Steps to Account approval and to prevent fraud

[mnymkr]

I was wondering if you would share exactly the steps you take to make sure your accounts are legit but at the same time making the process as automatic as possible.

 

Thanks!

[easyhosting]

in your whmcs clientarea sign up to one of the fraud services i use maxmind, config this in your own admin area, this will weed out all possible fraud accounts and although the fraudsters account details will show maxmind will automatically cancel any order they place and not take money from them, this is handy so that you can check to see if the orders are indeed fraud and overide or just delete account also you can block certails eamisl such as hotmail and yahoo and ever certain IP addresses, so orders from these will not be accepted, all this is fully automated.

[msm]

I don't think the block of free emails works, I was using my runbox email to activate one account and maxmind consider the runbox a free email service.

[easyhosting]

some email providers offer both ISP enabled email address and free email addresses. AOL is one that does this, so maxmind will class AOL as a free email service, but some people get an AOL email as part of their broadband/dial up service. This may be the case with runbox, so the easiest thing to do is to block the IP address or block the whole email address (me@aol.com) rather than just aol.com. This does work.

[msm]

Hello,

 

yes you are correct, the issue is that runbox dosen't provide free accounts.

[easyhosting]

right what is classed as a free email account is an email address that is NOT provided as an ISP package, which runbox falls into this catagory as runbox is not provided to you by an ISP, you are paying then for an email address only service and not an ISP service.

[mnymkr]

can you walk me through your checks from the time of sign up?

 

I just dont want to make any mistakes

[easyhosting]

All checks are automated with maxmind, when a clients goes to your order page they will sign up and order a package/domain, when they do this if you have maxmind, this will check the customers details such as is the customer details in the same country location as the IP etc, if these are Ok maxmind will allow the order to go through and payment will be taken, if maxmind thinks this is frausd it will flag the order as fraud and not allow payment to be taken, but this will still show in the WHMCS admin area for you to check this out.

to check an order go to clients profile>products/service and click on view order, this willshow you the fraud check results, so you can double check to see if it is fraud, so you can overide this by clicking accept order or refuse by clicking delete order.

[chickendippers]

Even following a client passing our Varligox fraudcall we check the voice signature is genuine (ie. check it's not a man's voice using a woman's name - yes we've had a fraudster try that before), if they're using an existing domain we check the whois, and finally the fraud report from our credit card processor.

 

On orders that Varligox flags as fraud I also check the phone number's area code and IP address alongside their address.

 

If that all adds up then I'll approve them

[easyhosting]

We do all this, we recently had a client register for an account while i was away on holiday and my staff member never did a full check as maxmind approved this, when i came back this user had not uploaded any files, when i contacted them severla times all they would say was that with other work they were busy and did not have time to upload files or change the nameservers, but they would get round to it, this went on for 3 months while they paid the invoices on time, so i contatced the client an said that they have had the hosting for 3 months and paid for this, if they wanted they could give me access to thie go daddy account and i would be happy to change thier nameservers for them and upload their files, their reply was that they had forgotten their go daddy account details and did not know how to contact go daddy to get these resent to them, which alarm bells started ringing, so I decided to look at the whois details myself and these details did not match my clients details. So I cantacted the registered owner of the domain and his reply was that he had never heard of my client, so i immediatly suspended this account and informed my client, who never responded, because all this took time etc, i invoiced my client an administration fee, which he paid and then he complained that this was theft and that he was going to report me for theft. I immediately reponded saying that he was the one who registered an account using a domain that was not his and took up server space and that if anyone was to be reported it would be him, not just by me but by the domains registered user, neither to say we heard nothing more.