Web Hosting Fraud Protection
Fraud, just like in other industries, is a serious problem in the web hosting industry as well. I can never emphasise enough the importance of fraud prevention. Fraudsters not only cause grief to the owner of the credit card/paypal accounts they steal and the web host, but collectively have a damaging impact on the internet. They (greatly) contribute towards spam, phishing, virus/malware/adware distribution and the distribution of pirate software. As a web host, it is your responsibility to do as much as possible to combat fraud.
Those utilising Reseller hosting are just as responsible. You need to use all the resources available to you, your gut feeling and take pro-active measures in preventing fraud.
In this article I would like to go through some steps you can take to prevent fraudsters from gaining acess to your systems.
The article is intended for those offering web hosting on either a shared platform (like reseller hosting) or dedicated platform (such as VPS or dedicated server)..
When you receive an order, it's important to pay attention to detail. Fraudsters are usually signing up with many hosting companies at a time, it's not their money so they don't care how much it costs. Typically fraudsters purchase the more expensive packages to lure the
provider into accepting. They hope they will be blinded by the money and be more interested in the money than doing a proper check. Well, take a good look at that money because it won't be in your account long once the original account holder notices it and disputes the transaction.
Here are some elementary checks you can perform to combat fraud..
1. Check the WHOIS of the domain.
Verify the details of the WHOIS match that of the domain. Check the domain nameserver history. Has this domain been hopping unsually from host to host, is it a new domain.. Does the domain name make sense. Is it using WHOIS privacy? If the details don't match, then prepare to be more thorough.
2. Check address on Google Maps
Although simple, check the address on Google Maps. Does it resolve to a proper location? Does Google return an error? Not a very accurate check, but still work checking nevertheless.
3. Check content of the website
Does the site have any content? If it's been established for a long period of time and has no content, then it raises and eyebrow, but this alone is not enough of a reason to reject as their are legitimate reasons why the content may not be what you expect.
4. Check for spelling errors
Check the information provided. Has everything been spelt correctly? As the user spelt his/her own name, addresses and such correctly?
5. Check for grammatical errors
Do you see grammatical errors in the information provided? Elementary mistakes? No capitalisation, no full stops, incorrect formatting and such.
6. Check password decided
Majority use a password which is hard to guess. What did this user decide? Is it something easy to guess, same as the username?
7. Check for anything out of the ordinary
Check for anything else which doesn't seem normal to you.
8. Telephone verification
Ring the person to check the details with them. If everything checks out, use the opportunity to welcome them to the company and ask them if they have any questions.
If in doubt, ask the customers. Yes, some of them do find it offensive, some of them refuse to give anything further and just say they will go elsewhere, but majority co-operate very well.
Additionally, you can sign up with various agencies to do more thorough checks. For example, InnoHosting on large orders does many in detail checks such as checking the owner of the telephone number provided, credit checks, bank account checks, address checks and more.
The above should be in addition to using an automated service such as MaxMind.
Those utilising Reseller hosting are just as responsible. You need to use all the resources available to you, your gut feeling and take pro-active measures in preventing fraud.
In this article I would like to go through some steps you can take to prevent fraudsters from gaining acess to your systems.
The article is intended for those offering web hosting on either a shared platform (like reseller hosting) or dedicated platform (such as VPS or dedicated server)..
When you receive an order, it's important to pay attention to detail. Fraudsters are usually signing up with many hosting companies at a time, it's not their money so they don't care how much it costs. Typically fraudsters purchase the more expensive packages to lure the
provider into accepting. They hope they will be blinded by the money and be more interested in the money than doing a proper check. Well, take a good look at that money because it won't be in your account long once the original account holder notices it and disputes the transaction.
Here are some elementary checks you can perform to combat fraud..
1. Check the WHOIS of the domain.
Verify the details of the WHOIS match that of the domain. Check the domain nameserver history. Has this domain been hopping unsually from host to host, is it a new domain.. Does the domain name make sense. Is it using WHOIS privacy? If the details don't match, then prepare to be more thorough.
2. Check address on Google Maps
Although simple, check the address on Google Maps. Does it resolve to a proper location? Does Google return an error? Not a very accurate check, but still work checking nevertheless.
3. Check content of the website
Does the site have any content? If it's been established for a long period of time and has no content, then it raises and eyebrow, but this alone is not enough of a reason to reject as their are legitimate reasons why the content may not be what you expect.
4. Check for spelling errors
Check the information provided. Has everything been spelt correctly? As the user spelt his/her own name, addresses and such correctly?
5. Check for grammatical errors
Do you see grammatical errors in the information provided? Elementary mistakes? No capitalisation, no full stops, incorrect formatting and such.
6. Check password decided
Majority use a password which is hard to guess. What did this user decide? Is it something easy to guess, same as the username?
7. Check for anything out of the ordinary
Check for anything else which doesn't seem normal to you.
8. Telephone verification
Ring the person to check the details with them. If everything checks out, use the opportunity to welcome them to the company and ask them if they have any questions.
If in doubt, ask the customers. Yes, some of them do find it offensive, some of them refuse to give anything further and just say they will go elsewhere, but majority co-operate very well.
Additionally, you can sign up with various agencies to do more thorough checks. For example, InnoHosting on large orders does many in detail checks such as checking the owner of the telephone number provided, credit checks, bank account checks, address checks and more.
The above should be in addition to using an automated service such as MaxMind.
Labels: billing systems, chargebacks, fraud, fraud protection, webhosting
posted by Rameen at
1:54 AM
4 Comments:
Very useful article, Rameen. One of the things I value highly in any supplier is stability and that stems from being profitible with sound financial management.
It follows that being able to deal with the whole question of fraud is of paramount consideration so thank you for contributing some practical and experienced insights as to how we can be more effective in that endeavor.
While I appreciate the tips, many of them aren't going to be very useful, i.e. checking WHOIS. It is SO incredibly easy for a fraudster to use a false name, address or to obscure it completely by making it private. Also, as far as grammar and spelling "issues" - well, this article has those, also. Does that make it fraudulent? I appreciate the intent behind the article - but it needs to go further and follow its own guidelines!
@chana,
Well, WHOIS isn't the only thing you should be checking. You use a multiple of various sources. You said many aren't useful, but we use many of those every day for many orders and they are actually useful. The entire article is all based on certain aspects we look at which has reduced fraud to 0%. So I would say following the guidelines is very effective.
As for spelling grammar etc. I don't really see why my article should follow it especially since it's just that - an article, I'm not trying to buy something here.
This post has been removed by a blog administrator.
Post a Comment
<< Home