Hosting Advice

[seemly]

Based on credit/debit card payments, combination of CV2, Address, PC, 3D, electoral roll, telephone, common sense, association, web checks, IP etc. Plenty of these combine for Fraud Screening with the right systems. Better still, auth codes are a great way of confirming the person using the payment card has rights/access to it beyond holding a card in hand. After that, if something doesn't look right, don't accept. Asking for proof of ID be it Passport or Driving License, except in the duty of law is lunacy!

Common sense? Otherwise known as assumption.
Many of the other options you provide (electoral, address, cv2, IP, web checks is all circumstancial and proves nothing regarding true ID).

Auth codes is better - but on a new customer signup/purchase, this doesn't help validate anything.

Just to note; I'm not arguing with you, I was just passing information forward, whilst also wondering how you go about screening your customers for fraud.

 

[ian]

Common sense? Otherwise known as assumption.
Many of the other options you provide (electoral, address, cv2, IP, web checks is all circumstancial and proves nothing regarding true ID).

Auth codes is better - but on a new customer signup/purchase, this doesn't help validate anything.

Just to note; I'm not arguing with you, I was just passing information forward, whilst also wondering how you go about screening your customers for fraud.

Well I suppose it comes down to what you are protecting against, fraudulent payments, or fraudulent use? In my situation, it is ensuring the payment is good, which is why those points I mentioned are valid. If hosting companies need to prove identity (why?) then that is different, but I certainly wouldn't be happy handing over such information, even with nothing to hide, I don't see there being a valid need.

 

[MrMason]

Hi all,

We just thought we'd reply to this thread to explain a little bit about where we are coming from in regards to the checks

This isn't requested for every hosting signup and it is actually pretty rare that we need to request additional ID information. However there are times when an order doesn't meet the minimum security level required to process the order automatically - these are the times in which the person ordering is then asked to contact us so we can request additional information.

In this case we requested simply proof of identification and this could either be a copy of the account holders drivers license or passport or proof of name / address, this is done purely to verify that the person actually placing the order and the (already verified) details of the cardholder paying for it are the same.

We appreciate that seemingly this might seem overkill for £3 a month hosting, however it's not related to cost but due to the nature of shared hosting. Once someone has access to the hosting they can then send mail at the rate of 500+ mails per hours per domain and upload content to the servers etc. If someone decides to then use the service for abusive purposes this could in turn affect all other users on the server - if for example the shared IP reputation becomes in anyway damaged all other users on that server could have mail sending issues.

One of the initial ways we prevent such abuse (other than with the server side technical implementations we have) is at sign up before access to the hosting is given - by checking each order that we receive and if it's deemed to need to be additionally reviewed, we will manually check the order and request extra information when needed. This is as I say rare and there is always an explanation available for the person ordering if they wish to know why their order didn't meet our minimum requirements.

I hope that helps explain a little about why this was requested and if the user Atlas would please like to get in touch with us again I'm sure we can help resolve this quickly for you.

Thanks,

Tom

 

[ian]

In this case we requested simply proof of identification and this could either be a copy of the account holders drivers license or passport or proof of name / address, this is done purely to verify that the person actually placing the order and the (already verified) details of the cardholder paying for it are the same.

We appreciate that seemingly this might seem overkill for £3 a month hosting, however it's not related to cost but due to the nature of shared hosting. Once someone has access to the hosting they can then send mail at the rate of 500+ mails per hours per domain and upload content to the servers etc. If someone decides to then use the service for abusive purposes this could in turn affect all other users on the server - if for example the shared IP reputation becomes in anyway damaged all other users on that server could have mail sending issues.

For me personally, it isn't so much that it seems overkill for £3 per month (because it is the knock-on affect as you've explained), but that "simply proof of identification" isn't that "simple" when you are asking a customer to hand over the most important piece of documentation they will have. I have no idea how you request this information (hope it isn't email), so can't comment on the data transfer process, but I personally wouldn't be comfortable handing over said documents.

 

[MrMason]

For me personally, it isn't so much that it seems overkill for £3 per month (because it is the knock-on affect as you've explained), but that "simply proof of identification" isn't that "simple" when you are asking a customer to hand over the most important piece of documentation they will have. I have no idea how you request this information (hope it isn't email), so can't comment on the data transfer process, but I personally wouldn't be comfortable handing over said documents.

That's fair enough, we understand that some people aren't willing to provide that information - and we will lose their custom.

We used to use the same logic as you with our new customers, but it simply wasn't good enough - we had fraud with users who we had spoken to on the phone and who provided all the information you've asked for. They then proceeded to impact our other customers and place our environment in danger.

Our primary concern is keeping our current customers safe - of course we don't want to be spending all this time and effort for something that costs £3/month - but we have a duty to the customers who have been with us for almost 15 years first.