Maxmind does not know what fraud is

[easyhosting]

Hi

 

I recieved an order today as below (not breaking any privacy rules showing this).

 

maxmind cleared this as

 

"This order is low risk. The order is slightly riskier because the phone number supplied by the user is not located within the zip code of the billing address for the credit card"

 

but anyone can tell 100% that this is fraud and just an idiot messing around.

 

Order Information

 

Order ID: 91

Order Number: 5593467995

Date/Time: 21/04/2010 19:23:29

Invoice Number: 7438

Payment Method: Credit/Debit Cards

 

Customer Information

 

Customer ID: 40

Name: 1 1

Email: 1@1.com

Company: 1

Address 1: 11

Address 2: 1

City: 1

State: 1

Postcode: 33707

Country: US

Phone Number: 3342343234

 

Ebay Username: wewew

Date of Birth (DD/MM/YYYY): 01/01/1972

Charity Number (if Applicable):

Receive our Monthly Newsletter?: Yes

Back Up Details:

Where did you hear about us?: fewfefew

 

Order Items

 

Product/Service: Shared Hosting EHM1

Domain: dasdsaad.com

First Payment Amount: £4.27GBP

Recurring Amount: £3.20GBP

Billing Cycle: Monthly

 

Total Due Today: £4.70GBP

 

ISP Information

 

IP: 97.97.46.183

Host: 183-46.97-97.tampabay.res.rr.com

[aXeR]

Maxmind is not a substitute for checking your orders properly, its merely an automated tool that looks at common parameters that crop up during fraudulent signups such as:

 

IP address country differs from that of what client has signed up with

Order has come from an individual in a country that is associated with a high rate of internet fraud

Order has been placed via a proxy

Order has been placed using a free email address

 

Perhaps it would be best to read up on precisely what the module is protecting you from so you know what to expect. Either way, as a free addon its a worthy addition to WHMCS - its definitely worth upgrading to the telephone verification system though!

[easyhosting]

i am signed up the their telephone verification service, so yes Maxmind allowed a fraudlent order through.

 

maxmind even admitted

 

"we do have 1.com listed in our database as a fraudulent domain"

 

so if they have the domain in their DB as fraudulent, then their system should not have allowed this through.

 

 

 

Maxmind is not a substitute for checking your orders properly, its merely an automated tool that looks at common parameters that crop up during fraudulent signups such as:

 

IP address country differs from that of what client has signed up with

Order has come from an individual in a country that is associated with a high rate of internet fraud

Order has been placed via a proxy

Order has been placed using a free email address

 

Perhaps it would be best to read up on precisely what the module is protecting you from so you know what to expect. Either way, as a free addon its a worthy addition to WHMCS - its definitely worth upgrading to the telephone verification system though!

[bear]

Postcode: 33707

Country: US

Phone Number: 3342343234

 

ISP Information

 

IP: 97.97.46.183

Host: 183-46.97-97.tampabay.res.rr.com

I'd assume since the ISP and the zipcode checked out it reduced the score. The phone is in another state, quite a long way from there, but that can often be attributed to cell phones these days, so it probably didn't cause too much of a score increase.

Basically, you're saying that the domain being marked as fraud should have increased the score enough to reject this order. I'd suggest that isn't enough to ban/drop an order, and it's why there is a scoring system in the first place.

 

Ebay Username: wewew

I'd suggest this is probably why you get this sort of order. Ebay hosting offers and buyers tend to be unsavory, no insult to you intended, from my experience. It's like offering $2/year hosting; you get all the wrong sort of signups.

[easyhosting]

I'd assume since the ISP and the zipcode checked out it reduced the score. The phone is in another state, quite a long way from there, but that can often be attributed to cell phones these days, so it probably didn't cause too much of a score increase.

Basically, you're saying that the domain being marked as fraud should have increased the score enough to reject this order. I'd suggest that isn't enough to ban/drop an order, and it's why there is a scoring system in the first place.

 

 

I'd suggest this is probably why you get this sort of order. Ebay hosting offers and buyers tend to be unsavory, no insult to you intended, from my experience. It's like offering $2/year hosting; you get all the wrong sort of signups.

 

 

considering that this is NOT an ebay userrname this never come through ebay, also checked my terlephone verification logs with maxmind and this order did not go through this process, even though i have it set so all orders must go through this process, so this is a case of maxmind allowing a fraudulent order through

[bear]

considering that this is NOT an ebay userrname this never come through ebay

Then the only explanation for the inclusion of the Ebay username is that it was on the order form and possibly required. Could be a bot, or just some random jerk.

I still stand by my assertion about buying/selling on EBay, though.

[EDIT]:

http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=wewew&ftab=AllFeedback

Looks like you're mistaken.

 

this is a case of maxmind allowing a fraudulent order through

Explained above.

If you have it set to call for every order, and you're not over the limits imposed on your Maxmind account for those calls, then you need to discuss that with them. I consider this pre-screening, and never rely only on it for verifications. All orders are still manually vetted before provisioning for my own businesses.

[easyhosting]

I checked the ebay name and it come back not an ebay username.

 

i have the field 'ebay username' on my order form as i do sometimes have special offers run on ebay, this is not required for any orders.

 

I am not over my limits set by maxmind.

 

also the zip code this idiot used 33707 is SAINT PETERSBURG, Florida, USA, but the ebay username given is from Switzerland.

 

this is clearly fraud and as maxmind never carried out the phone verification then maxmind are at fault.

 

i am discussing this with them, if an email is marked as fraud on their system, then their system should not pass any order using that email address

 

Then the only explanation for the inclusion of the Ebay username is that it was on the order form and possibly required. Could be a bot, or just some random jerk.

I still stand by my assertion about buying/selling on EBay, though.

[EDIT]:

http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=wewew&ftab=AllFeedback

Looks like you're mistaken.

 

 

Explained above.

If you have it set to call for every order, and you're not over the limits imposed on your Maxmind account for those calls, then you need to discuss that with them. I consider this pre-screening, and never rely only on it for verifications. All orders are still manually vetted before provisioning for my own businesses.

[bear]

I checked the ebay name and it come back not an ebay username.

Interesting. Took no effort for me to find it.

 

also the zip code this idiot used 33707 is SAINT PETERSBURG, Florida, USA, but the ebay username given is from Switzerland.

What's your point?

http://en.wikipedia.org/wiki/Proxy_server

I'm not saying it's the same person in the least (most of that info looked like it was randomly and manually typed), but there are lots of ways to fake things.

 

if an email is marked as fraud on their system, then their system should not pass any order using that email address

They said the domain is marked as fraud, I didn't see where they stated the email was?

In any regard, discussing with them why this passed is how to proceed. I'm sure there's some explanation.

[easyhosting]

Interesting. Took no effort for me to find it.

 

What's your point?

http://en.wikipedia.org/wiki/Proxy_server

I'm not saying it's the same person in the least (most of that info looked like it was randomly and manually typed), but there are lots of ways to fake things.

 

 

They said the domain is marked as fraud, I didn't see where they stated the email was?

In any regard, discussing with them why this passed is how to proceed. I'm sure there's some explanation.

 

maxmind told me this in an email

 

"we have 1.com listed in our database as a

fraudulent domain"

 

so therefore any emails from the domain 1.com would also be fraudulent

[bear]

so therefore any emails from the domain 1.com would also be fraudulent

And they specifically stated that last part exactly as you've written it here?

That's the point.

[easyhosting]

And they specifically stated that last part exactly as you've written it here?

That's the point.

 

No, but if a domain is fraudulent then you can guarantee 100% that any email sent from the fraudulent domain is also fraudulent.

[othellotech]

this is clearly fraud and as maxmind never carried out the phone verification then maxmind are at fault.

The maxmind system will make the telephone call only if the resultant scrore of the other items exceeds *your* specified setting - so more a case of you are at fault for using the wrong values ...

[easyhosting]

The maxmind system will make the telephone call only if the resultant scrore of the other items exceeds *your* specified setting - so more a case of you are at fault for using the wrong values ...

 

WRONG

 

My values are set so that the telephone call is made on all orders, so the fault clearly lies with maxmind

[Daniel]

If it clearly lays with Maxmind, why not go to them instead of the WHMCS forums?

[easyhosting]

I have also gone through maxmind. i thought i would mention this on this forum so other members are aware of this, just incase thi IDIOTS tries it on with anyone else as i have provided the IP and host of this IDIOT.

[bear]

i thought i would mention this on this forum so other members are aware of this

Well, there you go then. Thanks for the warning.