Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Who creates fake accounts?


ocularmagic

Recommended Posts

Serious?
For sure. I don't like Micro$oft much ;) but every single instance of fraud that we have had in the last 3.5 years trading has come from @hotmail (about 70%) and @yahoo (about 30%)...

 

We have had none from "real" addresses...

Link to comment
Share on other sites

  • Replies 72
  • Created
  • Last Reply
every single instance of fraud that we have had in the last 3.5 years trading has come from @hotmail (about 70%) and @yahoo (about 30%)...

 

So, it's the 'ol one bad apple ruins the bunch ehh? I guess that is fine if you aren't one of the good apples (read:customers) trying to purchase on your site. bye bye potential sale. Surely there are better methods of stopping fraud than by simply banning the two largest free e-mail subscribers on the entire planet? But hey.. you're the one who has to pay the bills (both for bread & milk & chargebacks..)

Link to comment
Share on other sites

but every single instance of fraud that we have had in the last 3.5 years trading has come from @hotmail (about 70%) and @yahoo (about 30%)...

 

Using that logic I should block all orders from the far east since the only truly fraudulent orders I have ever received originated there.....Nah, I don't think so. If you're not accepting orders from Hotmail or Yahoo accounts you are missing a LOT of business.

 

Fake orders on the other hand are very easy to spot (usually) and are just a small nuisance. Afew clcks and they are deleted. For the most part the fake orders stopped after a couple of months of listing my site in the "Live Shops". I figured that they were mostly just OSC'ers checking out my site. Who knows for sure? I don't... and don't really care. The more people that visit the more sales.

Link to comment
Share on other sites

This thread has kinda gone off track, but each person runs their own business the way they do...it is less cost to us to refuse to sell to people who won't provide a "proper" email addy than it is to accept the chargeback etc...

 

Simple economics, gained over 3.5 years experience!

Link to comment
Share on other sites

How about gathering IP addresses of the customer who joins new and ADD his IP next to his name, so he knows that he is recorded.

 

Then a simple Line in Privacy.php to say that abusers or FAKE customers will have their IP banned.

 

And banning an IP to enter your site is easy.

 

Hope to see this as a contribution 1 day :cry:

Link to comment
Share on other sites

How about gathering IP addresses of the customer who joins new and ADD his IP next to his name, so he knows that he is recorded.

Then a simple Line in Privacy.php to say that abusers or FAKE customers will have their IP banned.

And banning an IP to enter your site is easy.

Hope to see this as a contribution 1 day :cry:

 

Do your homework I'd say :)

There is no such thing as unique IP addresses whenever you dial in through a provider.

Only a few people are given static IP addresses, 95% of your visitors come in through a dynamic ip.

Recording it (to prevent fraud) is useless as it can be changed by using any anonymous proxy server on the web.

Blocking it would result in innocent people getting banned. So IMHO this is not an option.

Any self respecting internet-criminal (if there is such a thing) know this and doesn't get scared by 'We logged your IP' message.

What are you going to do ?

 

Phone up Vietnam to ask if they can check their logs to see who dialed in the other day?

 

Regards,

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

First of all , all the internet services worlwide save your IP with the time and date of your connection at least 90 days, with the option for them to know exactly who joined.

 

This has been added over 2 years now..

 

You can go ahead and ask AOL if they record your IP with the time of date of your connection.

 

Anyway, you are talking about "self respecting internet-criminal" , well these people are very hard to block anyway since they can use 2 computers or even a proxy chain to systematically change their IP.

 

 

Still I am only talking about only scaring the "less respected criminals" who will get scared to see their IP recorded.

 

And believe me more then 80 % of the users still don"t know what is explorer and what is navigator, they only give fake Emails since they are afraid of spam.

 

So if we give them the feelling they are in a serious and secure surrounding, they will stop those fake emails and customers.

 

And I am talking with more then 3 years experience.

 

p.s: So how can we get the IP of the new registered Customers and show it to them when they Log In ? :shock:

Link to comment
Share on other sites

p.s: So how can we get the IP of the new registered Customers and show it to them when they Log In ? :shock:

 

There is an IP collector in the contributions section which I coded up - it's by no means a great solution, but it does work. Maybe take a look at that and adapt to your exact needs ?

Link to comment
Share on other sites

How about e-stores being designed to assume online buyers frequently window shop?

 

I know PayPal gets a lot of criticism for requiring user signup but I'm surprised that e-stores do not get the same criticism. Even more so since in the off-line world, consumers have payment accounts but not store accounts.

Patrick Breitenbach

Link to comment
Share on other sites

I for one would like the fake accounts to have obviously fake names so that I can easily delete them. Either that or please fill in all the details correctly and become a customer - and if you want, why not use your credit card to make a couple of test purchases as well ... ??

 

The problem with too many checks is that some customers actually want to try out the whole purchase process (maybe they want to see if you suddendly add a huge shipping fee at checkout or something) but do not want to use their real names whilst they do this. Unless you offer COD or have some other problem I would not stop them - and I have had very useful feedback from OS Commerce people doing the same so I can see no reason to stop them either. This reluctance to register is a strong reason why I introduced Guest accounts.

 

On a related issue, OS doesnt allow the customer to delete their own account (say following email confirmation). This seems to be a needed feature in today's paranoid world.

Ian-san

Flawlessnet

Link to comment
Share on other sites

On a related issue, OS doesnt allow the customer to delete their own account (say following email confirmation). This seems to be a needed feature in today's paranoid world.

 

Very good idea. I don't think this would be a very difficult mod. If I get around to it (never enough hours in the day) :crazy:, I'll have to modify our shop to include it, then contribute it. If someone else does it, please contribute it.

If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1????

Link to comment
Share on other sites

Allowing the customers to delete their accounts is asking for trouble from a record keeping standpoint.

 

So, if this does get contributed.. I would suggest instead of "deleting" the account outright.. a simple "disabled" boolean would do fine.

Link to comment
Share on other sites

First of all , all the internet services worlwide save your IP with the time and date of your connection at least 90 days, with the option for them to know exactly who joined.

No they don't.

And even the ones that do they still can not prove who was the actual person that used the dial in, even if traced back to his/her phone line.

 

And believe me more then 80 % of the users still don"t know what is explorer and what is navigator, they only give fake Emails since they are afraid of spam.

An explorer is someone that explores unknown lands.. and I believe a navigator tells a ship which way it should go.. but I could be wrong :)

Anyway, we are talking fake account creation here.

 

And I am talking with more then 3 years experience.

 

p.s: So how can we get the IP of the new registered Customers and show it to them when they Log In ?

 

You mean in all those long three years you've never learned how to fetch someones IP address?

SCNR :D

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

  • 1 month later...

I'm investigating possible solutions for this too. We get alot of annoying enquiries from obvious competitors, fake accounts and some fake orders.

 

You can't do much about the name(s) they use, or the addresses, and phone numbers... you CAN do something about the email verification though, i think.

 

Some time ago, while working with CGI scripts, there was a way to verify the Username part of the email address. The domain verification helps filter our most fake addresses, but once the validation kicks in, they can just enter in something like '[email protected]' and it will validate (because mail.com exists). I'll be trying to integrate this to our site ASAP, if its possible and it works, i'll make it available.

 

Any extra input would help :)

Link to comment
Share on other sites

Some time ago, while working with CGI scripts, there was a way to verify the Username part of the email address.

 

That doesn't work. You can start "fake" smtp communication and try to send something to [email protected], and ehn you get an error code you know the account does not exist. The logic is flawed though. Mayn smtp-servers accept all user names and will bounce later. The big smtp-servers simply accept all account names and will perform the real checking at a later stage.

 

Not an option.

You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Link to comment
Share on other sites

  • 3 weeks later...

[email protected] here :twisted:

 

I target a lot of non osc sites to see how userfriendly their checkout process is, and then try to checkout and see what happens.

 

The only reason I do this is to better my site users experience! The more sites I try...the better I get at spotting a "user friendly" checkout...sorry if you guys have to delete a fake acct. every now and then!

 

However, it'd just be under "customers" and NOT "orders" so who cares? Is it just the "eye sore" of a bad address that bugs ya?

I need to read the rules more often...

Link to comment
Share on other sites

it's the time wasted deleting it thats the problem!

 

i dont know how the other guys go, but i'm pressed for time answering emails, updating prices and filling orders as it is. This just costs me the time i could better spend helping my customers.

 

There's never going to be a solution, and i dont expect one, i just hope what goes around comes around :)

Link to comment
Share on other sites

it's the time wasted deleting it thats the problem!

 

i dont know how the other guys go, but i'm pressed for time answering emails, updating prices and filling orders as it is. This just costs me the time i could better spend helping my customers.

 

There's never going to be a solution, and i dont expect one, i just hope what goes around comes around :)

 

Why bother deleting it? It's a small text blob that is close to zero space on your database....These people are not emailing you, or asking for you time...they are giving you fake info so the DONT use any of your time...they don't WANT to hear from you.

 

I can understand that its a bit of a hassle, but its not like they are intensionally trying to cause you harm...

 

I'd take it as a complement. They obviously want to see how your checkout process works...which may mean they like the design of your site in the first place.

 

There's never going to be a solution, and i dont expect one, i just hope what goes around comes around :)

 

Give me a break. If I really wanted to cause a website some anguish creating a fake acct. would be the last place I'd start.

 

==

 

I wouldn't be surprised if a lot of people create fake accts. when I launch the OSC store I'm working on right now. I've got a lot of modules installed, and I've been digging really deep into the php to make it work exaclty how I want it too...some custom coding allowing 4 products of the same type to come up (and each one having custom attributes) on one page in a very different design to the standard OSC format.

I need to read the rules more often...

Link to comment
Share on other sites

so your site isnt even running yet? Maybe once it's up you'll change your tune.

 

It is a compliment, and in a way it's great feedback, the problem i have is when these fake users, that supposedly don't cause much hassle, order using one of my custom modules. No doubt to "see how it works" but they could simply ASK! i can give them a DEMO site to use instead. This will be hassle free, as the demo site will not be maintained.

 

Some customers have even paid for things after ordering them, and when i wish to contact them, their details were wrong (email and phone)! maybe it's a donation :lol:

Link to comment
Share on other sites

it's the time wasted deleting it thats the problem!

 

Can you not setup a cron job on your server that looks for users with names like 'xxxx' and whatever else you commonly get and delete them?

 

That would probably save you quite a bit of time and leave very few leftovers for you to delete manually once a month or so.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

I'm working on a mod that validates some of the details, such as post code and suburb. If the user doesn't match the suburb to the post code that it should have, they will receive an error.

 

The phone number can also be used to validate the users basic location. If the user has a phone number in a different state for example, it will not pass the validation.

 

Hopefully the time i invest in these mods will prevent future fake accounts.

 

Note that i'll make these mods available when they are ready, but they will be based on Australian Phone numbers and Post codes, not any other country.

Link to comment
Share on other sites

so your site isnt even running yet? Maybe once it's up you'll change your tune.

 

It is a compliment, and in a way it's great feedback, the problem i have is when these fake users, that supposedly don't cause much hassle, order using one of my custom modules. No doubt to "see how it works" but they could simply ASK! i can give them a DEMO site to use instead. This will be hassle free, as the demo site will not be maintained.

 

Some customers have even paid for things after ordering them, and when i wish to contact them, their details were wrong (email and phone)! maybe it's a donation  :lol:

 

Yeah, asking would be the right thing to do. I agree with you there.

 

And if fake customers are a big issuse, then, well...their a big issue. I'm not defending them, I'm was just trying to offer some logic as to why they do it...

 

Personally (obviously not the case with you) I don't see it being a problem with our site because we don't really care who becomes a "customer" because what they really are at this point are "members," we care about the "orders" (which are real customers) section, and people cannot order without their zipcode being real due to our credit card processor.

 

Got link to your test site? PM me if you don't want it on the board....Promise I won't enter fake info :D

I need to read the rules more often...

Link to comment
Share on other sites

I think I know why people create FAKE ACCOUNTS. The main reason being is to find out shipping charges. Atleast I have done this once or twice in my day when looking to purchase something.

This opens a whole new door to asking if anyone has ever thought of creating some type of module that would let a customer input a zip code and get a shipping quote before even making an account.

I have seen this in other shopping systems before.

Anyone interested in creating something like this??? I know this would eliminate the need for people to create fake accounts to find out shipping charges.

Just a Thought and hopefully a start of something good.

Frank S

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...