# Phone verification?



## rds100 (Nov 29, 2014)

We are currently using MaxMind's phone verification to verify all orders. However as you probably know MaxMind is shutting down this service at the end of the year.

So what do you guys use for phone verification? Is there any other similar alternative?

I could code something to do it, but if there is some ready commercial solution / service - i'd rather use that instead. Would be one less thing to maintain and worry about.


----------



## trewq (Nov 29, 2014)

I was actually thinking about developing this and offering it as a service.


What exactly would you require and what cost were you thinking? I feel like with MaxMind exiting I will be able to fill their place.


Looking for anyone else's input with the features and cost too.


----------



## rds100 (Nov 29, 2014)

@trewq i don't have any cost figure in mind, probably something like what maxmind's model was - preload some credits, and then every call costs something (probably different price per country / destination).


----------



## trewq (Nov 29, 2014)

@rds100 I'll put some numbers together tomorrow and see if it's viable and I'll let you know.


----------



## KuJoe (Nov 29, 2014)

We used to do phone verification but the trolls would use up a lot of money a month so we stopped using it.


----------



## trewq (Nov 29, 2014)

KuJoe said:


> We used to do phone verification but the trolls would use up a lot of money a month so we stopped using it.


If it's done right this shouldn't happen. It should stop after the second retry and have other checking algorithms in place. It seems like everything that is currently in the market is just built to call people and take your money instead of protecting you, its clients.


----------



## KuJoe (Nov 29, 2014)

trewq said:


> If it's done right this shouldn't happen. It should stop after the second retry and have other checking algorithms in place. It seems like everything that is currently in the market is just built to call people and take your money instead of protecting you, its clients.


I agree. What I saw happen was a user would enter a phone number for a country that cost us almost a dollar per call, then they would answer the phone (at least I really hope they were, because Maxmind states they only charge for answered calls) and within seconds request a callback and do this multiple times per account. I started disallowing orders from countries that cost more than $0.60 per call to make it harder for them to eat up our credits, but it didn't stop them it just slowed them down.


----------



## rds100 (Nov 29, 2014)

Yes, it would make sense to limit this to maximum 1 or 2 calls or sms per customer, for more you need to open a ticket.

Also a phone number that was already used by another customer should be blocked.

Also the system should be able to identify and reject premium rate and possibly VoIP phone numbers.


----------



## MannDude (Nov 29, 2014)

rds100 said:


> However as you probably know MaxMind is shutting down this service at the end of the year.


Nope. Did not know.


----------



## RTGHM (Nov 29, 2014)

You know, I wrote a system for phone verification for a company (which I won't name), I just used Twilio API + Toll-Free 1-800 phone number, and you can use the TEXT api, or CALL api, I used text, it sends them a text from a toll free number, they have to respond with a code the website gives them, and once they do that, it sends the text through the API to your systems, you verify the code is correct, if it is, you allow register, etc.

I might have a copy of the code laying around if you want it, let me look for it.


----------



## comXyz (Nov 29, 2014)

@trewq I would like to see your phone verification service online too


----------



## rds100 (Nov 29, 2014)

There is also TeleSign, but the require $100/month minumum sales. Someone might decide to aggregate the verification from a bunch of providers and start reselling TeleSign's verification. I think MaxMind was using them.


----------



## trewq (Nov 29, 2014)

Ok, I've done some number crunching and this is extremely viable for me. Max cost will be $0.50 and that will only be for a couple of countries with the rest sitting at about $0.25 per successful verification.


You will be able to disable things like VoIP numbers, certain countries and even people roaming in different countries if they are using a mobile. This is just off the top of my head, lots more options available.


I would prefer to offer this as a post paid service or have a flat fee for all number and you just buy "packs".


Thoughts?


----------



## rds100 (Nov 29, 2014)

Any ETA for the first beta version?

Btw 25 cents per call is cheaper than what maxmind charges for most countries. There are the rates they had - https://www.maxmind.com/en/phone_rate


----------



## trewq (Nov 29, 2014)

rds100 said:


> Any ETA for the first beta version?
> 
> 
> Btw 25 cents per call is cheaper than what maxmind charges for most countries. There are the rates they had - https://www.maxmind.com/en/phone_rate


Yeah, their prices are really high. The only eta I can give you at the moment is before January, once I actually start development I'll be able to give a specific date.


----------



## rds100 (Nov 29, 2014)

Ok, start thinking on how to make the backend side (get https://trewq.com/makecall?licensekey=fghqhdh&phone=%2b12345678&pin=1234). I'll start thinking on how to tie it in WHMCS - already have some ideas about this, will see if i have time on Monday to test something.


----------



## trewq (Nov 29, 2014)

Hooking it into WHMCS will be my biggest issue. I've only made a couple of plugins before but like anything else, once the ball is rolling it gets done pretty quickly.


----------



## KuJoe (Nov 29, 2014)

The WHMCS plugin is the easy part. Once you get the backend shaped out, there are plenty of us who can knock out the WHMCS plugin overnight. You just need to do all of the heavy lifting.


----------



## trewq (Nov 29, 2014)

KuJoe said:


> The WHMCS plugin is the easy part. Once you get the backend shaped out, there are plenty of us who can knock out the WHMCS plugin overnight. You just need to do all of the heavy lifting.


I'm fine with that! I'll let you guys know when I've got some docs written.


----------



## RTGHM (Nov 29, 2014)

trewq said:


> Ok, I've done some number crunching and this is extremely viable for me. Max cost will be $0.50 and that will only be for a couple of countries with the rest sitting at about $0.25 per successful verification.
> 
> 
> You will be able to disable things like VoIP numbers, certain countries and even people roaming in different countries if they are using a mobile. This is just off the top of my head, lots more options available.
> ...


Not bad pricing, but for me I can get at 2 cents per 2 text messages(incoming or outgoing), and 8 cents per minute on call time (if I change a few things, I can lower it to 4 cents per minute).


----------



## trewq (Nov 29, 2014)

RTGHM said:


> Not bad pricing, but for me I can get at 2 cents per 2 text messages(incoming or outgoing), and 8 cents per minute on call time (if I change a few things, I can lower it to 4 cents per minute).


Is that for every country and via an api?


----------



## RTGHM (Nov 30, 2014)

trewq said:


> Is that for every country and via an api?


that's canada/us/uk rates.

for germany, russia it's 4 cents per 2 texts, 10 cents per minute.

Other countries it gets a bit more expensive, the most expensive is 45 cents a minute


----------



## trewq (Dec 6, 2014)

@rds100 @KuJoe Just wanted to let you guys know that I should have an alpha of just the verification working by tonight. Won't have all the bells and whistles that I want it to have but it's progress.


----------



## Steven F (Dec 6, 2014)

Nexmo.com

You could do this easily in just a few minutes. Heck, once I finish doing the dev. work that I was hired to (and after I finish the IP blacklist, which is next), I can pop out a plugin for this, if anyone wants.


----------



## trewq (Dec 6, 2014)

Steven F said:


> Nexmo.com
> 
> You could do this easily in just a few minutes. Heck, once I finish doing the dev. work that I was hired to (and after I finish the IP blacklist, which is next), I can pop out a plugin for this, if anyone wants.


That's what I'm using for the backend. I am going to be adding more functionality than they offer though.


----------



## Leyton (Dec 6, 2014)

Nexmo is a great service - the only other recommendation in a similar price range I'd give is Plivo.

Both provide a similar service, and it never hurts to have a backup option in place - or to split your load between the two of them based on which performs best for the individual needs.

I've had a working version of something similar in our panel for a while, using both as a failover, but it's not built with any API or thought for WHMCS - though if you run into any problems, I'd be more than happy to  have a look 

Anyway, I'll leave you to develop; just wanted to offer a reasonable backup option for the gateway.


----------



## EnveraHost (Dec 7, 2014)

trewq said:


> I'm fine with that! I'll let you guys know when I've got some docs written.


Would you also be able to offer SMS verification as a cheaper alternative to calling?


----------



## trewq (Dec 7, 2014)

EnveraHost said:


> Would you also be able to offer SMS verification as a cheaper alternative to calling?


Defaults to SMS if available otherwise it calls. Same cost.


----------



## RTGHM (Dec 7, 2014)

I got my plugin ready, I'll just publish it on github for anyone to use.

No sense in selling it or anything, rather just keep everything open-sourced.

If you want it just hit me up with a PM, I'll reply ASAP.


----------



## TurnkeyInternet (Dec 8, 2014)

We would be a customer if a service could do this properly - we ran into a lot of trouble with tying ours in whmcs to external api's becasue we could not get a 1-size fits all solution that would be user friendly.

The big challenge with WHMCS at least is/was that there is no way to process a new order, pause to do this fraud check (where it interacts with a user to check for a PIN code, and re-direct to re-try if say their phone didn't get the text and they want to enter a new number to verify) then once completed go back to the completed order process and process the payment/provisioning.

We spoke to WHMCS directly on it and couldn't come up with any way to make user interaction (enter pin, or retry something else) within the payment processing process of a new order.

RTGHM would be very intersted to see what you did on WHMCS, we've been considering outsourcing for a module on this but if you invented the wheel already or the start of it, maybe w can chat for more features!

my 2 cents - for us, its not about the cost - 25 cents vs 50cents per verification is perfectly fine.  The cost of a charge back, or worse a spammer/bot-net person on your network causing abuse far outweighs the added cost and saves the billing dept manual time.   I realize every host is different, but for us it would be invaluable to have it do everyting we wanted.  We were sad to see maxmind depart this arena, it only tells me that their isn't a business  case of success in the model they ran it at (which is suprising as they had built in support with whmcs and other billing systems world wide, but stil couldn't make money with their fraud verifier / phone verifier to the point they shut down the phone options even now that the main product requires payment


----------



## rds100 (Dec 22, 2014)

@trewq any progress on this? Beta version or something?


----------



## trewq (Dec 22, 2014)

rds100 said:


> @trewq any progress on this? Beta version or something?


Honestly I've been so busy over the last week I haven't had much time. Festive period and all, I'll set some time aside this weekend and get a working version going.


----------



## Joshua-Epic (Dec 22, 2014)

In all honesty, it is much easier to have an employee make the call. For us, we have assigned one of our night system monitors to verify accounts via phone call or verification documentation. It only costs us about $35 for the phone line per month with pretty reasonable rates for out of country calling. At most, its about $0.75 /minute and most calls only take a minute or two. With one provider of the phone verification service leaving, its only a matter of time before another rises.


----------



## trewq (Dec 28, 2014)

@KuJoe @rds100 What's the method is easiest for hooking into WHMCS? JSON, GET, POST?


----------



## rds100 (Dec 29, 2014)

@trewq for the whmcs part i was thinking of a modification of the viewinvoice.tpl template and add additional check when the customer goes to pay the invoice - if he has a "phone verified flag" (add hidden custom field for this) - the normal payment options are there and he can pay the invoice. If he has not been verified previously - replace the "pay" button with a custom link which sends him to the verification page. And that verification page should call some API (GET / POST doesn't matter) to make the call with random generated 4 digit code, then have a form the input the code that the customer received. If the code matches - set the "phone verified" flag and redirect to the invoices list. If the code doesn't match... tell the customer he failed the verification.


{if $status eq "Unpaid"}
<font class="unpaid">{$LANG.invoicesunpaid}</font><br />
{if $clientsdetails.customfields6 ne "passed"}
<form method="post" action="phoneverify.php">
<input type="submit" value="Pay now" />
</form>
{else}
{if $allowchangegateway}
<form method="post" action="{$smarty.server.PHP_SELF}?id={$invoiceid}">{$gatewaydropdown}</form>
{else}
{$paymentmethod}<br />
{/if}
{$paymentbutton}
{/if}


But there is a little problem - viewinvoice.tpl doesn't have the custom fields by name, hence the "$clientsdetails.customfields6" above, which would be different for someone with different custom client fields. You could probably use a mysql query to find the right custom field but meh.


----------



## KuJoe (Dec 29, 2014)

Weird, my post disappeared.

I was going to just create a basic hook that checked certain criteria and redirected the client to a verification page based on that criteria. @rds100's solution is nice, but I try to avoid changing template files if at all possible because some people use custom templates and such.


----------



## trewq (Dec 29, 2014)

Much easier than I expected. Do you want me to be hosting the phoneverify.php? Sorry, just trying to get a grasp on what you actually want to make it easier from the start.


----------



## rds100 (Dec 29, 2014)

Nah, the phoneverify.php must be local to the WHMCS installation since it must have access to the client details (country and phone number). It can then use an API to an external service to actually make the call. But first it should display the full phone number (with country code). The country dialing prefix should be added automatically in front of the phone number (so the customer can't specify a phone in a different country. It should display something like "We phone verify all orders. We will an automated make a call to +123456789 to give you a verification code. If this is not your correct phone number please go to your client details and edit it" with a link to the client details. And there should also be a "call me now" button.


----------



## rds100 (Dec 29, 2014)

Looking at the WHMCS hooks documentation perhaps one could really use a hook instead of a modification to a template file to invoke the custom phone verification. This should be a good starting point - http://docs.whmcs.com/Hooks:AfterFraudCheck


----------



## rds100 (Jan 6, 2015)

I ended up coding something myself (using an invoicetemplate.tpl edit to hook it). Still very early code, but seems to work from the client side - can send SMS or make a call and complete the verification. Need to write something for the admin side to make it easier to use, but it's a good start.


----------



## TurnkeyInternet (Jan 6, 2015)

hooking it in via the invoicetemplate.tpl means you create the account and product / invoice prior to verification I presume (and run it after maxmind auto checks it?).

Would be very interested in a full solution for whmcs that works for this - the only 2 vendors listed on WHMCS as modules for this are now no longer offering it or replying to sales (phone disconnected etc).

ModulesGarden is willing to code one for reasonable money though - we are still doing manual verify's via phone after using the automated checks built in with maxmind, and our credit card gateway on top of that.

I'ts suprising there isn't something more robust already working in whmcs to do phone/text verification before the accounts even get created.  But the fact the 2 vendors on WHMCS who offered a product/module for this are now gone/out of the market (including maxmind no longer doing phone verifications / sms verifications) it must not be profitable meaning not enough demand.


----------



## rds100 (Jan 6, 2015)

Yes, the customer places the an order, runs through maxmind. If maxmind allows the order there is an invoice and when the customer goes to pay the invoice he is redirected to the phone verification before making the payment. After the phone verification he is allowed to pay the invoice.


----------



## Geekion (Jan 6, 2015)

this is really bad if maxmind really will shut down


----------



## alexvolk (Jan 7, 2015)

I have an idea in mind to code it soon (probably for free   ).

Maxmind fraud detection + Twilio sms/phone verification = Best fraud module for whmcs.


----------



## rds100 (Jan 9, 2015)

Ok, our phone verification system is finished, seems to work fine. We have no plans to make a commercial phone verification system or anything like that - it was developed just for our own use. I won't be putting it on github or anything like that either since the code currently has some ugliness and local assumptions, but it's a good start. If anyone needs the code in order to help him make his own system - PM me.


----------



## rsk (Feb 20, 2015)

Hello,

Please check this thread : 

Regards,

R. Alkhaili


----------



## haloelite3 (Mar 4, 2015)

Phone verification is a great idea however it can come at a cost what you are trying to get.

I personally dont have much experience with phone verification may I add, however I am listening into what any of you say.

Thanks


----------



## fixidixi (Mar 4, 2015)

Just used duosecurity in a project. great api availability accross.. everything. but it costs a whole lot of cookies..


----------



## mehargags (Mar 5, 2015)

from some recent research I touched base with "informatica" who claim to be No.1 in the World for ID verification services. They say they feed the Fraud record agencies world wide.

May be pricey -- but worth a look http://www.addressdoctor.com

They have email/phone/address verification


----------



## haloelite3 (Mar 7, 2015)

Although it may seem cheap per text message, it depends how much money you have coming in and how many clients you have. You do not want to find yourself losing money because of the amount of times a client logs in and etc. It also depends on the location of the client I believe due to over sea costs. Take your time, consider all the factors and make the decision after a period of time.


----------



## Hermes Hosting (Aug 17, 2015)

I didnt think about using phone verification im very happy to have stumbled upon this i am going to use it for now on.


----------



## CenTex Hosting (Dec 28, 2015)

we use fraud records to check the order to start. If things still seem out of place we pick up the phone and call them. Most of the time we go ahead and call all customers and see if we can help with migration or anything else.


Just takes a few seconds to pick up the phone. We have our support guys do this as most of the time they are just dealing with chats or support tickets and only takes a few seconds for them to reach out.


If everything checks out we will open up a migration ticket for them.


----------



## farhanideas (Jun 12, 2017)

You must go through there are many provider like viop which help to get some good rate for pricing


----------

