Order Verification Techniques

[hostinghouston]

Hey guys,

I had this idea based on another thread. Someone mentioned that they had a large number of chargebacks and fraud for dedicated servers they sell. They wanted to know what other processors they could use to combat this.

It was suggested that perhaps the verification after order should be a starting point for them to look at and how they handle this.

To help them and also to help everyone else, I wanted to ask you the following questions:

How do you verify your orders?
Do you ask for photo ID?
Do you only verify high dollar orders by phone, or every single order?
What is your chargeback / fraud rate on average?
Finally, do you think it matters what payment gateway / processor you use? in other words, would you say accepting PayPal over 2Checkout or Google Checkout increases the potential for fraud?

 

[dedideals]

Depends what the order looks like, anything bad with the address, minimum of a call.

Looks high risk, proxy and from a country such as Pakistan, Iraq, brazil etc, always ask for ID and call.

No matter what processor you use, they can all do chargebacks each just have different rates.

Just look at the order and think, well is it fishy? Email and ask them what they want it for, thank them for the order and ask what their intentions of use are, watch out for large IP requests and then sudden rDNS requests - Watch for a server purchased and left un touched for several days or weeks, this is a common one.

Just use your head is all you can do but for dedicated servers at least a call is made for verification and an email to see if they respond.

 

[Cloudcom]

Yes, it is common practise, I would suggest phone verification and SMS, OTP, WHMCS has this feature. Additionally check for purchases made by past verified clients, they aren't checked, we had lots of this clients go under fraud hammer.

 

[VPS9.net]

You can also use 3rd Party Verifications such as Maxmind for this.

 

[NW-Dan]

Honestly, we use maxmind for a fraud check.

We verify by asking the client what they will be using the hosting for and how many emails they send on average monthly. If we don't like the response then we ID verify. If we don't get a response or the response is silly, for example, I had a user respond "please just give me hosting", we cancel and refund.

 

[MikeHobgood]

How reliable is Maxmind? Do you ever find orders missed by Maxmind? Are you on the free version or paid version?

 

[NW-Dan]

How reliable is Maxmind? Do you ever find orders missed by Maxmind? Are you on the free version or paid version?

We are on the free version. We generally use it to see the score and distance from IP. Really though any spammer will use a proxy so it doesn't really matter.

For those that we deem to be high risk we ask for an ID.

What it really comes down to is if we want to do business with that person or not. A quick google search on the domain if it's not new will tell you a lot. I screen everyone personally and so far we haven't had a single issue.

 

[VPS9.net]

Maxmind scores really very good and filters the orders perfectly with a specific reason.

 

[oneilonline]

For the most part, since majority of our payments are through PayPal, we use Paypal's validation. We track IPs for all of our pages and processing, so if something looks suspicious we'll check their IP location, address, and call them if needed to verify. Bottom line, if we still can't verify, we just don't accept the order. Better safe than sorry!

 

[Stream101]

For the most part, Maxmind and Paypal catch 95% of the "Bad Guys" while our staff screens the rest manually. We manually accept all orders during business hours, and again the following day it was after hours. Its much easier to check on each client right away, then to find out they are doing chargebacks on you,

 

[web-project]

we using fraudrecord.com + Maxmind, very rare ask for ID, as if the Maxmind risk score 99% - means definitely will be high risk order, much easier decline the headache

 

[jainy25]

Maxmind does a fairly good job. The only problem is when it blocks the orders of a genuine client from a high-risk country. And sometimes it blocks orders because it considers some IP addresses 'bad'. Doesn't leave a good first impression to some people.

But then it is a mandatory measure.

And of course, in case Maxmind misses a fraud order, then Paypal is good enough to block the payment quickly.

So we can still afford to keep order setups automatic since fraud detection doesn't take more than 2-3 hours in most cases.

Even in case of domain orders, once blocked by Paypal, we are able to cancel the domain registrations in 5 days. So very rare chance of suffering a loss because of fraud.

But of course, prevention is better than cure and that's why we'd like Maxmind to be a little more accurate.

 

[Alex - A2 Hosting]

Maxmind does a fairly good job. The only problem is when it blocks the orders of a genuine client from a high-risk country. And sometimes it blocks orders because it considers some IP addresses 'bad'. Doesn't leave a good first impression to some people.

But then it is a mandatory measure.

And of course, in case Maxmind misses a fraud order, then Paypal is good enough to block the payment quickly.

So we can still afford to keep order setups automatic since fraud detection doesn't take more than 2-3 hours in most cases.

Even in case of domain orders, once blocked by Paypal, we are able to cancel the domain registrations in 5 days. So very rare chance of suffering a loss because of fraud.

But of course, prevention is better than cure and that's why we'd like Maxmind to be a little more accurate.

Well if you prefer in your control panel (Of MaxMind) you can set the rules to ignore specific (or all) high risk countries. Then the fraud factors will be based on everything but ignoring this factor.

Of course everyone doesn't like to be hit by fraud prevention tools but the majority will understand why, especially if you explain it to them in a friendly tone why and how they can quickly proceed.

Chances are, if they are unwilling to provide you with ID or what ever is used for fraud verification, they are a fraudulent customer anyway (Though not always!).

 

[jainy25]

Well if you prefer in your control panel (Of MaxMind) you can set the rules to ignore specific (or all) high risk countries. Then the fraud factors will be based on everything but ignoring this factor.

Of course everyone doesn't like to be hit by fraud prevention tools but the majority will understand why, especially if you explain it to them in a friendly tone why and how they can quickly proceed.

Chances are, if they are unwilling to provide you with ID or what ever is used for fraud verification, they are a fraudulent customer anyway (Though not always!).

The problem is you cannot block certain high-risk countries. Not in the free version of Maxmind at least. Either you select the option to block all high-risk country orders, or you don't choose that option at all.

Fortunately, most of our genuine customers have been patient in such situations and usually file a ticket to let us know about their order being blocked.

Yeah. We haven't really needed ID proof so far yet apart from EU domain registrations. In fact people registering .EU domains themselves give their ID proof without our need of asking them for it.

 

[komodovpn]

There's actually a WHMCS module released that further helps client verification on new orders.

It's posted here on WHT: http://www.webhostingtalk.com/showthread.php?p=8844969#post8844969

It helps automate the point of contact between the provider and the client, and it will prompt the client to submit identification to further verify the order or to prevent fraudulent orders.

Very useful in my opinion since WHMCS on it's own does not have this feature.

 

[Alex - A2 Hosting]

There's actually a WHMCS module released that further helps client verification on new orders.

It's posted here on WHT: http://www.webhostingtalk.com/showthread.php?p=8844969#post8844969

It helps automate the point of contact between the provider and the client, and it will prompt the client to submit identification to further verify the order or to prevent fraudulent orders.

Very useful in my opinion since WHMCS on it's own does not have this feature.

Sounds interesting. Can this be tied with MaxMind so if fraud score is x+ then the fraud options will be present client-side?

 

[MSH-Matt]

How reliable is Maxmind? Do you ever find orders missed by Maxmind? Are you on the free version or paid version?

Maxmind has worked great for us! We've had several fraud accounts come through but maxmind stopped them from ordering. We actually have the free version and it works good!:thumbup:

 

[komodovpn]

Sounds interesting. Can this be tied with MaxMind so if fraud score is x+ then the fraud options will be present client-side?

Yes, I believe so. Based on the features listed.

 

[MikeHobgood]

We use MaxMind as well and have had good results. That plugin definitely looks like something we will be trying out, thanks for the share!

 

[traxt]

For high dollar and some countries, always check address and if something is wrong call