How Do You Implement KYC in Your Hosting Services?

Greenhost.cloud

Greenhost.cloud

Member
Hello everyone,

I'm interested in learning more about how different hosting providers implement KYC (Know Your Customer) procedures. What methods and practices do you use to verify the identities of your customers? Any insights or experiences you could share would be greatly appreciated! Thank you!
 
Are you referring to as taking on a new customer (fraud management) OR authentication upon login? Not familiar with the KYC lingo. :-)
 
We mainly utilise Maxmind with their 'Factors' offering, and orders that have been approved are manually checked - although Maxmind has been pretty solid and we haven't had a order slip through the net. There are a few other checks you can perform too such as checking what website is currently on the domain if they have signed up to web/reseller hosting to see if it's a legitimate website, check the internet archive to see what has been hosted on the website previously, and does WHOIS information match if it's not hidden.

If a order has been rejected due to a high risk score on Maxmind then we generally leave it, unless the customer reaches out to us regarding their rejected order then we will run through a quick confirmation process with them such as sending government approved ID, etc. We generally find those who have been automatically rejected and then reached out to us are legitimate customers.
 
Greenhost.cloud said:
I saw that it has a plugin to use in WHMCS, how does it work?
Click to expand...
It defaults to the following fields name, email, phonenumber, address and ip. You can optionally add the following fields: Domain Name or Hostname, Paypal Email, Secondary Email Address and Other (information).

I actually have a system on it's on script that I put together years ago that I run separately. The plugin for WHMCS doesn't automatically process anything, at least the version that I am running. The results you need to take with a grain of salt.

Essentially, each field is hashed on both ends. Therefore, the exact value has to match FraudRecord. They aren't storing anything other than hashes that you're comparing.

While another host could enter in data to keep you from taking on a client, it's still incredibly valuable. It'll show which host submitted matching data that reported it as fraud and they can provide feedback regarding the submission. IP and Email are the easy ones to check on.
 
OnTheCloud.co said:
It defaults to the following fields name, email, phonenumber, address and ip. You can optionally add the following fields: Domain Name or Hostname, Paypal Email, Secondary Email Address and Other (information).

I actually have a system on it's on script that I put together years ago that I run separately. The plugin for WHMCS doesn't automatically process anything, at least the version that I am running. The results you need to take with a grain of salt.

Essentially, each field is hashed on both ends. Therefore, the exact value has to match FraudRecord. They aren't storing anything other than hashes that you're comparing.

While another host could enter in data to keep you from taking on a client, it's still incredibly valuable. It'll show which host submitted matching data that reported it as fraud and they can provide feedback regarding the submission. IP and Email are the easy ones to check on.
Click to expand...

Interesting, I was thinking just the other week it would be useful if a service exists where hosts could share data like this to help combat fraud and back actors on our networks, and here it is :)

I will definitely take a look.
 
OnTheCloud.co said:
It defaults to the following fields name, email, phonenumber, address and ip. You can optionally add the following fields: Domain Name or Hostname, Paypal Email, Secondary Email Address and Other (information).

I actually have a system on it's on script that I put together years ago that I run separately. The plugin for WHMCS doesn't automatically process anything, at least the version that I am running. The results you need to take with a grain of salt.

Essentially, each field is hashed on both ends. Therefore, the exact value has to match FraudRecord. They aren't storing anything other than hashes that you're comparing.

While another host could enter in data to keep you from taking on a client, it's still incredibly valuable. It'll show which host submitted matching data that reported it as fraud and they can provide feedback regarding the submission. IP and Email are the easy ones to check on.
Click to expand...
Thank you, I'm not sure if it works according to GDPR rules in Europe because it uses user data.
 
SharedGrid said:
I would think it should be OK, the company seems to be based in a EU country and no actual readable data is sent, just hashes?
Click to expand...
If it's just hashes, I don't think there's a problem, but since I'm not sure about its functionality, I have to read the privacy policy and its rules carefully so that there's no problem using it.
 
Greenhost.cloud said:
If it's just hashes, I don't think there's a problem, but since I'm not sure about its functionality, I have to read the privacy policy and its rules carefully so that there's no problem using it.
Click to expand...
Yeah, from what I read the other day it seems as though the data is one-way encrypted and stored on their servers with no way of Fraud Record either knowing what the data is or decrypting it. The hashes are compared when a user looks up a email address.

Seems like an interesting service overall.
 
You must log in or register to reply here.

Supporters

Back
Top