Ok so I am sure most of the hosts out there use Maxmind for fraud checking.
I found a tool today that will create some random info. Now just because I was curious I had SC-Daniel run it through his Maxmind and it came up as a fraud score of 0
The info I gave him took me 5min to create.
Might want to have a look at this and think about your fraud protection
User info I gave to Daniel
All that above info is fake except for the email address domain name. It is a domain name that I haveJulian M. Sotelo
3548 Rosemont Avenue
Orlando, FL 32801
Phone: 321-985-0537
Birthday: July 19, 1947
SSN: 768-**-****(Removed)
Julian.S@tsfarm.info
Maxmind info Daniel gave back to me
What does that tell you guys?Estimated distance from IP Address to CC Billing Address, in Kilometers: 5
Country Match Yes
IP Country Code US
High Risk Country No
Free E-mail Provider No
Anonymous Proxy No
BIN Country Code
BIN Match NA
BIN Name Match NA
BIN Name
BIN Phone Match NA
BIN Phone
Customer Phone in Billing Location NotFound
Open Proxy Score (0 low risk, 3 and above high risk) 0.00
Fraud Score (0 low risk, 10 high risk) 0.00
New fraud score representing the estimated probability that the order is fraud, based off of analysis of past minFraud transactions. 1.72
IP Region FL
IP City Orlando
IP Latitude 28.5037
IP Longitude -81.3306
IP ISP Road Runner Business
IP Organization Road Runner Business
fraud score of 0
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
I was kind of shocked when I ran this through... We used some random IP address and it just happened to be in the same billing zipcode
I will for sure be strengthening my fraud checks and not let laziness get to me and just go by what maxmind spits out
Now, imagine what a real scammer could do with that tool
█ Daniel | Server Complete, LLC
█ Linux VPS // Dedicated Servers // Backup Services
█ Jacksonville, FL || Atlanta, GA || Phoenix, AZ || Secaucus, NJ || Germany, EU
Thats why I did not post the link to the tool itselfOriginally Posted by SC-Daniel
Now, imagine what a real scammer could do with that tool
Anyone does not believe me I will show you a screen shot of the tool
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
There's a thread on WHT that is currently discussing anti-fraud checks and manual vs automation. Maybe I'm old school, but I prefer to use a combination of my own tools and knowledge in conjunction with Maxmind in order to determine whether to accept or reject an order.
Maxmind is a great utility, but it should not be the ONLY utlity that people use in order to ascertain validity of an order.
Tracker and Daniel, it's pretty scary that you've found a utility that can fool Maxmind, but I can't say that I'm surprised.
Manual reviews, utilizing extraneous methods in corrdination with Maxmind is the only way to truly protect yourself. Automation? Pah... humans will NEVER be replaceable. ;D
I myself have just got maxmind and still will do my own fraud checks on orders over $X amount
And ya it is slightly scary...but if you look hard enough you can find anything
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
Did someone tell Maxmind ??
If they knew about it they might be able to do something about it ...
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
I have not gotten that far just yet. Will be contacting them shortly
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
I think is needed, It's the same as not having maxmind! When scammers can get through!
I sent them an email
Mynode exactly.
And for the record no I am not a scammer just thought everyone should know about this. And that it can be done so easy.
Perhaps this tool/site makes it to easy
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
That's why when I do an order at x10 I check the IP and the address information, if it doesn't match up I usually question the order.
Thanks for the tip though.
█ Brandon Long | Wicked Free Hosting
█ brandon[@]wfh[.]im | 1-877-927-7606
█ Enterprise Free Hosting! Try us today
Problem is I have a partner in Orlando. We used his IP address. It would be nothing for me to hop on his vpn and do the same thing. So that does not always work
TheModShop | Twitter | FACEBOOK
A two-year-old is kind of like having a blender, but you don't have a top for it.
I'm confused. The tool generates data that has nearly next to nothing to do with analysis report you generated.
Also, whats the point of the tool unless the information is real information of victims of identity theft? How would the transaction go through normal authorization process?
I had somebody sign up with weird information and they bypassed maxmind.....I'll look into other options as well....
Take me to your leader
Maxmind shouldn't be your sole source for fraud verification. Nothing beats hand verifying your accounts as well as speaking to the customer with the phone number given.
Ryan G.
Good thing I don't just use Maxmind as my fraud detector. I disabled my automated account creation in WHMCS so I'm constantly checking for fraud orders. Sometimes even making phone calls if I find it necessary
Rageki Web Hosting Solutions - Canada & United States Web Hosting
DirectAdmin & cPanel Control Panels
99% Uptime!
30 Day Money Back Guaranteed!
Posting Permissions
Bookmarks