You don’t need LowEndBox to tell you that fraud is a huge problem in the online world.

Someone like Amazon, has the funds to write custom fraud detection, partner with the industry heavyweights, and hire a fleet of specialists (human or AI) to watch transaction in real-time.  Your average low-end hoster cannot do this, so they rely on third-party solutions such as MaxMind or FraudRecord.

And the stakes are real.  A typical scenario goes like this:

• Alice has a credit card
• Mallory steals the card
• Mallory signs up for hosting services, paying with Alice’s card
• Some time later, Alice notice the card is stolen and charges back everything
• PayPal charges the provider a service fee (in the neighborhood of $30!) for the chargeback
• Provider now is out the service fee, out the use of resources, and probably has work to clean up spamming, IP reputation, etc.

That’s one example – there are tons of other scenarios.  The point is that if the provider is making a thin margin on services, it takes a ton of transactions to make up for even one chargeback.

Hence, fraud detection.  Inevitably, these solutions generate false positives.  Here’s how you can avoid being one of them.

#1. Sign up from home. The IP you use to sign up is noted, and checked via MaxMind’s GeoIP.  If your home address is in London but the order is coming from Kyrgyzstan, odds are your card has been stolen.  Of course, it’s perfectly possible that you’re just traveling, but the provider probably won’t take the risk.

#2.  Don’t use a VPN to sign up.  This is related to #1.  Even if your VPN is in the same city as your home, it may be noted as a datacenter IP which will likely flag your account.  Drop your VPN before you sign up.

#3.  Use a PayPal that matches your signup email.  Not all providers enforce this (we were just discussing one that does on LowEndTalk) but it makes sense: stealing a PayPal login is the same as stealing a credit card.  If you’re logged into the portal as john.smith@example.com, why is your PayPal a.lukashenko@dictator.be?

#4. Use your real info.  This should be a “duh” but it applies to everything asked.  Don’t be cute and put “123-456-7890” as your phone number.  Don’t list yourself as “First Name: Elite, Last Name: Hacker”.  Providers want to know who their customers are.

$5. If all else fails, contact the provider.  One of the advantages you have working with a small host is that you can get ahold of a human, not just an Amazon AI bot.  Send them a note and you can probably work it out.  They can tell you what’s generating the false positive or work out an alternate form of identity verification.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Are We Approaching the $1/GB/Month Price Point?NohaVPS is Getting Close! - May 18, 2024
• Is This Video Legit: The Operator of Doxbin Being Held for Ransom and Tortured? - May 17, 2024
• DataWagon’s Dedicated Sales Event is On Now! - May 15, 2024