Determining Fraud

[mnymkr]

I am curious as to what criteria you use to determine fraud?

 

I am close to launching but want to make sure I get this right!

 

 

What should I look for?

 

How should I handle it?

[chickendippers]

1. An IP address in a different country to the contact details.

2. A VOIP phone number.

3. Discrepancies between details entered into WHMCS and credit card processor.

etc

[handsonwebhosting]

AVS/CVV2 code not matching 100% (Address & Zip).

 

Signups that failed, then all of a sudden one that works.

 

Users that sign up for a weird domain name & hosting. Most times fraud (for us anyway) seem to register a domain name at the same time, and usually try to get our most expensive hosting package for 1 year. It tests the limits of the credit card authorization.

[mnymkr]

So do you use any of the fraud protection programs for WHMCS?

 

are they effective?

 

I am taking that you process each order manually?

[handsonwebhosting]

I used to use DialVerify and Varilogix, however, we've found it more effective for us to manually call the clients and make phone contact. This way we can also extend our welcome invitation to them and verify that they recieved the welcome email etc.

[chickendippers]

Since using Varilogix fraudulent orders have been reduced to 0. It does cause a few problems and manually calling each customer would be the ideal solution, but is not always practical.

[FPForum]

I use MaxMind built into WHMCS which has cut down on fraud orders over 75%..Another thing I do is leave the package under pending (even though it is automatically setup) and periodically check the domain to see if the nameservers have changed. If the nameservers haven't changed in like 48hrs I suspend the account and attempt to contact the owner. This is more to spot potential spam/phishing attempts then fraud but at the same time helps with fighting fraud