New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Do you believe them?
Sure!
KYC is Horrible idea too!
Nope.
So only potential clients that can receive SMS messages are allowed to be customers?
How do you receive and store this 'valid ID'?
RIPE charges LIR's a lot of money annually.
This is an automatic verification to activate the profile. If the customer does not confirm the account with the SMS code, the account remains limited and cannot access services.
In some cases, SMS issues may occur, so we proceed to the next verification steps by contacting the customer by phone to confirm their information.
We use WHMCS ticket to receive and store the valid ID document. The customer can upload the ID in a ticket or send it via email. When the email is imported, WHMCS deletes the file from the email inbox and retains the file only within WHMCS. After confirmation, we delete the file from our WHMCS system. Alternatively, the customer can request the removal of all their data from our system.
I wouldn't recommend anyone to touch fraudrecord with a ten foot pole as it is completely broken and illegal under GDPR and similar legislations. In another therad I can see some hosts stopped using it for the same reason or actually consulted a lawyer.
Fraudrecord website makes a bunch of inaccurate statements about the algorithm used (sha1 iterated 32000 times). You can check that by simply reading wp216, which is very clear about such methods "staying inside the scope of legal regime of data protection" and "allowing for identifiability".
Simply go to the fraudrecord website and click on signup, you'll see they are operating under a false assumption that "you will be sharing non-identifiable client information".
While in fact you are sharing information that is trivially identifiable and falls under GDPR protection.
Here is an example of such a report https://www.fraudrecord.com/api/?showreport=baf224d0cb1f8d4e. There we have:
ip: f63b1289ba936aa46e32804fc7ce7d6866f16782
There are about 4 billion ipv4 times 32000 iterations and you can make a lookup table in just a few hours depending on gpu used. This needs to be done just once. Other fields such a address, phonenumber, email and name are as easy to break.
The above report has also a nice points and reliability score. Exactly what credit reference agencies and banks are banned on doing by the recent CJEU judgement. And no, excuses like "it's not a negative decision" and "the final decision is made by the company using the score", did not fly.
Where/what is the above report?
Or are you refering to the 'fraudreport' entry?
I was refering to the fraudrecord entry. You can find the CJEU "credit scoring" judgement here.
Customers can confirm that we delete their ID by writing to our data protection team at [email protected]. In accordance with the EU's General Data Protection Regulation (GDPR), we have a data protection officer, who is responsible for making sure that we follow the law.
Contesting payments related to fraud is an investment in time and personnel. Also, it's often related to other forms of abuse. We are careful with accepting new customers because it helps protect our current customers and others online. And it helps keep our prices low.
Still, no KYC process is perfect. We constantly strive to improve ours. We know that not all customers are comfortable with giving us an ID, even to use just temporarily for the account verification process. And we accept that they may choose to go to another provider instead because of it. --Katie
Kindly please can you say the name of your Hosting / Company? To avoid it at all costs.