Credit Card Fraud with Domain Purchases

[LittleCreek]

What has been preventing me from becoming a domain reseller is the question of what happens when somebody purchases a domain with a stolen credit card? Sometimes this doesn't get found out for a couple of months. The bank then does a chargeback but there doesn't seem to be a way for the merchant to get a refund on the domain purchase.

Do you guys have to deal with that at times?

 

[easyhostmedia]

What has been preventing me from becoming a domain reseller is the question of what happens when somebody purchases a domain with a stolen credit card? Sometimes this doesn't get found out for a couple of months. The bank then does a chargeback but there doesn't seem to be a way for the merchant to get a refund on the domain purchase.

Do you guys have to deal with that at times?

well in that case if you are using resellerclub then you can lock the domain, this will prevent them from moving the domain away. you can also suspend the domain, so it will not work. also in resellerclub you can suspend the users account, so they can not get access to the domain, you can also change the nameservers for the domain, so it will not point to any of their pages. yes you may have lost money , but you can prevent them from making use of the domain

 

[WiredBladeCom]

You will have to implement your own fraud checking system. You can check the AVS, CVV2 code, customer's location by IP, if he has tried multiple credit cards, if the address provided is legit etc. Make a scoring system , for example, if the AVS code is N, minus 10 points, if the IP address matches give 10 points. The score should be over 0, otherwise, you do not process the order.

 

[MikeDVB]

What has been preventing me from becoming a domain reseller is the question of what happens when somebody purchases a domain with a stolen credit card? Sometimes this doesn't get found out for a couple of months. The bank then does a chargeback but there doesn't seem to be a way for the merchant to get a refund on the domain purchase.

Do you guys have to deal with that at times?

Yes - it's the cost of offering domains unfortunately.

I worried about this too back when we started offering domains as originally we offered hosting only. It turned out that offering hosting without domain registration options was not the best way to go about it.

We charge a little more than our cost and in the grand scheme of things we make a little profit off of them even with the few that do get fraudulently registered.

When a domain is registered and then charged back / disputed / etc - we take possession of the domain until the issue is resolved.

There have been a few cases where we've refused transfers out due to outstanding billing issues but that's rare.

 

[MikeDVB]

It's also worth noting that the chargeback fee on a credit card transaction tends to be $15 or more - so even if you were able to get the domain refunded - you're still going to be at a net loss on the transaction.

 

[WebHostGlobeCom]

You can put in place a fraud checking system such as MaxMind which allows you to view the customer's IP address and location etc. before you can decide whether to proceed with the order or not

 

[MikeDVB]

You can put in place a fraud checking system such as MaxMind which allows you to view the customer's IP address and location etc. before you can decide whether to proceed with the order or not

You can do everything that MaxMind does - manually - and for free [but it takes your time]. That said MaxMind is cheap.

One thing to keep in mind is to get full benefit out of MaxMind you will need to pass some credit card details to them [like the BIN number of the card, or the first 4 digits]. We, for example, don't actually touch CC details - we send it right to Stripe and all we get back is a token for recurring billing.

Most registrars I've worked with also allow the deletion of a new domain registration within 24 hours with a refund.

 

[easyhostmedia]

Most registrars I've worked with also allow the deletion of a new domain registration within 24 hours with a refund.

I have seen some offer 3 days to cancel and refund a domain registration. but we use resellerclub and just lock a domain and then suspend the user so they have not control of the domain.

we have only been hit twice with a fraud registration.

1 domain i sold on a domain selling service and got £125 for a £12 domain, so this covered all the costs around the fraud.

the other one i sold this to another client, lucky no chargeback fees associated with the domain as the client was terminated for using his account for phishing and i refunded his payments.

 

[MikeDVB]

ResellerClub will do it within 24 hours.

 

[easyhostmedia]

ResellerClub will do it within 24 hours.

yes, but sometimes it is past 24 hrs before you are aware of anything wrong.

what i do now is i never hold a credit within my resellerclub account, so if a domain is registered then it will not complete until i add funds to resellerclub. This way i can check to see if a domain is legit.

I had 1 client who passed all the checks and about 3 weeks after joining he tried to reg the domain paypal-finance-services.co.uk. This a clear phishing scam in the making, so no domain registration and client terminated

 

[MikeDVB]

yes, but sometimes it is past 24 hrs before you are aware of anything wrong.

I was discussing steps you can take to avoid that - such as MaxMind and/or reviewing orders manually.

If it makes it past 24 hours and you don't notice - you're probably not going to notice until you get a chargeback.

 

[easyhostmedia]

I was discussing steps you can take to avoid that - such as MaxMind and/or reviewing orders manually.

If it makes it past 24 hours and you don't notice - you're probably not going to notice until you get a chargeback.

but some can pass maxmind with a genuine domain etc., but then reg. a new domain later on.

I use maxmind and fraudrecord, i have seen some pass maxmind, but flag warnings when checked on fraudrecord.

i never auto setup accounts, every order i get is checked with fraudrecord even if maxmind say they are OK

 

[LittleCreek]

what i do now is i never hold a credit within my resellerclub account

So if you don't have credit in your account resellerclub still holds it as a pending purchase? That's a good idea.

 

[easyhostmedia]

So if you don't have credit in your account resellerclub still holds it as a pending purchase? That's a good idea.

yes it is pending until you give RC some money, so allows you to carry out check on the buyer before you lose money. if its fake you just cancel the order and refund the card/paypal if they have paid, but you are not stuck with a domain and down the wholesale cost of the domain

 

[MikeDVB]

but some can pass maxmind with a genuine domain etc., but then reg. a new domain later on.

I have never had a legitimate user come back at a later date and commit fraud... But hey - I've only been doing this 9 years .

I use maxmind and fraudrecord, i have seen some pass maxmind, but flag warnings when checked on fraudrecord.

Indeed - I didn't suggest anywhere that one could or should rely solely on MaxMind. It is just one tool in the process.

i never auto setup accounts, every order i get is checked with fraudrecord even if maxmind say they are OK

Ah - well that's your decision.

yes it is pending until you give RC some money, so allows you to carry out check on the buyer before you lose money.

I find it interesting that you're worried enough about this that you would add funds on a domain-by-domain basis. It does make it seem like your volume is extremely low - at least at a glance as a third party.

if its fake you just cancel the order and refund the card/paypal if they have paid, but you are not stuck with a domain and down the wholesale cost of the domain

$9 isn't much in the grand scheme of things unless you're brand new or extremely low-volume.

 

[easyhostmedia]

I have never had a legitimate user come back at a later date and commit fraud... But hey - I've only been doing this 9 years .

never said that, you could get a user that signs up and passes all the processes, so is accepted, they then register a domain that would imply some sort of illegal activity

I find it interesting that you're worried enough about this that you would add funds on a domain-by-domain basis. It does make it seem like your volume is extremely low - at least at a glance as a third party.

not worried, just the way i have done things since i started in 1999. It is another security step

$9 isn't much in the grand scheme of things unless you're brand new or extremely low-volume.

but to a savvy consumer who will check the SSL status a free SSL will flag suspicions. personally when i shop online and if its not a site i have used before i will check the SSL status, i will check the whois details and even the IP the site is on.

 

[MikeDVB]

never said that, you could get a user that signs up and passes all the processes, so is accepted, they then register a domain that would imply some sort of illegal activity

Sure - and most billing systems have the option to put *every* order up for review even for existing clients.

not worried, just the way i have done things since i started in 1999. It is another security step

But are your margins so small that you have to go through the extra work or is your volume so small that it's just not a problem at all?

I'm not attacking you - hopefully your response makes more sense to me .

but to a savvy consumer who will check the SSL status a free SSL will flag suspicions.

How did SSL enter this discussion? I'm talking about the cost of the domain [~$9 in most cases] - what you stand to lose if it's fraudulently ordered and you don't catch it.

 

[MangoXchange]

It always better to verify it before going live registration.

 

[rectified]

We keep enough margin when we sell hosting or domains to even cover the cost of some fraud/chargeback and use a registrar that offers you refund in case you cancel the domain within 2-3 days, ResellerClub allows you to cancel most of the TLD and get refund within 2-3 days, they charge 0.50$ or 1$ and refund you the reset of the amount (Not sure about the exact time period) but usually 2-3 days are enough to do proper fraud check, sometimes we have to wait for client to provide verification documents etc... for high risk orders.

We provide live and instant registration and never had any major trouble with it, just sell at a price so that you can cover the cost of some fraud/chargeback as well

 

[easyhostmedia]

We provide live and instant registration and never had any major trouble with it, just sell at a price so that you can cover the cost of some fraud/chargeback as well

What you charge for domains would never cover a chargeback fee.

but if you have enough security systems in place then a fraudster would not get to the point of completing any order in the first place.