Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Question about a Scammer list api
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Question about a Scammer list api

I pretty sure its illegal for a host (unless they list it under there TOS) to give bad customers information (name/address email etc..) to a third party (for example a site which lists scammers and email abusers etc)

But i do think this is a good idea while others will complain.

I am wondering if a site can be legally created to just check (when they sign up/order) and see if the customer is bad and if so put tell the provider warning=1 or whatever but instead of a public database it will only check and give a warning or not? and in the database side it will only show sha256 encrypted name, email, paypal address etc of the bad customers.

I am wondering if the service only gives a warning=1 type message response if the customer is considered a abuser or scammer would it be legal? or would the providers still need the customers consent to send to there info to a third party database list?

I might sound confusing im sorry - just have millions of ideas in my head right now.

Comments

  • wychwych Member

    Isn't this what FraudRecord/MaxMind does?

    And I am sure you will find most hosts mention 3rd party data handling for things like Fraud/Legal checkups.

  • For the UK at least, http://en.wikipedia.org/wiki/Data_Protection_Act_1998
    Require that data is not used in any way that may potentially cause damage or distress

    If you host it somewhere where data protection laws are somewhat lax, then achieving anything on scale would be a bit easier.

  • Yea i heard of maxmind but dont they charge for that service?

    @ricardo yea im located in usa - but that uk law - can a scammer/abuser sue me for listing them? i dont see any damage or distress it will cause they just because they cant buy a $3 VPS

  • ricardoricardo Member
    edited April 2014

    Ultimately not many people would bother if they're listed on an arbitrary "watch list" IMO. But if you become the defacto anti-fraud check that all webhosting providers use, you'll want to consider the data protection aspect more. It's one thing not being able to buy a $3 VPS with one provider, but if it prevents someone buying a VPS at any provider, particularly commercially... then yes, I'd imagine people would be willing to make a stink about it.

    Laws tend not to travel well over international borders so that's why I suggest hosting somewhere more 'exotic'.

    Slightly OT but I think the best authentication is an automated phone call. I've triggered max-mind a few times for some unknown reason and got an automated call. Perhaps it's because I have a script that auto-fills WHMCS forms. It's not hard to get a bunch of phone numbers and fraud/spam away but it does increase the barrier to entry as well as cost.

    From my understanding of the UK law, you'd be fine using a one-way hash of details. You might find this link more useful for the general case. http://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles

    Thanked by 1Floris
  • FraudRecord operates with a very similar structure.

  • elwebmasterelwebmaster Member
    edited April 2014

    If you ask some of the providers over here they may let you in on their method of sharing customer information without consent.

    EDIT: decided it is inappropriate to mention names.

Sign In or Register to comment.