Fraud, just like in other industries, is a serious problem in the web hosting industry as well. I can never emphasise enough the importance of fraud prevention. Fraudsters not only cause grief to the owner of the credit card/paypal accounts they steal and the web host, but collectively have a damaging impact on the internet. They (greatly) contribute towards spam, phishing, virus/malware/adware distribution and the distribution of pirate software. As a web host, it is your responsibility to do as much as possible to combat fraud.
Those utilising Reseller hosting are just as responsible. You need to use all the resources available to you, your gut feeling and take pro-active measures in preventing fraud.
In this article I would like to go through some steps you can take to prevent fraudsters from gaining acess to your systems.
The article is intended for those offering web hosting on either a shared platform (like reseller hosting) or dedicated platform (such as VPS or dedicated server)..
When you receive an order, it’s important to pay attention to detail. Fraudsters are usually signing up with many hosting companies at a time, it’s not their money so they don’t care how much it costs. Typically fraudsters purchase the more expensive packages to lure the
provider into accepting. They hope they will be blinded by the money and be more interested in the money than doing a proper check. Well, take a good look at that money because it won’t be in your account long once the original account holder notices it and disputes the transaction.
Here are some elementary checks you can perform to combat fraud..
1. Check the WHOIS of the domain.
Verify the details of the WHOIS match that of the domain. Check the domain nameserver history. Has this domain been hopping unsually from host to host, is it a new domain.. Does the domain name make sense. Is it using WHOIS privacy? If the details don’t match, then prepare to be more thorough.
2. Check address on Google Maps
Although simple, check the address on Google Maps. Does it resolve to a proper location? Does Google return an error? Not a very accurate check, but still work checking nevertheless.
3. Check content of the website
Does the site have any content? If it’s been established for a long period of time and has no content, then it raises and eyebrow, but this alone is not enough of a reason to reject as their are legitimate reasons why the content may not be what you expect.
4. Check for spelling errors
Check the information provided. Has everything been spelt correctly? As the user spelt his/her own name, addresses and such correctly?
5. Check for grammatical errors
Do you see grammatical errors in the information provided? Elementary mistakes? No capitalisation, no full stops, incorrect formatting and such.
6. Check password decided
Majority use a password which is hard to guess. What did this user decide? Is it something easy to guess, same as the username?
7. Check for anything out of the ordinary
Check for anything else which doesn’t seem normal to you.
8. Telephone verification
Ring the person to check the details with them. If everything checks out, use the opportunity to welcome them to the company and ask them if they have any questions.
If in doubt, ask the customers. Yes, some of them do find it offensive, some of them refuse to give anything further and just say they will go elsewhere, but majority co-operate very well.
Additionally, you can sign up with various agencies to do more thorough checks. For example, InnoHosting on large orders does many in detail checks such as checking the owner of the telephone number provided, credit checks, bank account checks, address checks and more.
The above should be in addition to using an automated service such as MaxMind.