Preventing fraud in WHMCS is quite simple! In this blog, ReadyWire shows you how!
This afternoon, someone visited ReadyWire.com, signed up for a reseller hosting account, and used someone else’s PayPal account to pay for the purchase.
Now, this is hardly breaking news. Unfortunatley, in the ecommerece world, this sort of transaction occurs all the time!
To help offset her student loan debts, my wife recently started selling cosmetic products through one of the major independent sales programs. At her first showing, a woman chose to pay for her purchases using her credit card. When my wife told me about this, I grew jealous. Oh how I wish there was a way that a web hosting business could be a ‘card present’ establishment.
Techniques used in online card-not-present fraud are becoming more and more sophisticated. What happened today at ReadyWire.com is a prime example. Here at ReadyWire, we employ minFraud’sonline fraud detection service to help us screen incoming orders through our website. The fraudulent order that we received earlier this afternoon passed minFraud’s criteria with flying colors. On a sale of 1 to 10, minFraud rated the order a 2.5. Some of our longtime customers had minFraud scores much higher than that back when they signed up!
With this particular order, minFraud had this to say:
This order is slightly risky, and we suggest that you review it manually, especially for B2B transactions. The order is slightly riskier because the e-mail domain, gmail.com, is a free e-mail provider
Ok, so according to minFraud, the only reason why I should be hesitant is because the individual used a Gmail address as their email address. How many people use Gmail these days? That’s hardly a reason to get ultra concerned about the order, in my opinion.
At ReadyWire, we activate new orders manually and do not utilize the auto-activate feature in WHMCS. If we would have setup WHMCS to auto-activate new orders, this particular fraudlanet order more than likely would have gotten activated, and the fraudster would have received an account on our server to do whatever illegal and criminal acts that they wanted to do. Thankfully, a little human intervention kept this from taking place.
6 Simple Steps to Take When You Receive a New Order
1.) Do a little happy dance! I do one every time we receive a new order.
2.) Check the address — Plug it into Google Maps and verify that the address really does exist. We once received an order that listed the address to a McDonald’s franchise in Tupelo, MS.
3.) Check the area code — Is the area code located anywhere near the address that the person listed? However, keep in mind that many people are utilizing a cell phone as their primary phone number these days. As such, it’s not uncommon for someone who recently moved from one part of the country to another to not change their cell phone number. I’m a prime example of that. My cell phone’s area code is no where near Chicago.
4.) When it comes to payments, don’t take WHMCS’s word for it! Login to PayPal and double check to confirm that the payment came in. While you’re logged into PayPal, crosscheck to verify that the name on the account matches the name listed in PayPal.
That’s how we caught the fraudster today! The first and last name listed on the PayPal transaction screen did not match the name that the client used to sign up their order.
5.) Ask your client to fill out an authorization form.
Examples:
http://www.readywire.com/forms/creditcard_authorization.pdf
http://www.readywire.com/forms/account_authorization.pdf
This is how we were able to confirm that the order we received earlier today was not legit. We asked the individual to fax us a copy of their drivers license and they sent us this image. Again, I went to Google to find out what an Ontario Drivers License looked like, and to my surprise, I found the exact same image online as what came over in the fax.
This criminal wasn’t the sharpest crayon in the box.
6.) If the customer already has a domain name, pull up the WHOIS record and verify that the WHOIS contact/address matches the information listed in WHMCS.
And finally…
6.) Ring the number and say hello to your new customer. You don’t need to say anything like “I’m calling to find out if you’re committing fraud.” Simply tell your customer that you wanted to take the time to say hello and to thank them for their business. Two things are going to happen as a result of your phone call: A) You’ll have an opportunity to see if the number is legit and B) You’ll have an opportunity to build a relationship with your new customer.
Without a doubt, one of these online criminals will slip through the cracks. However, there are extremely simple steps to ensure that this doesn’t happen to you regularly.
We Want to Learn From You!
Tips? Tricks? Comments? Please leave them! We want to learn from you!