With domain name registration the factors that we have noticed that are almost certainly fraud orders are (in various combinations):
1) credit card payment is all lower case and/or obvious non understanding of how US addresses are formatted
2) domain name has "hack" or some foreign sounding word. Or is anything related to vietnam (get plenty from vietnam)
3) IP location doesn't match customers location
4) Multiple attempts in a row with different credit cards
5) Registrant name doesn't match the name on the credit card and/or address
6) Customer name doesn't relate to email address used in any way.
Once again no one factor is definitive usually but a combination of several together almost always indicate a fraud order.
Those are off the top there are more. Bottom line is when you simply look visually at the orders you can tell with near 100% certainty that an order is fraudulent.
Otoh, here is a fictional example of an order that wouldn't appear fraudulent at all:
domain: bobspartycity.com
Registrant: Bob Wagner
Address: 76 Walnut St., Williamette IL
bobspartycity@gmail.com
And IP is in that vicinity etc.
...etc. It could be of course but we've never had a case where a fraudster puts much effort into faking an order using knowledge of what we look for.
No it's not automated. Although it would be possible to mechanical turk if you train in the rules.
One thing I forgot to mention is that in edge cases what you do is send off an auto email to the registrant with a challenge question or requesting additional information from them. Or you say that the bank has declined the charge.
So for example if the person says they are "Bob Wagner" a business owner living in the US but replies to the email using broken english or doesn't understand the question you know something is wrong. Of course you try and do it in a way that doesn't tip them off that you suspect anything (other than in the case where you tell them that the credit card has been declined (when it hasn't) to see how they respond). Someone who has committed fraud will of course be paranoid. In fact a kid using his mothers credit card will be paranoid and respond in a unique way that says "shit" in some way shape or form.
Edit: Auto email must be formatted and appear to have been personally written by a person just to the recipient. Otherwise many cases won't be responded to at all.
1) credit card payment is all lower case and/or obvious non understanding of how US addresses are formatted
2) domain name has "hack" or some foreign sounding word. Or is anything related to vietnam (get plenty from vietnam)
3) IP location doesn't match customers location
4) Multiple attempts in a row with different credit cards
5) Registrant name doesn't match the name on the credit card and/or address
6) Customer name doesn't relate to email address used in any way.
Once again no one factor is definitive usually but a combination of several together almost always indicate a fraud order.
Those are off the top there are more. Bottom line is when you simply look visually at the orders you can tell with near 100% certainty that an order is fraudulent.
Otoh, here is a fictional example of an order that wouldn't appear fraudulent at all:
domain: bobspartycity.com
Registrant: Bob Wagner Address: 76 Walnut St., Williamette IL bobspartycity@gmail.com And IP is in that vicinity etc.
...etc. It could be of course but we've never had a case where a fraudster puts much effort into faking an order using knowledge of what we look for.