Webhosting Fraud?

June 17, 2005

I would like to tell you this short story what happened today with us (basically me).

Our team planned to open a new site and we decided to go to:
Webhosting Reviews
What we own, and then we purchase one of the reviews there that is

It seemed that everything was ok

Then we received an email from them
[c]Hello,

In order to prevent the rise of fraudulent activity there are some criteria that must be passed before an order is approved. If the criteria are not met the order is flagged.

Your order was flagged, thus we require proof of ownership of the credit card being used. If you do not feel comfortable faxing the credit card (fax number 1.416.661.****) then you may scan the credit card (front and back) and send it as a jpeg file to us at ****@netfirms.com . Once the credit card has been verified your order will be approved.

We apologize for the inconvenience. Unfortunately, we must take these measures in order to protect you and our customers.[/c]

and the answer:

[c]Hello,

Thanks for the email, but may I ask to you call me?
***35655** at any time, Here in Lebanon differs the time with long
hours, please can you call me at afternoon or night like this hour?

I will confirm the order.
[/c]

and then the answer:
[c]> Thank you for your recent order. Netfirms is pleased that you have chosen
> us as your web hosting provider.
>
> We are dedicated to ensuring the confidentiality and protection of your
> private information and prevention of identity theft. For this reason we ask
> you to contact our billing team within the next 3 days, so that we may
> complete your order.
>
> Our billing team is available Monday to Friday between 8:00 am and 5:00 pm
> EST and we can be reached at (416) 661-2100 or 1-877-399-****.
>
> Thank you, [/c]

And this is the answer that we made and why we will not make what they are asking. With full details:

[c]Hello,

Based on our previous experience, we are used to reading the policy
terms of each webhosting company before we purchase any package. When
we examined your policy terms, we found out the following:

“Registration
In order to use our services, a user must first complete the sign-up
form. During registration a user is required to give their contact
information (such as name and email address). This information is used
to contact the user about the services on our site for which they have
expressed interest. It is optional for the user to provide demographic
information (such as income level and occupation).

Order
We request information from the user on our order form for premium
services. Here a user must provide contact information (like name and
shipping address) and financial information (like credit card number,
expiration date). This information is used for billing purposes and to
fill customer’s orders. If we have trouble processing an order, this
contact information is used to get in touch with the user.”

You do not mention the need to fax or scan the credit card. This
request does not suite us for 2 reasons:

1. Before contacting you, we have examined several other webhosting
companies as ******.com or *******.com and chose you because your
offer seemed to be the cheapest. However, sending the fax from ***********
to USA would cost us $9 or calling you will cost us per minute $1.
Then the offer will no longer be the cheapest but more expensive than
others.

2. Even though you have mention securing information through SSL,
there is no guarantee
that the credit card information will really be secure and not abused
by any employee of your company. (no offense)

We will be glad to supply any other form of verification you want. For
example, you can call us (***35655**) and we will confirm the order.

Finally, we would like to mention that we did not face such an
inconvenience when we developed our other sites:
Exploitx.com – Exploitx.net – Outwartips.net – Spamforums.net (new) -
Webhostingreview.biz – Go2webhosting.net – GameForumX.com

Thank you for your cooperation[/c]

Everyone has their own opinion? No?
Everyone care about his indetity, we made a good point?

This is the last reply:
[c]Hi,

The reason that we ask this of you is due to the IP address of the computer used being different from the country inputted in the order. As we are an internet company, we receive a high volume of fraudulent orders and most are due to the discrepancy in the countries. Thus we want to be sure that there has not been identity theft and you are in possession of the card. In order to complete the order we will need to verify this information. You may block the middle digits as we only need to see the first and last four digits.
[/c]

For the IP address?
If someone want to make fraud, they can’t use proxies? Why IP address should be the priority? Why not call in our phone number and verify it in real time?

A copy of a credit card? Anyone can edit any credit card photo with Photoshop and it is done!.
–> Ip proxy : Carder solution, Proxy
–> Scan CC : Carder solution, Photoshop
But phone verification and bank verification?

I’m posting here for no offense to netfirms but just to show to other companies that this type of security Anti-fraud is sometimes (most of the time) Wrong. As what happened to us.

About the webhosting we choose this:

Why?

PowWeb offers:
–> Bandwitdh: 10 gb per day or 300 GB per month
–> Disk Space: 5 GB
–> SLL
–> Coupon offer that expires in June 30 (in case you want to buy) [b]take5[/b] -$5
–> If you buy 2 years of webhosting they give you 6 months free (so it is 2 years + 6 months) and 2 years Free Domain name
–> If you buy 1 year of webhosting they give you 2 months free (1 year + 2months)
and 1 year free domain name.
–>Service/Support: 9/10
–> Uptime: They said 99.9% but 4 days and still up and fine

That is our story.
If you want to comment you are welcome

Posted in General