Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS ALWAYS flags me for fraud

WHMCS ALWAYS flags me for fraud

regsregs Member
edited September 2012 in Help

Anyone else having issues with this? It seems that there has been a recent update to WHMCS which causes any account I sign up with on any provider to be automatically cancelled for fraud. I thought it was exclusive to InceptionHosting but when I tried to sign up with BuyVM I received the same error.

I am entering all real information but I figured that it has to be one of two things. The first is I live in PA but have a California area code for my cell phone which should be a big issue as a lot of companies call the number and give me a code to input (Like in the case of Inception Hosting) but even if I enter the number I am STILL cancelled for fraud.

The other idea maybe some sort of Geo-Locating issue, I am right on the PA/Ohio border and my region is referred to as NEO or North East Ohio for Time Warner Cable but if I try to look up my IP it says that it is in PA.

Could anyone offer any insight into this? At first I was honestly offended because I felt like I was being treated as a criminal. I understand the need to protect yourself from fraudulent orders but it really is a shame when someone who wants to become a legitimate customer can't order service as a result and I can only assume fraudulent orders are probably STILL going through :(

EDIT: put two g's in flags

«1

Comments

  • Real frauds are getting through, it is like the immigration policy, you deny ppl from some country and only the criminals enter because they dont care about the law, as such, the initial deny of entry is justified... Now, besides Geo reasons, might be others, like proxies, maybe your account was compromised or computer and criminals use it, but most likely it is about geolocation. This is usually solved by making fake accounts and giving fake data. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • TazTaz Disabled

    Check your email address on Google and see if it is listed on any publicly accessible database. Try to use @domain.tld instead of free ones such as gmail, aol etc. Calculate the distance between your address and IP address. These are some of the red flags.

    Whenever we notice an automated fraud alert, we send email to user and ask for validation. Generally a copy of your govt. Issued id and proof of address such as mail/bill/driving license that reflects your original address. Then we manually validate those info and then simply remove those documents after 6 mo.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • @regs for example if the provider where you're trying to sign up is using MaxMind with the calling feature enabled and he forgot to add credit to his MaxMind account, then instead of a verification call you get flagged as fraud automatically. It's just one of the many possibilities, but don't think of MaxMind like it's this hi-tech piece of fraud prevention. It's in fact relatively primitive by modern standards. It could also be that AVS keeps failing, or if PayPal maybe you addresses don't match. Everyone is tightening security these days for good reason.

  • @Maounique said: This is usually solved by making fake accounts and giving fake data.

    Hell no, worst advice ever. This is solved by working with the provider - contact them and ask them to manually review your order, etc.

    Thanked by 1TheHackBox
  • JarJar Member
    edited September 2012

    Happened to me for a while because I used my cell phone. Despite that being my primary phone, it's location tracing to 10 miles away from me was just too much for maxmind. Apparently they don't take into account that I'm in America. Everything is 10 miles away from everything.

  • TazTaz Disabled

    @Maounique this is a terrible piece of advice. You know that if some how, your account with your provider gets compromised, there will not be a single thing you can do to get your account back.

    And living under the shed of false info and false safety will never help anyone.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

    Thanked by 1TheHackBox
  • I don't even get tot he PayPal part to pay the invoice, my paypal address on my account is a verified address and the same one I use to sign up.

    It probably is because I use a gmail account because time warner email is horrible, but I know my gmail hasn't been compromised because I use two-step authentication. Would you suggest using one of my domain email addresses ([email protected]) or would that cause more problems as it's a .be?

  • @rds100 said: This is solved by working with the provider - contact them and ask them to manually review your order, etc.

    If they ask for papers, providing that is the worst advice ever. Even keeping only for 6 months, in the hands of unscrupulous or poorly protected hosts it is dynamite. You can later fake the papers too, what do you have to lose ? Worst case you get rejected again or VPS is cancelled, big deal, exposing your identity for a couple of bucks a month is NOT worth it. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • Has happened to me several times because they mark my ISP as proxy (Virgin Media), when I submit ticket they explain this and sometimes don't require further proof from some sites but others ask for proof. Or of course there are many other factors such as distance from IP to address input etc

  • regsregs Member
    edited September 2012

    Yeah, it's probably something with my IP. Although if I use a geoip locator it shows up as the town right next to me (if i throw a baseball really hard it will land in the town) but if you check whois.sc it says Cleveland http://whois.domaintools.com/24.166.98.152 (in b4 ddos)

  • @Maounique Bad advice. If someone does something like this at our place chances are that he/she gets banned for good.

  • I get fake names sign up every day. It's fine, this isn't Facebook, just follow the rules.

  • regsregs Member
    edited September 2012

    I know that what Maounique is saying is bad advice but he does have a point. If I was doing fraud what would stop me from just doctoring some images and sending them in? Pretty much nothing which is why this is such a joke. All I believe this is doing is hurting legitimate customers.

    Which again I have nothing against companies trying to protect their businesses but I just wish there was an easier way. Sending someone a copy of my Driver's License isn't really that big of a deal, I always black out my dl number, and my home address is something that you could get very easy by typing my gmail email into google and finding my resume.

  • TazTaz Disabled
    edited September 2012

    @regs Any experienced provider can verify if an Id and documentation is fraud or no. Take this for some good gag :) http://blog.hostgator.com/2012/03/25/may-we-see-your-id-please/

    Plus faking ID and etc for 5-10$ is something an average fraudster would less likely would do. Takes lots of time for a little to less profit and plus, most of the fake signups are youngstars any way.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • @regs if shipping of a physical product is not involved then you don't need to provide a direver's license. Just make sure that all the information matches. MaxMind has been known to screw up before.

  • @Taz_NinjaHawk said: http://blog.hostgator.com/2012/03/25/may-we-see-your-id-please/

    I have the key which is generated out of the data for romanian IDs. If I have it, many crooks have it. I also have a blank ID I scanned in full detail when I was working for an ifriends provider back in 1999 or so, he was faking that to prove all model are of age (they were, but most didnt agree to give their real data). I can fake romanian IDs that cant be told except from looking in the database. I am not doing that, tho, because it would be illegal. Faking a name and address, even tho against ToS of all providers is not illegal, they can suspend me and keep the money (my fake identity will not go to courts to ask for pocket change) if they want to, but they would do that even if I was doing something illegal with the VPS, so nothing changed, crooks cannot be screened out this way, abusers will be caught and kicked because "nobody hides from pony" to quote a great former member of the community. When I will have the time will detail why is better to use fake data for LEBs or any deal that doesnt involve physical delivery under 5 $. I will rather lose the money than risk my identity with shady hosts. IPXCore is far from a summer host, yet Damian and many others consider they have the right to post customer info at their leisure, they can be police, prosecuters and jury to judge that customer's identy was fake. I can't trust that kind of judging, sorry for that. You can see i didnt mention the cases when hackers have access to WHMCS or other servers, when malicious outsourced employee is getting their hands on the papers, google a bit and crack paypal accounts and whatnot. 5 $ is not worth it, fox, no offense. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • @regs said: Real or Fake http://i.imgur.com/jRep6.jpg

    It says blue eyes but his eyes aren't blue, they are brown. ._.

    I work for VenexCloud.com

    Thanked by 1Taz
  • TazTaz Disabled

    @reqs Fake. Person in picture is around 27-45. YOB 1989 Eyes are not blue and missed some other details I will not reveal ;)

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • ZenZen Member
    edited September 2012

    Those 'fake ids' that hostgator posted are jokes, I've seen some real professional fake documents (passport, etc) and they're almost impossible to tell a difference over the internet.

  • regsregs Member
    edited September 2012

    Yeah it is fake, but I made it in about 10 min leaving out a few details. How many hosts would let that pass through though?

    Give me 10 more min, we'll try this again :)

  • TazTaz Disabled

    @regs said: Yeah it is fake, but I made it in about 10 min leaving out a few details. How many hosts would let that pass through though?

    Almost any kiddy host while 0 professional/real host.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • MaouniqueMaounique Member
    edited September 2012

    @Taz_NinjaHawk said: Almost any kiddy host while 0 professional/real host.

    I bet you will not be that sure if it was from another country than the US/UK, in another language, cyrillics and whatnot. Can you tell a fake greek ID ? Do you even know how that looks like ? What about those from Cyprus ? Norway ? Sure, it depends on quality, some can be told even like that, but that only means they did a bad job at it. Sure, you can deny everyone except the countries you can tell fakes from real ones, however, ANY ID, utility bill, whatever CAN be faked enough so NOBODY can tell the difference over Internet without access to ID database or some other form of access. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • @Maounique said: Sure, you can deny everyone except the countries you can tell fakes from real ones, however, ANY ID, utility bill, whatever CAN be faked enough so NOBODY can tell the difference over Internet without access to ID database or some other form of access.

    and how would you know this?

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

    Thanked by 1Taz
  • TazTaz Disabled

    @Maounique said: I bet you will not be that sure if it was from another country than the US/UK, in another language, cyrillics and whatnot. Can you tell a fake greek ID ? Do you even know how that looks like ? What about those from Cyprus ? Norway ? Sure, it depends on quality, some can be told even like that, but that only means they did a bad job at it. Sure, you can deny everyone except the countries you can tell fakes from real ones, however, ANY ID, utility bill, whatever CAN be faked enough so NOBODY can tell the difference over Internet without access to ID database or some other form of access.

    Please shoot me one of your romanian fake ids with fake utility info over pm, let me try out my luck (I have yet to deal with any romanian user so should be a great experience.)

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • TazTaz Disabled

    Try to send a real one as well and let me see if I can distinguish :)

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • MaouniqueMaounique Member
    edited September 2012

    You can understand that I cannot send you real ones :P M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • TazTaz Disabled

    @Maounique said: And what will that prove ? You will already know they are fake...

    Please read my second comment.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • Yes, edited already :P M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • TazTaz Disabled

    @Maounique said: Yes, edited already :P M

    Bummer. If you have something real good next time, hmu :)

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • what about this one: http://i.imgur.com/d9igL.jpg

  • @Taz_NinjaHawk said: Then we manually validate those info and then simply remove those documents after 6 mo.

    @Taz_NinjaHawk Why do you need to keep such sensitive data for 6 months?

    I know, I'm Dale Maily.

  • If you need fake canadian passports we get tons of these each week, not even the embassy was able to tell directly if they were real or not and had first to cable it to CA for a check of all data on them... so yea, not that hard it seems.

    Opinions/Posts are to be assumed my own/personal and not company related unless obvious
    Currently unemployed | Available for consulting | http://as198412.net | https://william.si

  • Automatic flagged by maxmind bro.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • TazTaz Disabled

    @Taylor said: Why do you need to keep such sensitive data for 6 months?

    6 mo is just there just in case we receive CC chargeback for fraudulent payments. Most likely, provider will not receive chargeback/cc complains when it comes to fraud payment after 6 month. Just a basic precaution. Plus, those files are not even stored online.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • @regs , many whmcs clients are now using maxmind due to the promotion and partnership with whmcs - I too had the same issue / MaxMind will mark you as fraud if it sees your IP futher away from your billing address , as our corporate address is in Las Vegas / same issue - dont know if there is config option for that. (distance threshold)

    Dave

    HostCheetah.com - Shared and VPS : Coming Soon

  • regsregs Member
    edited September 2012

    I think i figured out what the issue is, I am trying to work with a particular host to try to resolve it.

  • @regs: did you chargeback at them? Could be they flagged you and now you're shitlisted.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • @cosmicgate

    no, nothing like that; all I will say is that being nice and using emoticons in emails will get you flagged for being fraudulent lol

  • He is listed in fraudrecord. Nothing major. It would be one of those things that requires manual review.

  • @William said: If you need fake canadian passports we get tons of these each week, not even the embassy was able to tell directly if they were real or not and had first to cable it to CA for a check of all data on them... so yea, not that hard it seems.

    So you ask for them papers ? Does it help ? I am a customer of yours and used 2 fake identities without being asked for any proof. Not that i dislike it, but I am curious if you catch many frauds that way. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

  • Yes/Yes. And that you got through means simply we where not suspicious at your signup.

    Opinions/Posts are to be assumed my own/personal and not company related unless obvious
    Currently unemployed | Available for consulting | http://as198412.net | https://william.si

  • RandyRandy Disabled
    edited September 2012

    Everyone stay away from M . fruad<3

    @Taz_Ninjahawk. i have to disagree on that. any host can fell for fake IDs not just kiddiehosts. it just that how much skill that is taken to produce the fake IDs.

    Check hostgator's blog there is a fake singaporean ID. it looks really legit brsides the "batman"

  • @Randy said: Check hostgator's blog there is a fake singaporean ID. it looks really legit brsides the "batman"

    Batman is Singaporean?

    My blog | Server Uptime | I'm not working for any providers in here, all my comments just my own opinion.image
  • @ErawanArifNugroho said: Batman is Singaporean? good question, here ya go http://blog.hostgator.com/~/tmp/wp-uploads/2012/03/id10.jpg

  • edited September 2012

    @Randy, he is Javaneese. Same as me :p bin Suparman : Son of Suparman

    My blog | Server Uptime | I'm not working for any providers in here, all my comments just my own opinion.image
  • @Randy now I understand why HG is hackable. They let something like that browsable

    My blog | Server Uptime | I'm not working for any providers in here, all my comments just my own opinion.image
  • I think it's probably MaxMind that's flagging you a lot of us use it, but I turned that feature off since so many people have Cell phones it's not reliable anymore.

  • @FRCorey said: I think it's probably MaxMind that's flagging you a lot of us use it, but I turned that feature off since so many people have Cell phones it's not reliable anymore. i guess you mean even fruads can get themselves a cell phone

  • No, people move but keep their phone numbers, it's called local number portability. I still have a Texas phone number but live in Colorado.

Sign In or Register to comment.