New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How Do You Implement KYC in Your Hosting Services?
greenhost_cloud
Member
in General
Hello everyone,
I'm interested in learning more about how different hosting providers implement KYC (Know Your Customer) procedures. What methods and practices do you use to verify the identities of your customers? Any insights or experiences you could share would be greatly appreciated! Thank you!
Comments
@Calin please provide some insight.
depends if the fruit is ripe or not
regards
Uhh, making those customer running away arent we today sir?
We just ask for an email address.
I'm not sending customers Christmas cards and I'm not calling them on their birthday. If they don't pay with crypto then the payment processor is better equipped than us or any other random hosting provide to confirm who they are.
@Hetzner_OL is asking for an ID, they promise to delete it once identity is verified.
Customers should NOT be sending their ID scans to random lowendtalk hosts. Horrible idea.
Hetzner likely does things properly but 95% of hosts here likely do not.
Same with us. If you're paying with crypto, we don't require any additional info.
Credit Card / PayPal payments require a name and address on file to run through our fraud check system.
Same
No additional info required for crypto.
For Stripe payments, we rely on Stripe Radar rules. We never ask for ID or proof of address, and we accept customers from every country.
So, what is your suggestion to deal with fraud and scams?
What if the payment was made with crypto?
Yes, but if the regular providers have to do it, what is the best method?
So how do you deal with scams?
Same as a strict KYC host. Suspend or terminate.
Unforitnatnly, the US government wants to force all hosts to require ID verification. I can't wait to start handing out my ID and SSN like candy to purchase a $5 VPS.
Simple:
Ban scammy countries;
Ban temp mails;
Ban vpn, proxy;
Do not play with non-fiat;
Ask for blood sample for dna sequencing;
Ask for semen as a backup for dna sequencing;
Give 5% discount if customer agree to implant your company rfid chip;
@greenhost_cloud Why KYC?
Here you go:
1.
Use Stripe Radar for early warnings and reviews.
Paypal has been very good (atleast with us) if there are any issues.
Do NOT terminate/cancel service as soon as you see chargeback/dispute email from payment processor. Terminated/Cancelled service usually works more in favour of client. Keep service active and provide screenshot that you actually fulfilled the "work order".
2.
Block Port 25 by default from your CP
Open port 25 on request only, once any abuse report is received, permanent block!
3.
Use https://www.fraudrecord.com/
Always double check before deploying big service (specially where you're reselling).
Always report spammers/scammers
Big money + potential scammer flags -> Throw Stripe Identity on their face -> https://stripe.com/in/identity
Most important: Improvise, cos scammers do!
They've been saying that for years, but I do think it's the way things will go both in the US and in Europe sooner or later.
The question is: Will they implement a safe, secure system to do this? Or will taking a photo of your ID and uploading it to some random company's WHMCS suffice?
I'm not trained on document and ID authentication verification.
No way they will do it correct once mandated
No, they won't give any guidelines on how it should be done. But they'll fine you $100,000 USD every time it's done wrong.
I think people are just going to stop going with noname hosts at that point tbh. Might as well pay a bit more and know you (probably) won't get your identity stolen.
There are third party services that will handle this for you and honestly I would trust those a lot more than I'd trust some random low end host.
We ask for a video from each client.
Clients who do not send video are charged extra due to increased risk.
See https://pushups.ndn.today/ 2022-10-23 title for an example.
Exactly. I’ve used these. The end client dosen’t get any ID etc only the specialized company doing the verifications.
OP KYC'd me despite using my residential IP, a real paypal account that has been in service for over a decade and I supplied the correct details.
So they already have KYC in place.
No one else here has KYC'd me for the same details and same payment method(not even Hetzner fun fact!).
What if the customer only uses the PayPal Balance account (statement has the name but not address) and lives in a hotel (doesn't have electricity bill)?
Fair enough. But my paypal has no balance and uses only my CC(pretty much using paypal as a gateway) and has my correct address as well.
Having to provide additional information for someone who's actually legit is a bit lame, especially since I've never had to provide any KYC ever and I've been with a lot of providers over the last decade.
What does that even mean?
That doesn't make sense.. Similar grammer is used in most phishing emails. One of the primary reasons they do that is to weed out the smarter people who wouldn't fall for the scam..
So.. Hard pass.
The grammar was off, which was one of the reasons I declined (including the fact that I was KYC'd).
It's the same proof of address type of verification E.G Prescription script, utility bill and/or rental agreement (the type of things you need in NZ when opening up something serious like a bank account).
Customer here, but if I pay with PayPal, I expect PayPal to prevent fraud, confirm identity, etc., not the hosting provider. Same for credit card via Stripe, for example.
I think Hetzner's procedure mentioned by @JohnFilch123 is a little sketchy, since there's no way to confirm that they're actually deleting your ID, and there isn't really a good reason to take it in the first place, since a fraudulent purchase could just be contested by the actual card/PayPal account owner from their end.
If you still accept PayPal or credit card:
If you only accept crypto:
If you only accept cash by mail:
There's this huge assumption that the worst customers are those who won't pass KYC.
They cost quite a lot relatively per verification and are therefore more often used where it is worthwhile. I think many small companies would need to pass on these costs which actually harms competition.
RIPE performs third-party verification on ASN requesters.
LIR charges $7 for their effort preparing the paperwork, but does not pay RIPE for each ASN (until end of 2023).
How could RIPE afford these verifications?
First, we send a verification code via SMS to confirm the customer's phone number.
For credit card payments, we use Stripe Radar to detect and prevent fraudulent transactions.
When a customer makes a bank transfer, we verify that the account name matches the name provided during registration.
If there are still concerns, we check FraudRecord.com for additional verification.
Should any doubts remain after these steps, we contact the customer by phone to confirm their information and may request further documentation, such as proof of address and a valid ID.