I was looking thru our logs today for (VPS.NET) sales, and found out that in for each successful sale, our fraud system stops on average 7.5 other sales from going thru.

We have several methods of stopping the fraudster from gaining access to an account, and even so once a while one of them manages to get by, usually our post-sale fraud measures catch them within a few hours anyway.

While those numbers are abysmal, the real mind boggling fact is .. those few that do get by, they never do anything with their account … so .. what is the point ?

If people are going to try to buy hosting with a stolen credit card, you’d expect them to use it to further exploit other revenue streams, be SPAM or hosting fake baking logins, but on the cases that we seen go by, the accounts just sit there, a VPS is created by nothing is ever uploaded, or in most cases even accessed (using it to try and access other VM’s is also out of the question, we use Xen in a cloud setup, you just cant see who is around you).

So it begs the question .. why ? why would anybody steal somebody else’s identity and card details to buy something they never use ?

I guess for some people this is just a sick game to see how far they can go … unfortunately it is a costly game for providers, as they the ones who have to invest in yet more costly fraud prevention technology and pay the premiums for dealing on a high risk merchant market, of course those extra costs then have to be filtered down to the mass public who buys their stuff legit, AKA .. the rest of us.

So my advise, if you know anybody who steals CC info, dont bother reporting them to the authorities … beat them up instead, make sure to break a few typing fingers …

Yes .. I advocate violence towards a fraudster… 😀