New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
clearbit risk vs maxmind anti-fraud
Since hosting providers are prime targets for abusers I assume all providers here use some anti-fraud service.
Would you mind sharing your experience?
Has anyone used Clearbit Risk https://clearbit.com/risk ? How how is it worked out for you? What rules have you setup? Do you just ban people when risk==high?
Comments
Nobody does anti-fraud checks?
Of cuz they do. Many people used maxmind I think.
fraudrecord + maxmind is de facto standard.
i am not a provider but i accept online payments and i use maxmind and some stripe rules.
The fraudlabspro.com and Stripe Radar do a fantastic job for us, maxmind it’s just a database of IP addresses without anything else.
WebProject, it would be nice if you put these "behind-the-scene data broker" companies in your definitely GDPR compliant privacy policy. Make sure you mention that customers' data is sent to Malaysia where it is "retained indefinitely and used for any other ground..."
jimaek, since 2019. September 14. EU regulations require implementing more verification to pay online (basically 2FA for credit cards), so if you use a payment processor which accept payments from the eu, you don't really have to care about credit card fraud anymore. Other type of payment processors do their own fraud checking, I don't see why you would forward your customer's data to yet another company. Not to mention most providers' software (Blesta/DirectAdmin/WHMCS...) will send all the things in cleartext e-mail, so any customer who doesn't want an immediate data leak on sign-up won't use real details.
No personal information is passed to any other countries! The IP data is belong to ISP providers and it does not contain any personal information, take example of the following IPs: 1.1.1.1 or 8.8.8.8
Even with EU regulations in place the majority of companies still do verification, take example: OVH, online.net, PayPal, Xoom
I know most rely on CC anti-fraud checks during payments. But I was thinking about completely stopping those people from even registering. That becomes even more important if you plan to offer any kind of free trial or free credits.
So was wondering if anyone is doing something similar
If you are a target of malignant person or group nothing will help you. Absolutely nothing. These risks should be calculated into the price of services. Shit happens, you must be always prepared.
What kind of fraud you suffered?
Someone took batch free trials but not buy one?
This is fraud, yes.
IP is PII per GDPR
Your are right, however, it's temporary digits (dynamic IP address) without any personal data attached, as the customer ISP has to meet certain legal obligations before can hand the data to a website providers or other companies.
Whilst that is true, I believe the general conclusion is that IPs are still classed as personal data under GDPR? (ref: https://eugdprcompliant.com/personal-data/ and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/ )
As far as I know most people use maxmind, but I haven't used it and don't know the specific situation
To answer the question, we use Fraudrecord only. There is also an origin filter for the pull zones which has a growing list of origins, including IPs, that are known to try to distribute illegal content. So the accounts get suspended before making any payment most of the time. This works to some extend, but the biggest problem is that in the two attempts that we have had to open the registrations to the public, we always get flooded with accounts willing to go to great lengths to abuse the trial again and again without paying. This is something I have not been able to deal with as of yet and I really don't want to request payment details and do auth charges from someone just to allow them to try the service. But I guess it will be needed.
@PUSHR_Victor That's exactly what I am trying to prevent. Have you thought of opening the registrations and using Clearbit or Maxmind to block registrations? +email verifications before giving any access. Maybe even do SMS verifications for high risk countries.
Yes I am going to give Maxmind a try to see how it goes. Mail verification has not helped much. SMS verification may end up being expensive I think, but I will have to check this.
Have you considered verifying that they're on their legitimate IP address as well? Seems like any anti-fraud / risk system should incorporate proxy / VPN detection. Have you tried GetIPIntel? It's free
Hi Jimaek,
We are using maxmind mini, that verifies multiple things.
IP address reputation, billing address, card details, contact details of user like email address and phone number.
the advance version of product is called Insights that also verifies things from finance institution and device id.
maxmind mini working well for us from last 6-7 years.
also have seen some offer from IPQualityScore , seems promising but did not give an try yet.
Thanks
Naveen Sharma
That’s not true. PSD2 allows small value payments to pass without triggering 3DS2 therefore still providing ample room for chargeback on unauthorised grounds, and the chargeback fee is a killer in this scenario.
Sure? even paying 30RUB which is about 43 cents triggers 3DS2.
Besides, paying via paypal or curve does bypass these measures by 100%.
100% sure. Read the standard if you disagree.