Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Thoughts on Fraud Detection Systems
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Thoughts on Fraud Detection Systems

I have been looking for a good fraud detection system, and so far we have been using both MaxMind and FraudRecord. But it seems like MaxMind's servers randomly go down and when WHMCS cannot connect to the servers, it marks the order as fraud by default. We have lost quite a bit of sales because of that. We did troubleshoot if the issue was on our end but it seems like it was on their end.

So, we're thinking about not using MaxMind anymore, do you guys have any suggestions for alternatives and have you experienced simiar things?

Comments

  • We have been using MaxMind for about 4 months now with no issues. We have had to tweak the threshold of when it flaggs as fraud as we set it a bit too low originally, but its what we always used.

    I cant think of any others im afraid though...

    Thanked by 1ksubedi
  • Rewrite the Maxmind module so that in the event of failure to get a response it marks the order as pending.

    Thanked by 1ksubedi
  • @MarkTurner said:
    Rewrite the Maxmind module so that in the event of failure to get a response it marks the order as pending.

    That's a great idea i didnt even think of that, I hope the source code is not encoded using ioncube or anything.

  • @ksubedi - it is but you can request the source from WHMCS or ask them for a sample module.

  • Maxmind is easy to bypass.. Just create a fake ID using fakenamegenerator and make the location fields match your IP address. If you do this then you'll always pass. Fraudrecord is a much more smarter way of detecting potential troublemakers but it is a flawed and biased system - use the LET search function to lookup the recent FR threads and you'll see.

    There definitely needs to be a new system for this.

    Thanked by 2ksubedi 4n0nx
  • Fraudrecord and manual checks for large orders, I tried maxmind and it's not the best :(

  • linuxthefish said: I tried maxmind and it's not the best :(

    Yep, MaxMind fail most of the time.

    Thanked by 1IceCream
  • There is another anti-fraud provider included in WHMCS by default.

  • What MarkTurner said. A bad workman blames his tools... I'd hope any provider can create a simple workaround for such a circumstance.

  • @ricardo said:
    What MarkTurner said. A bad workman blames his tools... I'd hope any provider can create a simple workaround for such a circumstance.

    Then what would be your "simple" workaround in this case?

  • @ksubedi

    I think most big businesses will use a yellow pages type api and if the phone on the api matches what the user input they can send a voice verification and then allow the order if not then put a pending type order.

    Thanked by 1ksubedi
  • @Stevie said:
    ksubedi

    I think most big businesses will use a yellow pages type api and if the phone on the api matches what the user input they can send a voice verification and then allow the order if not then put a pending type order.

    Maxmind does a similar thing I think. I have requested WHMCS for source of the module so that I can change a few things here and there. Hopefully they will respond.

  • @ksubedi

    Honestly I think there is no easy way to detect fraud or bad customers.

    You can ask for your customers to email/fax there country id but then: You will lose customers who do not like sharing there information for whatever reason, or someone can just use a fake or stolen ID.

    You can use sms/phone verification but it is so easy to use VOIP/SMS Cloud apps.

    There is no "simple" way.

    Not to mention the amount of paypal fraud :-(

  • @Stevie said:
    ksubedi

    Honestly I think there is no easy way to detect fraud or bad customers.

    You can ask for your customers to email/fax there country id but then: You will lose customers who do not like sharing there information for whatever reason, or someone can just use a fake or stolen ID.

    You can use sms/phone verification but it is so easy to use VOIP/SMS Cloud apps.

    There is no "simple" way.

    Not to mention the amount of paypal fraud :-(

    I agree, there is no way to automatically prevent all fraud, but its good to have measures in place so that most can be filtered automatically. Maxmind is great except for the hiccups it's having once in a while. Chargeback fraud is really high, specially in the lowend market.

  • @ksubedi

    I do agree "better to have something then nothing" .

    bitcoin (with bitpay) could be a better but limited option to paypal, I say limited because there are not many people with bitcoins compared to paypal but bitcoin payments can not be reversed so that is a great feature.

  • ksubedi said: Then what would be your "simple" workaround in this case?

    My point is a lot of providers use WHMCS and it's a choice to. A competent provider shouldn't have an ongoing problem because "WHMCS does it that way". I'm not saying it's anything specific to you, just a case in point.

  • I have a proxy / VPN check to see if people are using proxies to order. It might be another data point you can use... sort of like a weak classifier in ADA boosting.

  • Need create fraud protection from worst sucked providers,not from buyers

  • Manual provision and good monitoring systems > anything in my humble opinion.

  • Stopping automated account delivery and having a human review each order prevents at least 80% of the fraud. But I've seen other providers let an order go through and then put a halt on the account 24 hours later and card the buyer. Thats a good way to piss off a new client, but many providers do it this way.

Sign In or Register to comment.