Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Fraud Prevention
New on LowEndTalk? Please Register and read our Community Rules.

Fraud Prevention

CoreyCorey Member, Provider
edited June 2012 in General

What steps do you guys take to prevent fraud? We have maxmind going with a low value set - but the fraudsters keep getting through! The fraud has been really bad recently.

BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
«13456

Comments

  • WilliamWilliam Member, Provider
    edited June 2012

    Maxmind, Fraudrecord, blocks of all known VPN providers and public/private proxies.

  • AlexBarakovAlexBarakov Member, Provider

    I use 2co's fraud protection... However, I heard that it was not good at all. Did not have problems, though. It did, however, stop a couple of legit transactions the past month.

    AlphaVPS - Premium Cloud VPS, Dedicated Servers & Colocation in EU and US
    High-Performance AMD EPYC + NVMe Cloud VPS from €3.99/m || High-storage KVM VPS from €15/y

  • CVPS_ChrisCVPS_Chris Member, Provider

    Are you using creditcards or paypal?

    ColoCrossing.com - Premier Datacenter and Cloud Solutions for Business

  • CoreyCorey Member, Provider

    @cvps_chris paypal and google checkout

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • CoreyCorey Member, Provider

    @william what value do you have set on maxmind?

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • CoreyCorey Member, Provider

    @liam what would 'manually processing an account' entail? Sounds like a bunch of trouble for our clients. Clients love instant setup.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • We use PonyMind. A semi-complex combination of Maxmind alongside my own custom hooks that compare prior logins, paypal addresses, CC info, geolocation, client info, and a few other variables.

  • AlexBarakovAlexBarakov Member, Provider

    @Aldryic said: We use PonyMind. A semi-complex combination of Maxmind alongside my own custom hooks that compare prior logins, paypal addresses, CC info, geolocation, client info, and a few other variables.

    Does it happen to be open-source / free to use? :D

    AlphaVPS - Premium Cloud VPS, Dedicated Servers & Colocation in EU and US
    High-Performance AMD EPYC + NVMe Cloud VPS from €3.99/m || High-storage KVM VPS from €15/y

  • CoreyCorey Member, Provider

    @william fraudrecord seems new, searching a simple name like 'matt' brings up nothing. I think i recognize the administrators name as well.....

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • WilliamWilliam Member, Provider
    edited June 2012

    @Corey said: @william what value do you have set on maxmind?

    60.

    @Corey said: @william fraudrecord seems new, searching a simple name like 'matt' brings up nothing. I think i recognize the administrators name as well.....

    It is and you search it wrong - since it does hash matching it only works with EXACT matching strings.
    The Administrator is smod/admin over at WHT.

  • @LiquidHost said: Does it happen to be open-source / free to use? :D

    That's a negative. It requires WHMCS, and modification to the database and one of the modules. I've had a couple of nice offers to sell the source, but nothing good enough to convince me to turn it over.

    I used to do 'freelance' WHMCS/billing modifications, addons, and consulting... never got around to picking up an IONcube license though, and I've seen too much of my work stolen over the years to release source freely :P

    @liam said: Mostly what @aldryic said. Sometimes things are just obvious.

    Ditto. We've never trusted full automation (Solus burned us over and over before we finally ditched them, and we haven't gone back to auto-setup since), and though my scripts could be easily tweaked to allow for auto-provisioning, right now they act as a series of pass/warning/fail checklists that we can view easily for each order, and decide how to proceed from there.

  • AlexBarakovAlexBarakov Member, Provider

    @Aldryic said: That's a negative. It requires WHMCS, and modification to the database and one of the modules. I've had a couple of nice offers to sell the source, but nothing good enough to convince me to turn it over.

    I used to do 'freelance' WHMCS/billing modifications, addons, and consulting... never got around to picking up an IONcube license though, and I've seen too much of my work stolen over the years to release source freely :P

    I was just joking :P

    AlphaVPS - Premium Cloud VPS, Dedicated Servers & Colocation in EU and US
    High-Performance AMD EPYC + NVMe Cloud VPS from €3.99/m || High-storage KVM VPS from €15/y

  • We have Maxmind and we utilize Authorize.net's Advanced Fraud detection suite. Unfortunately with the way it detects fraud, we do have people that are legitimate getting blocked. It just really is the cost of business for automated setups =(

    ChicagoVPS.net - OpenVZ/Xen Based - SolusVM Control Panel - TUN/PPP/FUSE/SIT/GRE - cPanel/DirectAdmin/Parallels - Chicago/Buffalo/LA Coming Soon! - Great Support!

  • innyainnya Member
    edited June 2012

    As a user , I prefer that provider should also do manual check.
    Maxmind block me when I order one of the Europe provider(InceptionHosting).
    (e.g. when I ordered, Maxmind called me and gave me an security code and I could not order. It so funny how Maxmind work.)
    I have no problem ordering any others europe provider.

  • @Innya,

    We still do manual checks with most orders pass or "fraud".

    ChicagoVPS.net - OpenVZ/Xen Based - SolusVM Control Panel - TUN/PPP/FUSE/SIT/GRE - cPanel/DirectAdmin/Parallels - Chicago/Buffalo/LA Coming Soon! - Great Support!

  • CoreyCorey Member, Provider

    @william It is and you search it wrong - since it does hash matching it only works with EXACT matching strings. The Administrator is smod/admin over at WHT.

    So let me get this straight, if a fraud guy registers with a slightly different addy but same username this tool will not show anything?

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • subigosubigo Member
    edited June 2012

    MaxMind + manual review of user details. Fraud attempts are pretty obvious 99% of the time. Hell, you don't even need that much data to catch someone... IP, email, zip, and CC bin are usually enough.

  • raindog308raindog308 Administrator

    No one does Maxmind phone verification? That's automated.

    For LET support, please visit the support desk.

    LowEndTalk attracts the finest members. - bear, WebHostingTalk

  • raindog308raindog308 Administrator

    @Aldryic said: never got around to picking up an IONcube license though

    They have an online encoder where you pay by the size of the files.

    http://www.ioncube.com/pricing.php

    For LET support, please visit the support desk.

    LowEndTalk attracts the finest members. - bear, WebHostingTalk

  • rds100rds100 Member

    @raindog308 said: No one does Maxmind phone verification? That's automated.

    We do, on all orders. The hardest part is how to teach the customers to enter their phone number in the correct format.

    -

  • subigosubigo Member

    @raindog308 said: They have an online encoder where you pay by the size of the files.

    http://www.ioncube.com/pricing.php

    And I can easily decode it nine times out of ten.

  • Oh hey look, it's the new xprotocept.

    Thanked by 2Jack netomx
  • gbshousegbshouse Member, Provider

    Nice blog entries about fraud scoring
    http://blog.unibulmerchantservices.com/fraud-scoring
    http://blog.iovation.com/2010/09/30/fraud-scoring-tools-and-weighted-business-rules/

    I'm implementing custom solution for our current project, maybe we can lunch it as a separate service. We'll see.

    Thanked by 1raindog308
  • raindog308raindog308 Administrator

    @subigo said: And I can easily decode it nine times out of ten.

    Riiiiiiiight...

    image

    Thanked by 2Aldryic nabo

    For LET support, please visit the support desk.

    LowEndTalk attracts the finest members. - bear, WebHostingTalk

  • @raindog308 said: Riiiiiiiight...

    It's like the tech theorem. The ones that know what they're doing say nothing, get the job done, and sit back quietly to watch the ones that have no clue just consistently unload bullshit to try and make themselves seem important.

  • subigosubigo Member

    @raindog308 said: Riiiiiiiight...

    @Aldryic said: It's like the tech theorem. The ones that know what they're doing say nothing, get the job done, and sit back quietly to watch the ones that have no clue just consistently unload bullshit to try and make themselves seem important.

    Either one of you are free to go encode a few cheap/small files and then post them back here. I'll post the decoded files in less time than it took you to post them.

    I used the online encoder for BoxCtrl when I first released it and even the oldest decoders worked on 100% of the files.

  • Noise, noise...

  • subigosubigo Member

    @Aldryic said: Noise, noise...

    It's like $0.05... can't afford $0.05 to prove I "have no clue just consistently unload bullshit"?

  • Any skid can use a premade decoder. Being able to push a button or run a script doesn't make you special.

    The pure amount of noise that comes from you on these topics does more than enough to convince me that a skid is all you could ever hope to be, and a poor one at that. You'll notice that the folks with actual skill don't come into random, unrelated forums and start running their mouths with empty bragging.

  • subigosubigo Member

    @Aldryic said: Any skid can use a premade decoder. Being able to push a button or run a script doesn't make you special.

    ...that's my point, genius. Ioncube = crap. As I said above "even the oldest decoders worked".

    You really are a fucking idiot.

Sign In or Register to comment.