Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Operating a Web Hosting Business > Web Hosting Business and Legal Issues > Should account verification with scanned ID be necessary?
forgot password?



Reply


Old
  Post #16 (permalink)   03-13-2013, 03:12 AM
HD Newbie
 
Join Date: Mar 2013
Posts: 46

Status: trueman1 is offline
I will never give my scan id to anyone over the internet, this is very risky and could lead to identity steel.
 
 
 


Old
  Post #17 (permalink)   03-13-2013, 03:35 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,013
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by trueman1 View Post
this is very risky and could lead to identity steel.
only if sent over an insecure method such as standard email.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #18 (permalink)   03-15-2013, 08:55 AM
HD Guru
 
Join Date: Mar 2013
Posts: 811

Status: Alex HubRocket is offline
Quote:
Originally Posted by trueman1 View Post
I will never give my scan id to anyone over the internet, this is very risky and could lead to identity steel.
The majority of the "reliable" companies will have proper & secure practices when it comes to this. If your going with a kiddy host (who probably wouldn't even ask for ID even if an order is marked fraud) then you should be more weary and ensure you are sending details over a secured channel.
 
 
 


Old
  Post #19 (permalink)   03-15-2013, 09:02 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,013
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
a majority of reliable companies will have system such as WHMCS/CE which they should have on secure servers and have an SSL cert for their WHMCS/CE or have a reliable support ticket system under a secure SSL. If you need to ask for ID get them to send these through one of these under the SSL, so the items will be encrypted
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #20 (permalink)   03-16-2013, 06:10 AM
HD Addict
 
Join Date: Mar 2012
Posts: 117

Status: Westpoint is offline
Quote:
Originally Posted by Obelix View Post
but I have noticed that some companies ask for an ID-based account verification, meaning you have to send them a scanned copy of a photo ID such as a passport or driver's license. I find this to be kind of an inconvenience, and I try to avoid such hosting providers. What do you think? Would you implement account verification if you started a hosting company?
I agree with you that it is an inconvenience. As a user, I would try to avoid hosting companies which ask for this kind of verification. The hosting company I am using now required phone verification and I think that's OK.
 
 
 


Old
  Post #21 (permalink)   03-16-2013, 06:20 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,013
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by Westpoint View Post
I agree with you that it is an inconvenience. As a user, I would try to avoid hosting companies which ask for this kind of verification. The hosting company I am using now required phone verification and I think that's OK.
yes most hosts will use telephone verification as a standard anti fraud method, but when someone ordered an expensive service such as a dedicated server, hosts will ask for photo ID and address ID as an extra security feature.

Take this as an example. You get an order for a $300 a month server from a Joe Blogs who gives his address as 1600 Pennsylvania Avenue Northwest, Washington, D.C. and he gives a valid phone number that passes telephone verification. Would you still accept this order?
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 


Old
  Post #22 (permalink)   05-10-2013, 12:51 PM
HD Newbie
 
Join Date: Apr 2013
Location: United States
Posts: 32

Status: CeraNet is offline
We've been asking for ID & calling the card issuing bank for verification.

We ran into several issues of identity theft & using prepaid cards to get service up and running (most likely as part of a snowshoe spam operation or similar), so we request that the card issuing bank call their customer for verification. Once we say we think it is an issue of identity theft, they are pretty much obligated to call their customer and get 'independent' verification.

It's a pain & costly, but it is cheaper than setting up the service and dealing with the aftermath + chargebacks...
__________________
Jason @ CeraNet - Professional Data Center Services
www.cera.net
Cloud | Dedicated | Colo | Custom Solutions | Managed Services
 
 


Old
  Post #23 (permalink)   05-10-2013, 03:07 PM
HD Guru
 
Join Date: Mar 2013
Posts: 811

Status: Alex HubRocket is offline
Quote:
Originally Posted by CeraNet View Post
We've been asking for ID & calling the card issuing bank for verification.

We ran into several issues of identity theft & using prepaid cards to get service up and running (most likely as part of a snowshoe spam operation or similar), so we request that the card issuing bank call their customer for verification. Once we say we think it is an issue of identity theft, they are pretty much obligated to call their customer and get 'independent' verification.

It's a pain & costly, but it is cheaper than setting up the service and dealing with the aftermath + chargebacks...
Might be profitable whilst a small operation but when your dealing with thousands of signups per day would it still be viable? How do you handle that? You call their bank asking for verification, they call the customer then what happens? You call them back, they call you back?

Just seems like it isn't such a good way to handle fraud signups in my opinion, especially in a long run.
 
 
 


Old
  Post #24 (permalink)   05-10-2013, 03:12 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,013
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
and also making all these calls will cost you money and if you do these too many times, you may find some banks or card companies like Visa refuse to deal with your company as you will become listed as a high risk
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #25 (permalink)   05-11-2013, 09:24 AM
HD Newbie
 
Join Date: Apr 2013
Location: United States
Posts: 32

Status: CeraNet is offline
True it is cumbersome and somewhat costly, but we found it was more economical to have our customer service reps call to verify info than deal with the problems.

Unfortunately, we found that maxmind + call verification were missing the worst offenders who wanted to use the servers as a proxy or send out spam until we shut them down. They were using stolen identities most from the south Florida area and signing up for prepaid VISA / debit cards, then using that info to start service. True, we cannot not do this for the simple web + email hosting account at $10 per month (we just flag them as suspend until further confirmation vs checking on them), we do it for everyone ordering a dedicated or cloud server. We average 8 to 10 orders like this week & about 1/3 of them are fraud of some sort. I lump someone who uses the server for one month to send out junk as fraud.

Easyhost Media -- We've found that most every bank will work with us once they know it is suspected fraud. You are correct though, i am sure at some point we'll get flagged as a risk and need to figure out a different method. Any suggestions?
__________________
Jason @ CeraNet - Professional Data Center Services
www.cera.net
Cloud | Dedicated | Colo | Custom Solutions | Managed Services
 
 
 


Old
  Post #26 (permalink)   05-11-2013, 09:36 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,013
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by CeraNet View Post
We've found that most every bank will work with us once they know it is suspected fraud. You are correct though, i am sure at some point we'll get flagged as a risk and need to figure out a different method. Any suggestions?
Yes most bank call centres will work with you as they are just advisors, but if you are calling certain banks many times a month checking on card payments as you suspect are ID theft, then when they bank does their regular audits, this will be flagged up and that particular bank can block their customers using your services, but for all you call the bank, Visa/Mastercard etc. will also be informed of these checks/reports and if you get someone like Visa block you then this will almost close down your business as MC would soon follow, which as they run approx. 95% of credit/debit cards you wont be able to accepts any of their cards through any means
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #27 (permalink)   05-11-2013, 04:52 PM
HD Newbie
 
Join Date: Apr 2013
Location: United States
Posts: 32

Status: CeraNet is offline
I agree with everything you've said. However, I need to find a resolution.

Our business has been mostly managed services & custom solutions until recently. The world of retail and selling to anyone with a credit card is relatively new for us...

Any suggestions are appreciated.

Here is the best we've come up with:

1) on web + email hosting -- anything over 10 score on maxmind, no orders from the BRICK countries, and strict limits of email and services provided
2) ded / cloud - all orders without previous communications (emailing/calling with questions before they order) require third party issuing bank verification (OUR ISSUE HERE).
3) colo - no problem we have their equipment as collateral

thanks!
__________________
Jason @ CeraNet - Professional Data Center Services
www.cera.net
Cloud | Dedicated | Colo | Custom Solutions | Managed Services
 
 
 


Old
  Post #28 (permalink)   05-12-2013, 04:26 AM
HD Guru
 
Join Date: Mar 2013
Posts: 811

Status: Alex HubRocket is offline
@CeraNet - I'd really just go with the fraud prevention systems provided by your payment gateway coupled with MaxMind miniFraud or another anti-fraud service. So I'd go against the 3rd party issuing bank verification - I can only imagine this would annoy the customer, take quite some time for each order and be quite costly.

Also anything over 10 is quite a high risk score, you should lower that a little then monitor each transaction and increase that as you go.

Taken from the MaxMind page:

Quote:
At what riskScore values should I accept, reject, or manually review transactions?
There is no single recommended set of riskScore values to use for deciding whether to accept, reject, manually review, or submit transactions to complementary services for analysis. In determining what thresholds to set, you should consider the costs of chargebacks and lost goods, the cost of manual review, the cost of complementary services, and the cost of potentially rejecting good orders.

A recommended strategy is to at first only automatically accept orders under a low riskScore (e.g., 3.00), only automatically reject orders above a high riskScore (e.g., 70.00), and manually review all other transactions. After monitoring the riskScores received for the manually reviewed transactions, you can adjust the thresholds appropriately to reduce the amount of manual review required.

Below is the distribution of riskScores returned by the minFraud service across all users. You can use this data to estimate the number of orders that will be approved, rejected, or held back for review given the thresholds you set. Please note that the distribution of riskScores you observe may differ.

Approximate distribution of riskScores across all minFraud clients
riskScore range Percent of orders in range
0.10 - 4.99 90%
5.00 - 9.99 5%
10.00 - 29.99 3%
30.00 - 99.99 2%
 
 


Old
  Post #29 (permalink)   05-13-2013, 03:55 PM
HD Amateur
 
Join Date: Apr 2013
Location: Sweden
Posts: 65

Status: mikho is offline
Quote:
Originally Posted by easyhostmedia View Post

were they will ask for verification is for dedicated servers, so high end VPS, if you are from a high risk country and fail other fraud checks.
This.

I've found that whenever a hosting company asks for this it's because some other trigger has gone of with your order. It could be that they at random pick an order to do some more checks or if the order got a Maxmind score that is not high enough to mark it as fraud but it could be.

Some providers do it on every order (first order as customer, when ordering additional servers/packages they already trust you) to be 100% sure to avoid scammers/spammers or what you call it.
__________________
-_- www.lowendguide.com -_- the guides to administer your lowend vps
Like on Facebook and follow on Twitter

$3 / year shared hosting found here
 
 
 


Old
  Post #30 (permalink)   05-17-2013, 05:37 PM
HD Amateur
 
Join Date: May 2013
Posts: 73

Status: Dedispec is offline
We utilize a form of ID for many uses with our customers. If there's anything in their information that looks odd we'll politely request some form of ID. I'd say a large majority actually appreciates the checking, especially with how many Paypal accounts and credit cards get stolen.

We did recently start requesting ID verification on any IP blocks /28 or higher due to how serious spam is getting out there. We actually noticed our amount of attempted spammers dropped considerably once we implemented that practice. Our customers that are legitimate don't mind providing that either.
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: