Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Describe Your Fraud Prevention Methods & Fraud Percentage
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Describe Your Fraud Prevention Methods & Fraud Percentage

raindog308raindog308 Administrator, Veteran

Following up on another thread...what exactly do you do for fraud prevention?

Do you...

  • use MaxMind
  • use FraudRecord
  • call all new signups
  • use telephone verification
  • google for the name
  • research the IP, geolocation, etc.
  • only accept BitCoin
  • etc.

I remember @Aldyric (or was it @Francisco) once mentioned he had some proprietary methods but considered them trade secrets and wouldn't share. That's certainly legit, but I'm curious what standard practice is.

Seeing your profits eaten by chargebacks and fraud always seemed to be to be a big downfall in the LEB market. Is fraud a significant hit for you, or just an occasional nuisance?

Thanked by 1rokok

Comments

  • Might not get many answers

    Security through obscurity

    Thanked by 3GCat netomx jonbeard
  • the whole point is to not tell anyone that's what makes it secure.

    Thanked by 1MarkTurner
  • alexvolkalexvolk Member
    edited December 2015

    Accepting BitCoin will be like a honey for abusers (since you can't verify person using that payment method) but person will not able to chargeback same time remember the fact they're paying small money nothing above $10 even so they'll not lose too much.

    Fraudrecord is used mostly by lazy hosts, who can't check fraud on their own.

    Maxmind mostly will catch fraud but sometimes it will not. Set score low to catch more deeply.

    The reason is some fraudsters uses new identity (email, phone, address, residential ip etc.) which were not used before and it will look completely legit.

    Secret thing that buyvm (@Francisco) using is maxmind and if score is above % (some low %) they'll deny order. Saying we have X but we would'nt say it's stupid since they can't prove it. It's like saying we have lamborgini but it's in garage, we won't show it and in reality having old car which people are using for years.

    You can catch %99 of fraud by calling customers phone number.

    Why it's not %100 ? Simply because fraudster could use call centers to answer phone call and confirm that they're indeed have ordered something but it's probably will not happen on hosting services since it'll be terminated simply AND it's also possible that fraud order will look more legit than any other order.


    Forgot to add:

    • PayPal check for Name and Surname for matching from order

    • Accept Credit Cards only by enabling 3D secure.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    Aldryic wrote his own fraud protection module for WHMCS that highlights orders and flags things based on extra information from local databases as well as other systems.

    TL;DR

    Francisco

    Thanked by 2netomx doghouch
  • KuJoeKuJoe Member, Host Rep
    edited December 2015

    Maxmind + GetIPIntel + FraudRecord handles 90% of the fraud by themselves. I weed out the other 10% using Google mostly. I can't remember the last time we had a legitimate dispute/chargeback (meaning the payment method probably wasn't owned by the person who ordered service) but the fraud that gets by is less than a fraction of a percent.

    We'll be enabling phone verification in the near future once I have time to properly test it.

  • @KuJoe said:
    Maxmind + GetIPIntel + FraudRecord handles 90% of the fraud by themselves. I weed out the other 10% using Google mostly. I can't remember the last time we had a legitimate dispute/chargeback (meaning the payment method probably wasn't owned by the person who ordered service) but the fraud that gets by is less than a fraction of a percent.

    We'll be enabling phone verification in the near future once I have time to properly test it.

    GetIPIntel & FraudRecord are both enabled/work in my fraudrecord fraud module

  • KuJoeKuJoe Member, Host Rep

    @timnboys said:

    Glad to hear it, I have my own modules though. :)

    https://github.com/KuJoe/chkProxy

    Thanked by 3qps netomx alexvolk
  • Okay so does yours tie into whmcs's native fraud system to act like a real fraud module that can screen orders automatically? because mine does that for blesta and whmcs.

  • @timnboys said:
    Okay so does yours tie into whmcs's native fraud system to act like a real fraud module that can screen orders automatically? because mine does that for blesta and whmcs.

    This isn't a epenis bragging contest mate.

  • @GCat said:
    This isn't a epenis bragging contest mate.

    I wasn't trying to brag at all I was just wondering if he had tried to do that as I just see a hook for whmcs I don't know I kinda assumed when he said module I thought he meant he had a actual module and not just a hook?

  • I always wonder how do all these fraud check work send the customer email and check if the email is in the database?

  • KuJoeKuJoe Member, Host Rep
    edited December 2015

    @timnboys said:
    Okay so does yours tie into whmcs's native fraud system to act like a real fraud module that can screen orders automatically? because mine does that for blesta and whmcs.

    My hook is a "pre-order" hook, so it blocks the orders before they get entered into the database.

  • GCat said: This isn't a epenis bragging contest mate.

    Well all know @KuJoe has the biggest epenis but is so modest he won't care anyway

  • qpsqps Member, Host Rep

    KuJoe said: Glad to hear it, I have my own modules though. :)

    https://github.com/KuJoe/chkProxy

    This is a great hook.

  • raindog308raindog308 Administrator, Veteran

    @GCat said:
    This isn't a epenis bragging contest mate.

    I think we've all been in clubs when some hot woman asks you which WHMCS modules you've written and then she completely forgets about you when she learns @KuJoe has just rolled up.

    "Hey baby, wanna meet my Wyvern?"

    Bastard.

  • perennateperennate Member, Host Rep
    edited December 2015

    alexvolk said: You can catch %99 of fraud by calling customers phone number.

    No way. The fraudsters I've dealt with almost invariably have some phone service they can use to verify, with access to multiple phone numbers. Even using Twilio to verify country matches credit card country and using Twilio to verify the number is landline/mobile (and not VoiP) doesn't seem to help.

  • @perennate said:
    No way. The fraudsters I've dealt with almost invariably have some phone service they can use to verify, with access to multiple phone numbers. Even using Twilio to verify country matches credit card country and using Twilio to verify the number is landline/mobile (and not VoiP) doesn't seem to help.

    I meant calling directly without automated phone verification.

    Thanked by 1perennate
  • @miTgiB said:
    Well all know KuJoe has the biggest epenis but is so modest he won't care anyway

    it's the size of the CN tower over in Toronto :)

  • Asks for dna samples ?Anyone ?

  • ExpertVMExpertVM Member, Host Rep

    Over the years we have to work out new system and method to fight fraud as fraudsters are getting smarter in avoiding detection.

    When all the automated system reject their orders, they will paint a perfect story via support ticket system.

    Lastly I think most providers don't reveal their fraud method is to avoid frauster in evading those system to order their services.

  • It detects my home IP as a proxy, it's just a static IP with reverse :(

  • NexHostNexHost Member
    edited December 2015

    No Fraud for the last 4 months.

    Zero Disputes / Chargebacks with PayPal and Stripe.

    PayPal put a hold on the income after a certain amount every month. requested a increase and they accepted. Stating the reason was due to Good Customer Relations. :)

    Also we use Fraudrecord and MaxMind and will look into specific orders and do further checks if we feel the need to.

  • KuJoeKuJoe Member, Host Rep

    @cassa said:
    It detects my home IP as a proxy, it's just a static IP with reverse :(

    What score are you getting? I think we have ours set to only block 0.99 and above.

    @black

  • @cassa PM me your IP and I'll look into it.

    Thanked by 1cassa
  • @black said:
    cassa PM me your IP and I'll look into it.

    Done

  • @KuJoe It's 0.99726265668869, I'll wait for @black's answer :)

  • I've responded.

Sign In or Register to comment.