This was posted in the OVH forums on Monday, but I didn't see a topic about it here yet. Hope it's not a repost.
We talked a few weeks / months ago about the fraud that we encounter every day. These payments are made with stolen credit cards. 2 years ago, we implemented a system which can detect quite a few fraudulant payments but now we have a considerable amount of payments that we cancel every day: more than 70 payments to cancel a day, always the same hackers. Other payments with stolen credit cards manage to get through undetected and are then detected too late. The hacker takes advantage of the service for several days (before the owner of the card cancels the payment). Meanwhile the hacker creates phishing pages, scans networks, etc..
Recently, these frauds have gone extremely far as the hackers have the true identities of the owner of the credit cards, phone, address, etc.. To sum up, currently we are not able to know beforehand if it is a true hacker or a real client. The amount of fraudulant transactions rises to several tens thousands of Euros a day! And those who manage these kinds of problems every day are close to suicide ...
That is why we will implement a verification system to verify customer identity that's
MUCH deeper than expected.
There is no change for existing customers. If you are already a client at Ovh, nothing changes for you.
The changes are only for the new customers who place their first orders at Ovh.
> For customers: FR, BE, CH, LU, DE, AT, PL, UK, IE, ES, PT
Starting from tomorrow, new customers must indicate an SMS number in the country where they live (and thus enter the real information about the country and mobile number). If you do not have a mobile phone, you will not be able to place an order at Ovh. The system will block before placing the order. By SMS the customer receives a 4-digit code that he must type to place the order. Then he will be able to pay and receive the service.
From August, once the customer has made the payment paid, realization of the order will not begin immediately. The client will receive within 24h/48h a letter by post with a 4-digit code that he will have to enter in order to start the realisation of the order. If after 10 days, the customer has not entered the code, the order will be cancelled and payment will be refunded automatically. We prefer to cancel the payment because there is no cancellation fee. However, if payment is cancelled by the bank we have a lot of expenses. Then if the rate of cancellation is too important, Visa or MasterCard refuse payment and everything is blocked.
From September, the customer may not have the SMS or not receive the letter with the code (one of these 2), but must type the code that will appear in his account. If after 10 days the client has not entered the 2 codes out of 3, the order will be cancelled and the payment will be refunded automatically.
> For customers other than: FR, BE, CH, LU, DE, AT, PL, UK, IE, ES, PT
> From September, we can accept clients who do not live in countries
where Ovh has developed the market. However to avoid fraud he will have to type the 3 codes (mandatory): The SMS, the postal address in the country where he lives and the code in his account. If one of these 3 is not entered the order is cancelled and the payment refunded automatically.
All these measures will help reduce fraud. Then for usual customers this will reduce the time for achieving the order since they will go through without manual verification of the payment (with sometimes sending documents by fax). Also, we will accept payments from new countries that we currently refuse (as the likelihood of fraud is too important). But most importantly the new system will enable us to implement strong verification regarding reseller accounts and to enable you to save money long-term with OVH and with no frauds or unpayments to manage.
These measures are very paranoid, but this is only to continue to provide you the services. Indeed, with the current level of fraud, our business model is challenged, the network security is not correct and there are a lot of misunderstanding or false debates such as "The server is available in 1 hour, yes but I have not received anything, normal! your payment is being verified, yes, but you already have 3 servers at Ovh ...".
Following these measures, the hackers should move towards our competitors which will in turn increase their security against fraud. We think it will take between 1 and 3 months for the market to be a t this level of security (if it's not already done yet). Our competitors will have no choice but to react to this level of fraud.
Do not hesitate to give us your feedback.