customers can be frustrated by the process. Inform your clients before they become frustrated and disenchanted.

I think it may aid this discussion somewhat to highlight that maximind gave this a very low warning/indication despite phone and similar verification. It certainly shows that it is possible to "fool the system" .

The detection was made aptly be a technician and Google had also sent their generic "your site is being removed from the listing for x reasons" email which validated our assumptions despite the code, copyright and trademark issues that where a clear giveaway.

My main bugbear of the whole situation is the lack of interest from the authorities, as there is simply I imagine to much paper work involved to in this case contact the French authorities and have them act and as such people will continue to use providers outside of their own country of origin somewhat safely in the knowledge they'll somewhat get away with it.

Fraud detection is becoming even harder, users are now verifying paypal accounts with those pay as you go credit / debit cards.

Then paypal are no help to the end supplier, it is rather hard.

I would suggest using max mind they prevent all of fraud I would of got, never got a single fraud account, maybe a charge back once..