Fraud Prevention

nuwebhosting

New member
Hi Everyone,

Are there any other hosting providers here that get numerous Fraudulent orders? We tend to receive multiple at least per day from countries and proxied IPs. Our system automatically blocks these. How do you normally handle this? We usually ask for a photo id if we think it's in error. However the backlash can be devastating so we remain very careful in proceeding forward. Thankfully never had an issue of backlash, would like to keep it that way.

Any insight?
 
Quite a simple one this. Some businesses in this industry have come to rely on automated fraud detection. It's great configuring your billing system to automatically flag orders with a MaxMind score that's above X amount. But it's just not enough.

Across all of our hosting businesses, I have instructed stringent manual reviewing of each order. For us, it's:

MaxMind Scoring - This is done by default but no order is automatically setup or declined.

FraudRecord Scoring - The staff member reviewing the order should manually conduct a FraudRecord review of the client. The score should then be logged on the clients record. If anything suspicious arises in the report, then this is stickied and the order is refused.

Social Media Profiling - The truth is, that as much as we hate it, we all have a social media footprint these days. Very few people don't have one of some description. There are websites you can sign up to when you can query someone's e-mail address and it will locate any profiles they have at over 100 social media websites. This is a good way to verify an individual is who they say they are.

Only in a last resort would a turn to photo ID and this is in an instance whereby a customer is being insistent that they wish to sign up but don't pass the checks above. If they really want to be a customer still, then they just need to adhere to that.

Even I get flagged for fraud when signing up for new suppliers because our business is in Canada, but I'm in the UK. Big address mismatch there. That's why automatic rejection shouldn't be enabled, because you are still turning down legitimate business in some instances.
 
Very good points, it doesn't work for all, hence manual approvals are in place. We cut to the chase, if they want to be our customer then there shouldn't be an issue. When I was internal with one of the GIANTS in the industry, the reps, all they did was manually enter in clients credit cards over the phone, " Literally " using the front page of the site and simply creating an account for them, even then if fraud activity was detected, they would go to the fraud department, where a photo id would be required. Keeping in mind, all of our phone calls are recorded and we have the option of going back to review, if / when the customers call in for their orders. Unfortunately no social media profiling. With all the hacks going around with stolen customer cc #'s always a safe bet to put into practice fraud prevention.
 
Last edited:
Fraudulent orders? Those are rampant in this industry. You simply have to do your best to weed those out. If that offends some prospects, so be it. The risks are too high to allow fraud to pass through.
 
Fraudulent orders? Those are rampant in this industry. You simply have to do your best to weed those out. If that offends some prospects, so be it. The risks are too high to allow fraud to pass through.

I couldn't agree more, a blacklisted IP is a blacklisted IP! Simply do not need that sort of aggravation. There are far too many good folks as opposed to bad, takes away from the dedicated ones, it's frustrating!
 
We screen each order first, If it passes great, if not well we request govt issued ID. Normally not an issue.
 
Hi Everyone,

Are there any other hosting providers here that get numerous Fraudulent orders? We tend to receive multiple at least per day from countries and proxied IPs. Our system automatically blocks these. How do you normally handle this? We usually ask for a photo id if we think it's in error. However the backlash can be devastating so we remain very careful in proceeding forward. Thankfully never had an issue of backlash, would like to keep it that way.

Any insight?

In short, yes. We use MaxMind and FraudRecord in an effort to combat fraud orders. If the scores are low we'll closely monitor usage etc on the server and take it from there.

Harry
 
We use FraudLabs Pro and so far it has worked great! They even got a small plan for those who don't need that many requests.
 
Well we also get fraud orders with the same ip it gets automatically rejected by if there is fraud order by changing ip and using some apps which make you 100% anonymous do you have any solution for that.
 
Well we also get fraud orders with the same ip it gets automatically rejected by if there is fraud order by changing ip and using some apps which make you 100% anonymous do you have any solution for that.
Yes don't accept orders from Proxy IPS.

If we get a fraud order even if it does not get through we will always block the CIDR
 
From what I spoke with the MaxMind guys the proxyScore they provide does not always guarantee they are under a proxy, meaning you will have to do some research yourself anyways (I had someone using another hosting provider's IP address to register) so that still needs to be done manually. How well does FraudRecord perform for those who have been using it? Is it accurate and how does it handle false positives?
 
How well does FraudRecord perform for those who have been using it? Is it accurate and how does it handle false positives?

Fraudrecord just allows you to check a order by making a query on the clients name, email etc. and will show up any other hosts that have had dealings with the client and why they were reported.
 
Fraudrecord just allows you to check a order by making a query on the clients name, email etc. and will show up any other hosts that have had dealings with the client and why they were reported.

Yes, I did read that. What I was asking is how reliable do you find it to be and how does it handle false positives? How do you follow up to make sure also the hosting company isn't at fault?
 
Yes, I did read that. What I was asking is how reliable do you find it to be and how does it handle false positives? How do you follow up to make sure also the hosting company isn't at fault?

I find it very useful, but if the query shows several hosts have filed a report then it would be a false positive.

You need to use your initiative when reading these to see if you are willing to take a risk.

Fraudrecord is not just used to report fraud as such.

If we have a client who does not pay his invoice and in turn gets suspended and then terminated then it is not really major fraud, but like some hosts i will place a report on fraudrecord with a 1 or 2 mark with a comment that they failed to pay invoice and was terminated as this helps other hosts to make a choice if they do a check to take the risk with this client.
simple things to look out for when clients sign up is strange names, strange address details and strange phone numbers and email addresses that come from free email providers other than yahoo or gmail. this will be signs of possible fraud.
you soon learn to pick up the signs before ordered are completed
 
Yes most definitely, this is part of the game when it comes to web hosting and almost any online business.

Hosting is probably a bigger target due to the amount of damage a spammer for example can do in a short space of time and as it's virtual they face any consequences as a result.

I would recommend using as many automated tools as possible but always manually review each order as well. That will give you the greatest chance of catching fraudulent orders
 
Top