New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Describe Your Fraud Prevention Methods & Fraud Percentage
raindog308
Administrator, Veteran
in General
Following up on another thread...what exactly do you do for fraud prevention?
Do you...
- use MaxMind
- use FraudRecord
- call all new signups
- use telephone verification
- google for the name
- research the IP, geolocation, etc.
- only accept BitCoin
- etc.
I remember @Aldyric (or was it @Francisco) once mentioned he had some proprietary methods but considered them trade secrets and wouldn't share. That's certainly legit, but I'm curious what standard practice is.
Seeing your profits eaten by chargebacks and fraud always seemed to be to be a big downfall in the LEB market. Is fraud a significant hit for you, or just an occasional nuisance?
Thanked by 1rokok
Comments
Might not get many answers
Security through obscurity
the whole point is to not tell anyone that's what makes it secure.
Accepting BitCoin will be like a honey for abusers (since you can't verify person using that payment method) but person will not able to chargeback same time remember the fact they're paying small money nothing above $10 even so they'll not lose too much.
Fraudrecord is used mostly by lazy hosts, who can't check fraud on their own.
Maxmind mostly will catch fraud but sometimes it will not. Set score low to catch more deeply.
The reason is some fraudsters uses new identity (email, phone, address, residential ip etc.) which were not used before and it will look completely legit.
Secret thing that buyvm (@Francisco) using is maxmind and if score is above % (some low %) they'll deny order. Saying we have X but we would'nt say it's stupid since they can't prove it. It's like saying we have lamborgini but it's in garage, we won't show it and in reality having old car which people are using for years.
You can catch %99 of fraud by calling customers phone number.
Why it's not %100 ? Simply because fraudster could use call centers to answer phone call and confirm that they're indeed have ordered something but it's probably will not happen on hosting services since it'll be terminated simply AND it's also possible that fraud order will look more legit than any other order.
Forgot to add:
PayPal check for Name and Surname for matching from order
Accept Credit Cards only by enabling 3D secure.
Aldryic wrote his own fraud protection module for WHMCS that highlights orders and flags things based on extra information from local databases as well as other systems.
TL;DR
Francisco
Maxmind + GetIPIntel + FraudRecord handles 90% of the fraud by themselves. I weed out the other 10% using Google mostly. I can't remember the last time we had a legitimate dispute/chargeback (meaning the payment method probably wasn't owned by the person who ordered service) but the fraud that gets by is less than a fraction of a percent.
We'll be enabling phone verification in the near future once I have time to properly test it.
GetIPIntel & FraudRecord are both enabled/work in my fraudrecord fraud module
Glad to hear it, I have my own modules though.
https://github.com/KuJoe/chkProxy
Okay so does yours tie into whmcs's native fraud system to act like a real fraud module that can screen orders automatically? because mine does that for blesta and whmcs.
This isn't a epenis bragging contest mate.
I wasn't trying to brag at all I was just wondering if he had tried to do that as I just see a hook for whmcs I don't know I kinda assumed when he said module I thought he meant he had a actual module and not just a hook?
I always wonder how do all these fraud check work send the customer email and check if the email is in the database?
My hook is a "pre-order" hook, so it blocks the orders before they get entered into the database.
Well all know @KuJoe has the biggest epenis but is so modest he won't care anyway
This is a great hook.
I think we've all been in clubs when some hot woman asks you which WHMCS modules you've written and then she completely forgets about you when she learns @KuJoe has just rolled up.
"Hey baby, wanna meet my Wyvern?"
Bastard.
No way. The fraudsters I've dealt with almost invariably have some phone service they can use to verify, with access to multiple phone numbers. Even using Twilio to verify country matches credit card country and using Twilio to verify the number is landline/mobile (and not VoiP) doesn't seem to help.
I meant calling directly without automated phone verification.
it's the size of the CN tower over in Toronto
Asks for dna samples ?Anyone ?
Over the years we have to work out new system and method to fight fraud as fraudsters are getting smarter in avoiding detection.
When all the automated system reject their orders, they will paint a perfect story via support ticket system.
Lastly I think most providers don't reveal their fraud method is to avoid frauster in evading those system to order their services.
It detects my home IP as a proxy, it's just a static IP with reverse
No Fraud for the last 4 months.
Zero Disputes / Chargebacks with PayPal and Stripe.
PayPal put a hold on the income after a certain amount every month. requested a increase and they accepted. Stating the reason was due to Good Customer Relations.
Also we use Fraudrecord and MaxMind and will look into specific orders and do further checks if we feel the need to.
What score are you getting? I think we have ours set to only block 0.99 and above.
@black
@cassa PM me your IP and I'll look into it.
Done
@KuJoe It's 0.99726265668869, I'll wait for @black's answer
I've responded.