Results 1 to 4 of 4
Thread: Preventing Fraud Signups
08-23-2004, 10:00 AM #1
- Join Date
- Mar 2004
Preventing Fraud Signups
When I started my first web hosting company, one of the biggest problems that occured was the fact I recieved alot of fraudulent signups. Therefore I am now writing this article with the hope that I can teach you something on how to prevent fraudulent signups and/or payments.
Credit card fraud can be a pain in the *** for web hosting companies and other companies. You might be wondering "Why? As long as I get my money, fraud is the card ower's problem", well it's not, it's one of our biggest problems. Fraudulent transactions often get reversed when they have been investigated and found out to be fraud. This means someone enjoyed your services, while the money you made with it, has been taken back. In some cases, you might even have spent the whole money, or invested it, which can result into negative balances and worse. So it is our task to prevent fraud. I'll try to give you some hints that will help you to drastically lower the amount of fraudulent signups.
The email address is very important. Let's take PayPal as example: If someone signs up with the email address firstname.lastname@example.org and his PayPal address is email@example.com, then something isn't right. You should put a notice on your website that the email address they enter on the signup page MUST equal his PayPal (or other) email address. Then you use THAT email address to send the account information to.
The IP address is also important. What I do, is compare the location (country, state and maybe also city) given in the signup form with the location of the IP address. You can use an IP Locator tool to check the location of an IP address. Those tools are mostly very accurate, but sometimes they are not. Now if you see that his PayPal (or credit card owner's) address information is somewhere in Germany and his IP address is located in the USA, then something is wrong. This might indicate the use of a proxy server. You should note on your signup page that proxy detectors are active and that any proxy should be disabled before continueing with the signup process.
It is important that the visitors of your website get the feeling that things are being checked and that anti-fraud actions are taken. The goal is to prevent fraud, not to just detect it. So to prevent fraud, you must give the credit card stealers the impression that you guys aren't the right people to mess with. You should put notices and warnings on your website and on the signup page that will scare off the bad people.
People who fraud mostly use free email services because they are anonymous and easy to register. If you see someone signup with a Hotmail, Yahoo or AOL email address, pay extra attention to them and their payments. A simple note on your signup form that you request to not use free email services if possible, would be a good thing. If someone doesn't use a free email service, but uses his own domain name, you might want to do a WHOIS on the domain name to ensure that the payment is safe. If the WHOIS information does not equal the signup information, it still doesn't mean that the payment is fraudulent, but if it DOES equal, you get a safer feeling for that signup .
Here is an overview of what I explained:
- Signup email and PayPal (or other payment processor) email MUST equal
- IP location and signup address location MUST equal (country & state)
- Put warnings on your site that explain which anti-fraud actions you are taking in order to scare off the people who fraud
- Think before you add an account
Also I would like to note: NEVER use instant account activation. ALWAYS activate/add hosting accounts manually, do NOT let a script do it.
I hope this article will help you guys out. Fraud can be a big issue for some companies. Luckely for us, the web hosting scene isn't such a big target for credit card fraud than some other scenes, such as: shell accounts, IRCd hosting, website templates and other web applications/scripts. However, actions STILL have to be taken by web hosting companies.
This article has been written by Pixelation for WebHostingChat.
08-23-2004, 10:12 AM #2webtechGuest
It is very helpful and nice. I have had same problem when I start it because I have use some automation script.
Mostly people are using whmautopilot. Would this check all the condition you mentioned.
08-23-2004, 11:12 AM #3
- Join Date
- Feb 2004
Very nice article! From somebody once in your place, I can feel your pain for sure. At a company I previously worked for it was my job to check through the dozens of sign ups a day and manually check for anything that looked fishy. Not fun, but well worth it when you think of the costs.The Web Hosting Show - The Voice of the Web Hosting World
Think of it as talk radio mixed with Web hosting discussion for both Web hosts and Web hosting clients! New episode every Monday!
08-26-2004, 03:53 PM #4
- Join Date
- Mar 2004
Yeah, fraud is no fun and brings up lots of problems. Not even the fraud itself but also preventing fraud: there are companies spending tons of money for anti-fraud solutions.