Fraudrecord has become one of my most favorite WHMCS addons. Its been a great help for VPS customers and hasn't served me yet for shared hosting.
Fraud Record
- Thread starter LimestoneNetworks
- Start date
-
- Tags
- fraud record
FraudRecord is a great tool if used properly. When you see a customer has been reported for spamming 5 or 6 times its rather obvious they are not a client you want on your network. The only thing that bothers me about it is the "reliability" ranking. I have yet to see anyone ranked higher than a 1.
Yeah, the reliability ranking bothers me as well, I read somewhere that it is supposed to go up with time, as well as the number of reports submitted / number of reports looked up, but I've never seen anyone above a 1.
According to their site its based on a variety of factors, no idea what these factors are but it sure doesnt seem to ever change. I will have to pay more attention to it from now on as I am curious if any company has reached a higher than 1 reliability.
Just wondering if anyone has had this issue:
https://www.fraudrecord.com/forums/index.php?topic=31.msg369#msg369
We've not put a lot of time in to checking/debugging so it might just be as simple fix, but so far have had no luck with with latest whmcs/fraudrecord and getting communication working.
https://www.fraudrecord.com/forums/index.php?topic=31.msg369#msg369
We've not put a lot of time in to checking/debugging so it might just be as simple fix, but so far have had no luck with with latest whmcs/fraudrecord and getting communication working.
I personally think the issues posed by FraudRecord are a subset of those introduced by the increasing availability of big data. For example, there's a lot of debate about to what limits should be placed on the information that insurance companies are allowed to use when analyzing risk of new customers. It seems to be a pretty big problem, for example just looking at the system that has been built around FraudRecord, we already see instances where there are no malicious actors (customer, providers, FraudRecord all operating reasonably) but some are still *un*reasonably denied service or other issues. And even if all providers judged FraudRecord postings with adequate suspicion, there's still the fact (I think, someone correct my if I'm wrong) that just with your email address someone can learn things like at least one of the hosts that you've purchased services from.
As a result I think customers are already starting to avoid companies that use such data, at least I know that FraudRecord plays a role (an admittedly small one) in my decision when choosing a host. Some people maybe take the opposite view, that host using FraudRecord is positive aspect (you know your VM will be more stable!), but we all know abuse still happens and automated systems are always more effective (not to mention manually checking details).
At the very least, I think companies using schemes similar to FraudRecord should clearly mark somewhere in their terms of service that they use it ("We report anonymized customer information pertaining to orders that we deem fraudulent to FraudRecord"), and should definitely notify customers when they have been reported so that customers have a chance to contest the claims (provider adding report in FraudRecord and not notifying customer is disgusting in my opinion).
As a result I think customers are already starting to avoid companies that use such data, at least I know that FraudRecord plays a role (an admittedly small one) in my decision when choosing a host. Some people maybe take the opposite view, that host using FraudRecord is positive aspect (you know your VM will be more stable!), but we all know abuse still happens and automated systems are always more effective (not to mention manually checking details).
At the very least, I think companies using schemes similar to FraudRecord should clearly mark somewhere in their terms of service that they use it ("We report anonymized customer information pertaining to orders that we deem fraudulent to FraudRecord"), and should definitely notify customers when they have been reported so that customers have a chance to contest the claims (provider adding report in FraudRecord and not notifying customer is disgusting in my opinion).
Last edited by a moderator:
Wait, it doesn't? I've never actually used the service or had any direct interaction with it, though I would imagine that the customer would be notified when any data or action about them is entered and passed to FraudRecord. Should send an email to that of which is on file for their account with a URL for them to read and respond to the claim.
Then again, I guess if you introduce the ability to dispute then that would mean someone (Fraud Record) would then have to be the one to make the final decision... which would in turn be a tremendous amount of work having to read and review a provider stating their case and an upset customer going on long rants.
If the customer gives us the same courtesy and notifies us that he's spamming, hacking, DOSing, plans to chargeback after 3 months of service, or violate our Terms of Service and steal from us then I'll be glad to notify them that they've been added to FraudRecord, but until that happens they won't get any notifications from us except on the rare occasion when we use it as a tool to stop harassment.
If the customer has done something that warrants them being reported to FraudRecord by us, then it's pretty serious and I consider them as criminals in my eyes because they are no better than somebody who walks into a store and steals from the cash register or intentionally destroys property because every single client I've ever reported has cost us a lot more money than they paid us.
Last edited by a moderator:
FraudRecord is nice in principal, and technically less privacy violating than say a CC merchant gateway account through WHMCS (which you send the person's name, address, IP, email, and more based on whatever CC module you have). Most CC gateways do a fraud screen, against maxmind and internal database of 'this ip/user has been buying a bunch of stuff, watch out high risk' already so fraudrecord isn't really any different, but another data set for people to use.
The down side, its only as good as the data people submit. One thing I do NOT like is that fraudrecord keeps a record of the company who submits a report, with your company name attached to it that anyone can look up and see that you had an issue with them. While fraudrecord isn't storing the private data of said client (no email address, no credit card or ip specifically, just a 1-way encoded hash that traces back to them if you know their email, IP or credit card to do a check against) - it opens you to some complaints that if you report a user, who then decides to login to FraudRecord as a hosting company and look himself up can find your report against him!
By comparison, CDG or other credit card gateways that do fraud screening addons for credit card payments do NOT tell you who or the name of other hosting companies (or online purchasing history details) - they simply tell you that the user is high fraud risk, with no link to who reported them and why.
So bottom line - its a good tool, but by nature of relying on public reporting, and tying public reports to a legal entity/company will discourage people from reporting trouble makers.
The down side, its only as good as the data people submit. One thing I do NOT like is that fraudrecord keeps a record of the company who submits a report, with your company name attached to it that anyone can look up and see that you had an issue with them. While fraudrecord isn't storing the private data of said client (no email address, no credit card or ip specifically, just a 1-way encoded hash that traces back to them if you know their email, IP or credit card to do a check against) - it opens you to some complaints that if you report a user, who then decides to login to FraudRecord as a hosting company and look himself up can find your report against him!
By comparison, CDG or other credit card gateways that do fraud screening addons for credit card payments do NOT tell you who or the name of other hosting companies (or online purchasing history details) - they simply tell you that the user is high fraud risk, with no link to who reported them and why.
So bottom line - its a good tool, but by nature of relying on public reporting, and tying public reports to a legal entity/company will discourage people from reporting trouble makers.
You are talking about how you don't feel like notifying customer, but haven't mentioned any issues posed if you notify customer. If FraudRecord required companies to specifically say they are using FraudRecord in terms of service, and notify customers after a report is submitted, that would solve a lot of the transparency issues, and does not pose any additional problems (the notification should of course be done locally, say provided billing panel modules, so that FraudRecord itself doesn't get private data). Criminals must be told what they are being thrown in jail for before being thrown in jail, businesses lose nothing by automatically notifying customers when report is filed; everyone benefits since customers can have greater trust over the system as it improves accountability on businesses.
An anonymous report system that is otherwise identical to FraudRecord would be completely useless. Anyone could submit a report bashing a customer, and providers would have no way to verify its authenticity. FraudRecord is obviously not in a position to deem the validity of the reports, it doesn't even have the details of the customer being reported.
Obviously the customer can find your report against him. If customers were entirely unable to see for what they have been reported, there would be no accountability in the system and it would quickly break down. I would certainly not use any provider using such a service. Similarly, I would not purchase any services from a business unwilling to stand by their reports of fraudulent activity.
Last edited by a moderator:
It's not that I don't feel like it, it's that at that point in time I already lost money because of them so I will not continue wasting any more money because of them. If I were required by FraudRecord to notify every person I reported to them, I would stop using FraudRecord all together because it's not worth the headaches dealing with those types of people. I don't know any online company in their right mind who would contact somebody who just got terminated for running a DDOS botnet and tell them "Hey, we reported you to a database so other hosting companies know what you did", people already DDOS FraudRecord for getting reported, of course they will go after the host who reported them also. And let's pretend that all the person did was continue to harass us via e-mails, support tickets, fake negative reviews, etc... that's a lot more money being lost over it.
Other companies are welcome to do whatever they want, but I refuse to give skids, spammers, thieves, con artists, and other criminals any courtesy after they treat my company and I like dirt. They agreed to our Privacy Policy so they should expect the worst for their actions.
Now of course this is just my perspective because I don't go reporting people for stupid shit like "He opened 2 support tickets asking what his SSH port is" or "Didn't pay his invoice within an hour of ordering". I really wish that hosting companies could flag FraudRecord reports to clean up some of the trash reports I've seen and the reporting companies be penalized for that kind of thing.
Last edited by a moderator:
vRozenSch00n
Active Member
Those bad bunch deserve it. It's not only about loosing money, but it's more about one's professional pride both company wise and personal wise.
There is a nasty repeating threat over on another message board (LET) that is bashing a host, from a customer thrown off and reported to FraudRecord. Said client (or potential, but now x-client) went nuclear and is out using social media to basically bad mouth the host.
The public posting of who entered the data on record may add legitimacy to FraudRecord, but it also adds a double edge sword that can cost the host in pain and suffering (or online rep, which equates to money).
I don't have the answer (sorry) - but my concerns with FraudRecord reporting were based on that. I still like it in concept, and I agree there has to be checks and balances to keep it legitimate. Does FraudRecord need to make it public facing that anyone (who signs up for a free account and types in an email address to 'see' if they are listed) can see their report, and who made it? should it be some closed circle 'cabal' of grand wizards who approve membership into the FraudRecord system for access to do lookups? (I'm joking on that btw)
WIth Maxmind anti-fraud, or our credit-card gateway's advanced fraud monitoring - they do not tell me which other hosting company or online store had a beef with this person, only that the details of the user match up with 'trouble'. Maxmind does partly rely on post-user subsmission of 'charge backs' and bad deeds to add to their system (while i realize most of it is automated IP address based). Overall even though its not publicy telling me who made the compaints to get this person a bad 'reputation', I still have a reasonable trust if either tell me its high risk.
Perfect world? Every computer user accessing the Internet has to sit on a chair powered by 50,000 volts. Once your abuse level rises too high, you are 'taken offline' permanently. That goes for spam, and fraud
Until there is something significant to keep fraudsters and spamsters scared to do bad things, our best bet is these type of feedback systems even if not perfect.The Fraud Record 'system' does not fit with everyone's ideals on how things should be done, obviously no one can dispute that as a new thread pops up on the interwebs fairly often however the reality is apart from people that feel hard done by the others that comment about the way it works and how much they don't like it are the ones it will never actually impact I would bet.
It is one of those situations where there is no 1 solution that would make everyone happy but it certainly does work for hosts, just today in fact I accepted an order without doing the Fraud Record check, I then did run the check around an hour later to see a report made by KuJoe which suggested the end user was a spammer, double checked things and low and behold there was a constant stream at about 40mbit with thousands of smtp connections, needless to say that person no longer has service.
Do I feel like I should tell them that I have also submitted a record? no.
Do you think they would have grounds to care if I did tell them? no
Would it change anything if I did tell them? no
I have submitted a report in the past that was challenged, the end user contacted Fraud Record, they in turn contacted me and mediated upon presentation of the evidence the record was removed in this instance it was more due to end user ignorance i.e. running an anonymous proxy on a common port which was then found and abused by a spammer, I agreed to remove the record despite the fact the end user was a royal pain about losing his service to begin with because in hind sight he then understood what damage he had caused and probably wont do it again.
I really like Fraud Record, I think 1 simple change would make it much more acceptable to the majority of people who don't, and that is the ability to look yourself up and have a proper appeals process in place and when an appeal is in progress the record is marked as such.
It is one of those situations where there is no 1 solution that would make everyone happy but it certainly does work for hosts, just today in fact I accepted an order without doing the Fraud Record check, I then did run the check around an hour later to see a report made by KuJoe which suggested the end user was a spammer, double checked things and low and behold there was a constant stream at about 40mbit with thousands of smtp connections, needless to say that person no longer has service.
Do I feel like I should tell them that I have also submitted a record? no.
Do you think they would have grounds to care if I did tell them? no
Would it change anything if I did tell them? no
I have submitted a report in the past that was challenged, the end user contacted Fraud Record, they in turn contacted me and mediated upon presentation of the evidence the record was removed in this instance it was more due to end user ignorance i.e. running an anonymous proxy on a common port which was then found and abused by a spammer, I agreed to remove the record despite the fact the end user was a royal pain about losing his service to begin with because in hind sight he then understood what damage he had caused and probably wont do it again.
I really like Fraud Record, I think 1 simple change would make it much more acceptable to the majority of people who don't, and that is the ability to look yourself up and have a proper appeals process in place and when an appeal is in progress the record is marked as such.
Munzy
Active Member
Ohh offer post coming soon?
Hm, that does sound good too. I suppose automatic notification has problem that customer can just change details next time he or she registers.
Last edited by a moderator:
fraud is a constant moving target and requires constant monitoring. we use several systems and they all seem to be about the same. just comes down to who is current on the data.
Both, Record Fraud and Maxmind have made a difference for us.
Both, Record Fraud and Maxmind have made a difference for us.