New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What fraud prevention settings are you using?
SecureLayer7
Member
in Help
Hello LET,
Our WHMCS is protected with some product. I wanted to ensure we are foolproof against at least low-hanging frauds, and I wanted to understand from you if you're using WHMCS or Blesta. What settings or extensions are you using to stop fraud? Is there any story you can share about how changing the settings helped you stop fraud and avoid chargebacks on 2checkout and other payment methods?
Comments
Don't accept payments for a few dollars. I think the cheapest thing you can order from us is $15.00. That deters a lot of fraud and abuse. When our 512mb plans were available monthly, it attracted too many turds.
Stripe's RADAR is also really good and we adjust the default rules to be more strict for certain parts of the world.
If IP = Cloud Innovations, customer = career spammer
Disable auto provisioning of the product which has the lowest up front cost to gain access to your infrastructure.
what regions?!
The parts we've had issues with. Shockingly, Japan was the worst. China and India as well, obviously. Probably some other places I can't recall right now.
Stripe Radar was able to disallow the region wise or just IP addresses?
Is this is Internet Service Provider? May be blocking entire ISP may hurt new customer registrations?
Incognet: A discerning host for discerning clients.
That is pretty wild. They have something crazy like a 99% conviction rate if I remember correctly so probably not locals.
China
Russia
Ukraine
India
Vietnam
Pakistan
Iran
South Africa
Nigeria
Indonesia
Turkey
Romania
Brazil
Venezuela
Those are the countries that used to try and hit my servers most often. Given their extradition policies, I'd imagine they'd be considered "high risk" when it comes to fraud prevention as well.
If you block any IP that pops up with "Cloud Innovation" in it's whois then you can be absolutely certain you won't block any legitimate customers.
I think maybe they rent out IPs or something? Not my specialty, someone else might be able to tell better. But here's a good start to the puzzle:
https://bgp.he.net/net/156.230.16.0/21
https://bgp.he.net/net/45.199.32.0/20
https://bgp.he.net/search?search[search]=cloud+innovation+ltd&commit=Search
Basically nothing anymore past automatic payment processor checks. I do block two or three hosts networks from accessing me site though, ones that harbor a lot of bad people.
"Fraud prevention" tools block too many legit people just using a VPN, and some countries, you must use a VPN to access the free world.
Only two of those countries are "high risk" to accept imo. And not the ones most think.
A few US states and Australia are also on our black list as we classify some orders as high risk.
What did Australia do 😭
IP broker/manager - https://cloudinnovation.org/
Wouldn't have expected them! But there are a lot of Chinese nationals living in Australia that I didn't take into consideration, so that does make more sense.
Now the US state thing is interesting to me. I'd go out on a limb and say California, New York, DC, Maryland, Illinois, Nevada, Texas and Georgia would be on the "higher risk" scale.
For the US I'd say anything that geolocates to Ashburn, VA
Why are you so confident about these locations? Are you suggesting they are high-risk? Do you conduct verification before allowing access or considering permanent blocking?
interesting, I never thought to block this location.
It's a town of 44k people and dozens of datacenters
Japan ones are mostly https://www.vpngate.net/en/ and some botnets I'd bet, probably not actually people in Japan as most are mega afraid of breaking the law due to strict punishments.
@SecureLayer7 said:
I'm not a provider just speaking from former law enforcement perspective. They're the few top states for stolen credit cards and identity theft.
Hey! As long as you're not attacking my servers, we're cool!
based on my experience, many countries in South Asia engage in fraudulent activities, port scanning, and sending excessive malicious traffic, even surpassing the level of Tor. i usually just block'em country wide in cloudflare waf
If you have the staffing you can always require ID that shows name + billing address and maybe a picture of the card used for payment. I imagine that would make it difficult for customers to lie about the charge being unauthorized. This is what OVH and (I believe) MyLoc does, and they offer servers for under $10.
And as another person suggested, don't autoprovision services below a certain dollar amount. If they aren't spending much in your business, they can wait 24h or so for their order to be manually verified before provisioning.
Fake ID's are easy to come by and taking pictures of your card? lol. I wouldn't even trust a picture of my card on my cell phone, let alone some provider. If anything, you'd be helping skimmers put together premium packages to sell on the dark web.
I'll never, under any circumstances, send my ID to a hosting provider. That's the fastest way to send me in the other direction. Data breaches happen often. Even if they were using ID's+photos of cards to "prevent" crime, when they end up getting hacked because they don't have a full time security team or they hired a "security profesional (sic)" on Fiverr because they're a 1-man show or small team, you're screwed.
And part of the Washington metro area of 6.4M people
That's the way to roll. Sucks, because you hate to cut off good people that happen to live there but anyone who's looked at server logs knows what the deal is.
Same here these days. Stripe's radar has been very solid. I've even been rejected at other hosts due to card/business address being too far away from home connection (no VPN, nothing shady). Too much of a hassle for me to do anything about over a few bucks a month, so I just move on.
I wouldn't trust it, either. Will never require it as a host as well, I don't want to be custodian of that data. Just seems like you're going to make yourself into a giant juicy honeypot.
Generally, abuse patterns have been relatively easy to identify and slowly tweak order flow to discourage those people without disenfranchising the other 99% of legitimate users.
doesn't change the fact that only 44k people live there?
For us a big indicator is FraudRecord listings. The real problem is people with just one listing, its never clear. Although we provide the second if necessary.
For effective reduction its very important that when you whack someone look for the subsequent re-purchase with a new CC or paypal. Plenty of people will take you for a fool and go round again. Have the tools that are necessary to identify these ready is important. At the very least make sure you recognise when the same or similar details are used, when the same IP is used etc (I would suggest alot more than this).
I try hard not to discriminate against specific countries. I don't ban or flag any outright these days. Even if it would be very easy to eliminate the remaining % of fraud by doing so. If I was going to shame any countries it would be either China or the US.
Its a minority for the US for sure but the large ecconomically active population increases observed incidents. Usually an inflated oppinion of ones ability is usually to blame. Everyone can do to remember from time to time to listen to the person you are asking for help (even if that person is wrong, if you didnt need help you wouldnt be asking). Those of us with years of experience in this industry are often most regularly to blame (expecially when forced to deal with low tier support).
For China its probably just bad actors giving alot of the population a bad name (although chinese culture can be difficult to interact with as its often viewed as bad to be wrong imporant to "save of face") and overzealousnesss to commit fraud (claiming non receipt) over cents doesnt help.
Regarding fraud in general I tend to (incorrectly) have to deal with more than I would like, people think a DDoS protection service will anonymise their fraud portal, crime forum, phishing bank portal etc. Those tend to be more annoying to deal with as fraud isnt used at the payment side (crypto etc). But are dealt with accordingly.