Quite a simple one this. Some businesses in this industry have come to rely on automated fraud detection. It's great configuring your billing system to automatically flag orders with a MaxMind score that's above X amount. But it's just not enough.
Across all of our hosting businesses, I have instructed stringent manual reviewing of each order. For us, it's:
MaxMind Scoring - This is done by default but no order is automatically setup or declined.
FraudRecord Scoring - The staff member reviewing the order should manually conduct a FraudRecord review of the client. The score should then be logged on the clients record. If anything suspicious arises in the report, then this is stickied and the order is refused.
Social Media Profiling - The truth is, that as much as we hate it, we all have a social media footprint these days. Very few people don't have one of some description. There are websites you can sign up to when you can query someone's e-mail address and it will locate any profiles they have at over 100 social media websites. This is a good way to verify an individual is who they say they are.
Only in a last resort would a turn to photo ID and this is in an instance whereby a customer is being insistent that they wish to sign up but don't pass the checks above. If they really want to be a customer still, then they just need to adhere to that.
Even I get flagged for fraud when signing up for new suppliers because our business is in Canada, but I'm in the UK. Big address mismatch there. That's why automatic rejection shouldn't be enabled, because you are still turning down legitimate business in some instances.