How do you know if your customer is who they say they are?

[Chris_13]

This is somewhat related to the fraud thread but I wanted to start a new thread to avoid any confusion.

How can we determine if our customer is who they say they are and that the credit card or other means of electronic payment is valid and belongs to them? Is there a way?

Also, what liability is there if one of these dishonest people actually makes a purchase and then later we find out that they weren't the original card holder?

Chris

 

[bugasoft]

A fraud detection system with a phone verification option will reduce the fraudulent orders very much (and also block some non fraudulent ones)

But you can't be sure 100% so i think you will find if is a fraudulent order or not after the real owner of the cc will make a complain:twocents::twocents:

 

[bobchrist]

I think phone verification is must, also do not accept order unless you receive complete information that should include, name, full address, email address and phone numbers.

 

[ValueSERVER]

we also had massive fraud problems and since we use MaxMind it is getting much better.

 

[Chris_13]

I understand the need for a phone verification process. I'm not sure how that will help me. I know if I do a transaction with a bank or something online I have to enter the phone number that matches the account. If I am setting this up how will I know this? Would it be easier to require them to use something like PayPal who can do the verification for me?

Chris

 

[AbbieRose]

Even paypal can be faked because you can have a paypal account that isn't linked to a bank account. You just use a verified paypal account to send money to it.

But that's the thing-verification. That's what you need to look out for-it means that the account is linked to a real bank account, and so if you only accept verified paypal accounts you have a better chance.

 

[ezhostingwizard]

We do a call back with all our orders.
We do not post that we do but all orders are call back verify

 

[chatterbox]

Call back is a good idea

Even registrars do this with domain purchases, or at least some of them do. Out of three that I've used, both godaddy and dotster required phone numbers and called me to check in. At the time I was thinking this was to my benefit since they asked if I was satisfied and if I needed any help, but now I'm realizing that it also improves their fraud prevalence.

 

[AlexCourtney]

Personally think about talking to other hosting supplier and/or friends if your only a small hosting supplier on the net, only. If you're not only on the net (i.e. a limited company, or plc, etc), fruad detection would be a great idea. Its entirely up to you how you put it - I see it as they pay the bill, no problems - but whenever I've owned a web supplier, I've always made a relationship with my clients so they are not just a billing number on our billing system.

 

[HivelocityJJ]

I have configured MaxMind to screen all orders. I have not enabled the phone verification feature, as I don't see a use for it currently. The only time I call to verify an order is when a dedicated server is purchased. If I see an order that could possibly be fraudulent, I usually do a whois on the domain and see if 1) the domain exists and 2) if the account holder is the legal registrant of the domain.

 

[vexxhost]

MaxMind + manual checking of every order, once you get a lot of fraud orders, you can see the little hole which will most of the time be an IP of a server or such.

 

[HivelocityJJ]

MaxMind + manual checking of every order, once you get a lot of fraud orders, you can see the little hole which will most of the time be an IP of a server or such.

The IP/hostname the customer uses to sign up for hosting usually gives them away -- if you know what to look for.

 

[RHMike]

We also use fraud prevention with phone verification. It checks the address on the credit card number, and then the phone number, and then the IP. It uses that and the information provided to find out where the client is located, and how close that IP/phone number is to their actual location.

 

[AbbieRose]

Ok so some of you can see these coming by the names and IPs. Now what is the problem with the fraudulent accounts, if they are paying the bills?

Is it that these are the most likely to be involved with spamming and with blackhat sites?

 

[rylie]

I've always wondered about giving my account info to customer service agents themselves. Who's to say that one might not take my credit card info and go on a wild shopping spree with it? This is one of the many reasons I choose to either order by mail or order online myself without the help of any CSR.

 

[AbbieRose]

Yes, I have wondered about that too. Even online systems or ordering by mail is no protection. Your mailed letter has to be handled by someone at that end-what's to stop them from writing down the numbers? And online-your info is stored supposedly encrypted, but can it be read-does the web owner hold the encryption key?

I am a paranoid Annie at times.

 

[nutty professor]

Phone verification is the conventional method adopted, still in use to date.

 

[SclekHosting]

Well when someone purchased from a stolen paypal account, the paypal account owner messaged me and asked why is there a payment to me. And I said they ordered hosting. And eventually I refunded the paypal order and report the fraudster to the ISP. Then according to the ISP the fraudster had their internet cut off after that.