SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,774
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)

    Web hosting companies demanding ID scans?

    I was just doing a little reading about how more web hosting companies are demanding ID scans nowadays to prevent fraudulent signups using stolen credit cards and to prevent nefarious uses such as copyright infringement, phishing, spamming, etc. HostGator says they get 6,000 fraudulent signups per month. ID scans are a tool they use to help protect against such fraudulent signups.

    http://blog.hostgator.com/2012/03/25...our-id-please/
    http://blog.hostgator.com/2012/06/29...lease-part-ii/

    There are some examples of fake ID scans they have received in those posts. It's pretty funny stuff what people try to pass off. IDs with photos of Hollywood celebrities like Brad Pitt with the name of Connie? Yup.

    Is this common now? I haven't been involved with purchasing web hosting for over 5 years. None of the hosts I had ever insisted on an ID scan when I bought hosting years ago. So I'm just wondering if this is standard operating procedure today or if this is primarily used when non-American customers try to buy hosting.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    cd,

    Put yourself in the position of an e-commerce website owner. Would you accept an order and ship to anyone who completes your order form? Do you ship to anyone who enters a credit card number? Do you merely check the mathematical formula for verifying that a credit card number MIGHT be legitimate or check with a bank that it IS legitimate? Do you check the address on your form (shipping or merely for validation) against the address the bank has for that card?

    Is verification a standard operating procedure today? From this perspective, what do you think?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,774
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by dklynn View Post
    Is verification a standard operating procedure today? From this perspective, what do you think?
    Sure, address verification and stuff, to make sure the person making the order is shipping the order to the billing address, the IP address making the order is located in the same area as the billing address, etc.. But I wasn't aware they were requiring ID scans for hosting.

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    cd,

    Ditto.

    I would think that an ID scan can be ponied-up easier than getting a credit card which is honored by a bank so, as a requirement, it's ridiculous (IMHO, of course)!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,518
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    I've seen it a few times for dedis/vps. It's an additional measure sometimes required if maxmind or similar fraud detection system flags up an order as 'high risk' (sometimes just being from another country is enough)

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Yes this is a common feature of the host that I use. If your using fake ID to sign-up then it is a fair bet that you are also using stolen credit to attempt to pay for your hosting. In risk avoidance this is general terms is called 'upstream problem solving'; the ability to solve problems before they cascade and become larger problems. This way those users caught can't slip by the payment process.

    Also why worry about it as you are giving the host a valid card. Even without being verified in this way at some hosts, they are checking your profile info with the Bank, and that Bank has a very thorough profile on you that is shared across countries. The fact that HostGator is doing this upfront with people might rub civil liberties the wrong way but what is worse you knowing what's happening or it hiding behind the scenes without you knowing?
    ictus==""

  7. #7
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,774
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    The fact that HostGator is doing this upfront with people might rub civil liberties the wrong way but what is worse you knowing what's happening or it hiding behind the scenes without you knowing?
    After doing some reading on other boards and seeing how the oversellers appeal to the lowest common denominator like scummy phishers, software pirates and copyright infringers, I can understand their need to do some background checking. I just wasn't aware it was on its way to becoming a common practice. I suppose a dedicated server is capable of massive amounts of spam, so a little personal verification might not be unreasonable. But still, it's a pain in the butt and, quite frankly, it isn't something that honest people are going to like doing.

    No, I would not expect someone engaged in the stealing of personal information like credit card numbers, spamming, hacking, or software piracy to use their real identity. But when you are offering "unlimited" server resources for $7 a month, you are going to attract that type of crowd.

    I chuckled when I recently read a complaint on another board by an angry webmaster upset because Go Daddy disabled his account for phishing. Can you imagine losing your account over that?

  8. #8
    SitePoint Member
    Join Date
    Jul 2012
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can see why the're doing this. I might be in a little trouble as I've made my age a bit higher than my real age, 14.

  9. #9
    SitePoint Zealot coloradojaguar's Avatar
    Join Date
    Sep 2011
    Location
    Southwestern Mountains
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, ID scans are common in the hosting industry. Fraud rates get higher and higher every day across every industry. You have to consider that every action a company performs has a cost associated with it. It is better for a hosting provider to nip it at the bud. As other posts on this thread point out, if someone is willing to use a fraudulent credit card to sign up for a hosting account then what can be expected of them once they have that account active and associated with another person or even a non person. If a legitimate user is having credit card issues then they are more than willing to track down the problem or send in additional information in order to verify identity.
    Hosted solutions provider since 1998 - UK, Atlanta, L.A.,
    JaguarPC.com - Managed Hybrid Servers |
    Managed VPS Hosting | Dedicated Servers


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •