I was just doing a little reading about how more web hosting companies are demanding ID scans nowadays to prevent fraudulent signups using stolen credit cards and to prevent nefarious uses such as copyright infringement, phishing, spamming, etc. HostGator says they get 6,000 fraudulent signups per month. ID scans are a tool they use to help protect against such fraudulent signups.
There are some examples of fake ID scans they have received in those posts. It’s pretty funny stuff what people try to pass off. IDs with photos of Hollywood celebrities like Brad Pitt with the name of Connie? Yup.
Is this common now? I haven’t been involved with purchasing web hosting for over 5 years. None of the hosts I had ever insisted on an ID scan when I bought hosting years ago. So I’m just wondering if this is standard operating procedure today or if this is primarily used when non-American customers try to buy hosting.
Put yourself in the position of an e-commerce website owner. Would you accept an order and ship to anyone who completes your order form? Do you ship to anyone who enters a credit card number? Do you merely check the mathematical formula for verifying that a credit card number MIGHT be legitimate or check with a bank that it IS legitimate? Do you check the address on your form (shipping or merely for validation) against the address the bank has for that card?
Is verification a standard operating procedure today? From this perspective, what do you think?
Sure, address verification and stuff, to make sure the person making the order is shipping the order to the billing address, the IP address making the order is located in the same area as the billing address, etc… But I wasn’t aware they were requiring ID scans for hosting.
I would think that an ID scan can be ponied-up easier than getting a credit card which is honored by a bank so, as a requirement, it’s ridiculous (IMHO, of course)!
I’ve seen it a few times for dedis/vps. It’s an additional measure sometimes required if maxmind or similar fraud detection system flags up an order as ‘high risk’ (sometimes just being from another country is enough)
Yes this is a common feature of the host that I use. If your using fake ID to sign-up then it is a fair bet that you are also using stolen credit to attempt to pay for your hosting. In risk avoidance this is general terms is called ‘upstream problem solving’; the ability to solve problems before they cascade and become larger problems. This way those users caught can’t slip by the payment process.
Also why worry about it as you are giving the host a valid card. Even without being verified in this way at some hosts, they are checking your profile info with the Bank, and that Bank has a very thorough profile on you that is shared across countries. The fact that HostGator is doing this upfront with people might rub civil liberties the wrong way but what is worse you knowing what’s happening or it hiding behind the scenes without you knowing?
After doing some reading on other boards and seeing how the oversellers appeal to the lowest common denominator like scummy phishers, software pirates and copyright infringers, I can understand their need to do some background checking. I just wasn’t aware it was on its way to becoming a common practice. I suppose a dedicated server is capable of massive amounts of spam, so a little personal verification might not be unreasonable. But still, it’s a pain in the butt and, quite frankly, it isn’t something that honest people are going to like doing.
No, I would not expect someone engaged in the stealing of personal information like credit card numbers, spamming, hacking, or software piracy to use their real identity. But when you are offering “unlimited” server resources for $7 a month, you are going to attract that type of crowd.
I chuckled when I recently read a complaint on another board by an angry webmaster upset because Go Daddy disabled his account for phishing. Can you imagine losing your account over that?
Yes, ID scans are common in the hosting industry. Fraud rates get higher and higher every day across every industry. You have to consider that every action a company performs has a cost associated with it. It is better for a hosting provider to nip it at the bud. As other posts on this thread point out, if someone is willing to use a fraudulent credit card to sign up for a hosting account then what can be expected of them once they have that account active and associated with another person or even a non person. If a legitimate user is having credit card issues then they are more than willing to track down the problem or send in additional information in order to verify identity.
