Hosting Discussion

Hosting Discussion (http://www.hostingdiscussion.com/)
-   Web Hosting Business and Legal Issues (http://www.hostingdiscussion.com/web-hosting-business-legal-issues/)
-   -   Fraud Prevention (http://www.hostingdiscussion.com/web-hosting-business-legal-issues/42943-fraud-prevention.html)


nuwebhosting 09-26-2016 04:19 PM

Fraud Prevention
 
Hi Everyone,

Are there any other hosting providers here that get numerous Fraudulent orders? We tend to receive multiple at least per day from countries and proxied IPs. Our system automatically blocks these. How do you normally handle this? We usually ask for a photo id if we think it's in error. However the backlash can be devastating so we remain very careful in proceeding forward. Thankfully never had an issue of backlash, would like to keep it that way.

Any insight?

JSCL 09-27-2016 02:05 AM

Quite a simple one this. Some businesses in this industry have come to rely on automated fraud detection. It's great configuring your billing system to automatically flag orders with a MaxMind score that's above X amount. But it's just not enough.

Across all of our hosting businesses, I have instructed stringent manual reviewing of each order. For us, it's:

MaxMind Scoring - This is done by default but no order is automatically setup or declined.

FraudRecord Scoring - The staff member reviewing the order should manually conduct a FraudRecord review of the client. The score should then be logged on the clients record. If anything suspicious arises in the report, then this is stickied and the order is refused.

Social Media Profiling - The truth is, that as much as we hate it, we all have a social media footprint these days. Very few people don't have one of some description. There are websites you can sign up to when you can query someone's e-mail address and it will locate any profiles they have at over 100 social media websites. This is a good way to verify an individual is who they say they are.

Only in a last resort would a turn to photo ID and this is in an instance whereby a customer is being insistent that they wish to sign up but don't pass the checks above. If they really want to be a customer still, then they just need to adhere to that.

Even I get flagged for fraud when signing up for new suppliers because our business is in Canada, but I'm in the UK. Big address mismatch there. That's why automatic rejection shouldn't be enabled, because you are still turning down legitimate business in some instances.

nuwebhosting 09-27-2016 05:34 AM

Very good points, it doesn't work for all, hence manual approvals are in place. We cut to the chase, if they want to be our customer then there shouldn't be an issue. When I was internal with one of the GIANTS in the industry, the reps, all they did was manually enter in clients credit cards over the phone, " Literally " using the front page of the site and simply creating an account for them, even then if fraud activity was detected, they would go to the fraud department, where a photo id would be required. Keeping in mind, all of our phone calls are recorded and we have the option of going back to review, if / when the customers call in for their orders. Unfortunately no social media profiling. With all the hacks going around with stolen customer cc #'s always a safe bet to put into practice fraud prevention.

SenseiSteve 09-27-2016 06:20 PM

Fraudulent orders? Those are rampant in this industry. You simply have to do your best to weed those out. If that offends some prospects, so be it. The risks are too high to allow fraud to pass through.

nuwebhosting 09-29-2016 01:09 PM

Quote:

Originally Posted by SenseiSteve (Post 195041)
Fraudulent orders? Those are rampant in this industry. You simply have to do your best to weed those out. If that offends some prospects, so be it. The risks are too high to allow fraud to pass through.

I couldn't agree more, a blacklisted IP is a blacklisted IP! Simply do not need that sort of aggravation. There are far too many good folks as opposed to bad, takes away from the dedicated ones, it's frustrating!

EuroVPS 10-04-2016 08:49 PM

We screen each order first, If it passes great, if not well we request govt issued ID. Normally not an issue.

serverbundle 10-04-2016 11:55 PM

A Govt issued ID should be good enough. You can also do telephone verification.

easyhostmedia 10-09-2016 04:34 PM

Quote:

Originally Posted by serverbundle (Post 195206)
A Govt issued ID should be good enough.

No good in the UK as these are not issued as standard

xtm_mike 10-10-2016 01:21 PM

I use MaxMind and a little common sense, it's worked well so far :)

HostLand-H 10-12-2016 12:05 PM

Quote:

Originally Posted by nuwebhosting (Post 195008)
Hi Everyone,

Are there any other hosting providers here that get numerous Fraudulent orders? We tend to receive multiple at least per day from countries and proxied IPs. Our system automatically blocks these. How do you normally handle this? We usually ask for a photo id if we think it's in error. However the backlash can be devastating so we remain very careful in proceeding forward. Thankfully never had an issue of backlash, would like to keep it that way.

Any insight?

In short, yes. We use MaxMind and FraudRecord in an effort to combat fraud orders. If the scores are low we'll closely monitor usage etc on the server and take it from there.

Harry

Optimidia 10-12-2016 11:57 PM

We use FraudLabs Pro and so far it has worked great! They even got a small plan for those who don't need that many requests.

techto 10-14-2016 09:46 PM

Well we also get fraud orders with the same ip it gets automatically rejected by if there is fraud order by changing ip and using some apps which make you 100% anonymous do you have any solution for that.

easyhostmedia 10-15-2016 02:24 AM

Quote:

Originally Posted by techto (Post 195515)
Well we also get fraud orders with the same ip it gets automatically rejected by if there is fraud order by changing ip and using some apps which make you 100% anonymous do you have any solution for that.

Yes don't accept orders from Proxy IPS.

If we get a fraud order even if it does not get through we will always block the CIDR

Optimidia 10-23-2016 01:19 PM

From what I spoke with the MaxMind guys the proxyScore they provide does not always guarantee they are under a proxy, meaning you will have to do some research yourself anyways (I had someone using another hosting provider's IP address to register) so that still needs to be done manually. How well does FraudRecord perform for those who have been using it? Is it accurate and how does it handle false positives?

easyhostmedia 10-23-2016 01:33 PM

Quote:

Originally Posted by Optimidia (Post 195675)
How well does FraudRecord perform for those who have been using it? Is it accurate and how does it handle false positives?

Fraudrecord just allows you to check a order by making a query on the clients name, email etc. and will show up any other hosts that have had dealings with the client and why they were reported.


All times are GMT -6. The time now is 03:36 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0