New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
CubeData uses our own FraudRecord Anti Fraud System, which has more than just FraudRecord API Integration, it also has two other API integrations in it, to really catch any further attempts at Fraud.
With it being turned on strict for a while now, haven't had any chargebacks whatsoever from the people who do manage to get past it.
The secondary thing I'd be worried about is when times get tough in the hosting world (or they have a drug addiction) that they just turn around and sell your data themselves and then feign shock when their "servers got hacked."
I think this is the best advice on this topic overall. Cut the low hanging fruit and then tweak as necessary. I've never been flagged for fraud for other e-commerce stuff but I'm almost always flagged for server providers.
Quick ticket to support making sure the issue wasn't a mis-type or something, fire up a VM and a virgin browser with no addons, place order, done. Sure it's inconvenient but as long as it doesn't take an ungodly amount of time to manually provision (If the order doesn't get provisioned immediately on the second go with "the fix") - I don't mind. If I need something right away, I'll just fire it up on Vultr and then transfer to a different provider after the fact.
Anyone who is persistent about needing a cheap VPS immediately is probably a red flag. That's possibly the better question to pose to providers - what are the biggest red flags when it comes to bad clients and malicious actors preceding/during/post ordering.
exactly the same as above countrties - spam, fraud and chargebacks after 8 months of service usage (all clients were verified so no VPNs or proxies).
The most common fake ID were used is from Florida state, the best one is with Covid mask
:
were they all chinese like the guy earlier said?
It would be beneficial to have the following configurations for improved fraud prevention:
With these insights in mind, I plan to make adjustments to my WHMCS's AuthSafe plugin based on these suggestions. Hopefully, this will lead to a reduction in fraud-related issues. It's reassuring to know that I'm not alone in facing this challenge.
Someone needs to make a "Anonymous Tales From Service Providers" website with stuff like this. I'm certain there'd be some entertainment value potential.
I'd definitely read it. Sometimes (from the provider side) it's nice to know whatever your team is seeing internally isn't exclusive.
Hmm.. some I can think of quickly:
Quite a few more I'd have to think about. As far as regions go: I know China gets thrown under the bus a lot but I have to say our fraud/problem customers from there are really no more than anywhere else and they have 4x the US population. India gets rolled up there too, but same story. Both have generally been good customers, fun to interact with. Really thinking about it, "problem" interactions have been exceedingly rare.
a bit offtopic: but how do you handle recurring payments (e.g. via stripe) by customers from India? As WHMCS does not support the new regulations yet, do you use a different payment gateway or is it just a hassle and a mess each month?
No idea on this recurring payment. It ask for the OTP and there is process by payment gateway.
We are using current sensfrx.ai integrated with WHMCS so far working very well.
To technically avoid chargebacks..
I think the safest way is to authorize first, and then capture later. You get 5 days with Stripe. During this time you can do some due diligence and/or would hope some red flag behavior would be visible.
I know most billing software in this is space is utter garbage but surely authorize today capture +5 is feasible with some. A chargeback can't happen whilst a payment is in pending state.
To avoid buyer remorse, reach out to them, make cancellation in the 30 day window one click, remind them the name of the company and what will be charged, refund them if they got to cancel by +1/+2 days etc..
Due diligence needs for time investment if you install something will help you to build the risk then it will be helpful. Strip has their own fraud prevention.
I like and dislike your approach at the same time. I want to use one-time card and ensure I am safe in the future. Your approach will either decline the transaction because thr card type is not supported or authorize the card and effectively use it without you being sble to chargebit later.
On prepaid and one-time card you wouldn't know the difference tbf, it would show deducted immediately, infact for most credit cards and debit cards you would only know after N+2 if there was a delay between auth and capture.
I believe that asking for ID is not the correct way to do it. Since many clients even those who doesn't any shit in the servers, will refuse to do it and will go away. No matter what, there are customers who doesn't accept it even if they do is legit and legal.
This is a question of privacy and their rights, of course Hosting Providers have the same rights to ask for KYC, but many customers will run away from that.
For me the best to do to avoid such things:
Blocking Port 25
Increasing Prices
Manually provisioning for cheap services (or increase prices for cheapest plans), other alternative is to change and force billing cycle being for 6 months or 1 year.
Most of them avoid expensive plans or billing cycles above >1 month.
Pretty sure KYC may give and put away risks, but for sure many new "clients" will be lost even the legit ones.
I agree with this sentiment. We conduct fraud assessments using multiple providers, if anything hits, then we request KYC verification.
If client refuses, just refund and move on. Worst case, you lost a customer you already didn't trust, best case, you saved yourself from the headache of having to clean up after them.
We done some custom rules so don’t need any KYC, as merchant does it for us as part of payment process.
What are those custom rules?
We do use Stripe and stripe radar allow to do various payment rules which helps avoid very good customers with bad habits (fraud and chargeback)
http://web.archive.org/web/20220815065740/https://outsideheaven.com/uk/about
Turn on all Stripe 3DS verification, which almost prevents us from encountering all fraud again
Its not just about turning 3DS, what about Fake registration, Inventory hording, fake credit card, bad bots and etc. In North America, 3DS disregarded, people feel this as another friction. After this long time, we are using our own Sensfrx.ai - decisions via AI intelligence with 200+ rules. We currently happy about it.
The US government also has a 99% conviction rate yet US citizens do shit all the time still. Dunno if a super high conviction rate makes a huge difference.
Edit: just saw how old this is lol why was it on the front page