WOW is StableHost bad!

Portal Home > Knowledgebase > Articles Database > WOW is StableHost bad!

Posted by trop, 12-16-2015, 03:56 PM
Warning! StableHost might be a scam!! After signing up they notified me that there was a lot of fraud in the VPS market, and that they needed to verify me. The following is the entirety of the communication, redacted because I don't want my personal information out there. Beware of StableHost, they seem to want pictures of your credit card and drivers license/passport more than they want to host websites. From StableHost 12/15: I followed the process, which was them putting a number on the screen, calling my cellphone, and my punching in the number on the screen. The phone verification said it was finished and hung up. They then sent me more. From StableHost 12/15: Hm. It didn't seem like it failed. Anyway, they next sent me this: From StableHost 12/15: I don't know why the phone verification didn't work, but I guess I'll give them the benefit of the doubt. People here have said they're decent. From me to StableHost 12/15, with corner-cut, semi-redacted scanned copy of the credit card used to purchase the VPS: I guess telephone verification and a scanned copy of my credit card isn't enough, because before long they wanted more. From StableHost 12/16: By this point I'm feeling frustrated, and starting to feel like there may be some shenanigans involved. These guys seem to want pictures of my CC and DL too bad. From me to StableHost 12/16: To which StableHost replied on 12/16: At this point I'm furious. I just took the time to write a thoughtful response, on my tiny little netbook in the field no less, and StableHost doesn't seem to even bother reading it. So I respond, and this time copy management@stablehost.com too (so they're fully aware of this whole mess): StableHost responded quickly, on 12/16: This seemed a bit simplistic as well, so I talked to my wife about it. "Wife, we've just signed up with a company, I've checked online and they've already initiated the charge against our credit card, and I've verified us to them by taking a phone call and sending them a picture of our company credit card. Now they want a picture of my driver's license or passport, and say it'd be quickest to just snap a cellphone picture of it." Her response was a simple "no, they're probably crooks." I agreed. So I replied on 12/16 with: Their final reply was a simple one, and came as a surprise. I don't know if they're legitimate or not, but I'm seriously concerned about any company who, after receiving a couple of thoughtful emails, continue to demand a scanned copy of a driver's license or passport to go with it as a condition of sale under the guise of fraud prevention. Moreover, never does StableHost mention how they protect these images, or their retention policy. For all I know they're collecting them on an unsecure server somewhere, just waiting to get cracked into and spread into the wild. Honestly, for all I know they might very well just be a front. Anyway, buyer the hell beware.
Posted by Tyl3r, 12-16-2015, 04:11 PM
We are legitimate, but when 75% or so of VPS orders are fraud we do extensive checks into each of them to protect our business against chargebacks. We will refund the order if they don't supply information identifying themselves or don't feel comfortable doing so. We understand and wish you the best finding a host that fits your needs. This is pretty standard across most hosting providers though when putting in orders for VPS and dedicated servers.
Posted by trop, 12-16-2015, 04:20 PM
There's somebody. You're sure quick to address the problem publicly, but would rather cancel a thoughtful customer than address me when the time is appropriate. Also, it's pretty bold of you to come out and claim that it's something all hosts do on a forum populated by other hosts, none of whom do that. I call shenanigans. Anybody who needs images of customer's driver's licenses/passports and credit cards as a condition of hosting ought to be stayed far away from. The really truly sad part is that I'm a skilled technical guy who would have never missed a payment, never opened a support ticket, and never been a problem for you other than to decide how to spend the money from the load of VPSs I brought in, and was seriously looking for a simply, small-team host with good uptime. I even gave you multiple opportunities to be reasonable and activate my account without putting me at risk of being a victim of identity theft by your own employees. We were perfect for each other, but you're too f'ing stupid to comprehend even that. I'm almost more sad that I don't get to use you than shocked that you're incompetent hacks.
Posted by Julien@Hostabulous, 12-16-2015, 04:28 PM
@trop, we also do manual checkup and request ID with picture and matching address. This is pretty common in the hosting business now, more than half orders are fraud. Good luck with your search, Stablehost was a good choice.
Posted by trop, 12-16-2015, 04:34 PM
Good to know. I've never seen it before, and I'd like to think that you'd also apply a common-sense filter to that requirement whereby if someone was concerned about the security of sending those documents without PGP, and had sent you a couple of thoughtful emails during the process, that instead of assuming they're a criminal and canceling them you might pick up the phone and chat with them, as they'd invited you to do. There are quite literally trillions of alternative methods of verification, and it shows a colossal lack of imagination and desire not to be capable of utilizing any one of them in place of a clearly poorly-thought-out system. Obviously StableHost was in fact not a good choice. Even if they are legitimate, the fact that they'd cancel a customer pointing out the insecurity of the demands they were making means they're the exact opposite of a good choice.
Posted by anon-e-mouse, 12-16-2015, 04:47 PM
It seems like a lot of hoops to jump through to be considered. I would have stopped after the phone verification, personally
Posted by MechanicWeb-shoss, 12-16-2015, 04:47 PM
Most of the VPS/Dedi providers will do what StableHost did. This is the way how most hosts run their business. But I cannot ignore what the client said: How many of hosts declare this? Do they maintain any compliance for this type of data retention? I am not sure, but storing credit card information on a server which is not PCI compliant is illegal(?) IF they do not maintain the compliance, why clients will trust them? If they do maintain, do they also declare that on their website along with some proof that supports their claim? To a client it may seem fair. Why when it comes to a host they won't send the client the same kind of document that the client was asked for? My post is not related/pointed to any host. I kind of don't like to store (not that I do) this type of sensitive information without having anybody auditing/certifying it. I am interested in knowing if there is any alternative to this type of verification system. Last edited by MechanicWeb-shoss; 12-16-2015 at 04:51 PM.
Posted by Tyl3r, 12-16-2015, 04:51 PM
We used to, until people started using google voice and temp numbers to get around phone verification. It's a hassle, especially for us, for a couple dollars.. but if it prevents chargebacks, it's worth it sadly...
Posted by HostingBig, 12-16-2015, 04:56 PM
Its true most hosts will have their own fraud screening But lump All Hosts with their process. 1 they requested the info over email. Never send personal info over email. Phone verification has been useless since the invention of disposable VoIP phones.
Posted by RoundRocker, 12-16-2015, 05:01 PM
I am just curious, what is the purpose of the phone verification if you are going to require additional steps? Why not bundle all the verifications required in one request? It does not seem very efficient to send out two separate verification requests. Not trolling, just curious
Posted by Tyl3r, 12-16-2015, 05:14 PM
We have several layers of verification, depending on product. If you'd like to know more, please contact us and we'd be happy to discuss but it's not a good idea to talk about it on a public forum in the event people use it against us.
Posted by nessa, 12-16-2015, 05:21 PM
Yes...standard for a host that hasn't updated their procedures since 2008. There are other ways to verify legitimate accounts that don't involve asking customers to send in pictures of their IDs, passports, or credit cards. Sounds like whoever in your company handles information security needs to read up on this. And yes, I'm saying this as someone who works for one of the largest privately-owned hosting companies in the country, so I'm not just talking out of my ass here.
Posted by trop, 12-16-2015, 05:23 PM
I wondered the same thing. After I signed up they sent me an email saying they needed to verify my telephone, and I followed their steps to do so. A few minutes later I got an email saying that I'd failed that verification and they needed more information. In reading back now I understand that they were initially asking for BOTH my DL/Passport and CC information, while at the time I was sure they wanted either or. I figured it was just to prove I wasn't a bot or something, as what fraudster would bother with that extra step when the next host down the line doesn't even ask? And why even bother calling me when I'm already going to fail, which can be the only possible condition when my perfect execution of the process doesn't yield a positive result? Add poor programming/logic to the mix.
Posted by MechanicWeb-shoss, 12-16-2015, 05:43 PM
How does your company do that?
Posted by HumaneHostingOwner, 12-16-2015, 05:54 PM
That's your problem, "attackers" like your company for a reason or two.. If you cannot figure out ways to deter them and decrease your bad lead generation then you will keep on having to do this and eventually decrease your quality leads. Then god knows how much your paying for your marketing. Right now for every $100 you puts in your marketing your only getting $25 of it and if even that before you pay for your extra PCI compliance needs and etc for processing and storing customers' information. I placed orders for many things (VPSes and dedicated units) and only had to verify my phone number and only because it was a free cloud solution. Honestly if this was my problem I would "short circuit" the attackers before investing in craps to deter legitimate customers.
Posted by Tyl3r, 12-16-2015, 06:31 PM
I appreciate the feedback. Any host the size of us (or bigger) has these issues and does the same type of verification we do. As you grow bigger, you attract fraud. It's not where the leads come from, but your name. For example, DigitalOcean does ID verification too - they are the biggest VPS provider out there. As you grow in the hosting industry, you need to make changes to your business to protect your business. Not everyone will agree with me, but that's usually because you haven't hit that point in your business yet where these things become a problem. Chargebacks are very serious - and it's not even about the chargeback fees. You get enough chargebacks and the banks will cancel your merchant contract. You think you will get another one? Nope. Nobody wants to host clients that gets chargebacks. We're not going to get into more specifics why we required information from this customer, it's not our place to do so. We stick by our guidelines and continue to adjust them per industry standards but at this time, it protects us against chargebacks and we get very little negative feedback regarding confirming accounts. And, now... back to work, we go.
Posted by SenseiSteve, 12-16-2015, 06:33 PM
I don't think they're a scam, rather overly diligent about fraud prevention (for their own reasons), to the detriment of valid clients.
Posted by trop, 12-16-2015, 07:12 PM
You really shouldn't be comparing yourselves to DigitalOcean. After you so thoroughly botched my signup and canceled me I used the same credit card, same address, same phone number, and same everything else to sign up at DigitalOcean only a few minutes before you posted this. The only ID verification they needed was an email address check. I'm logged into that VPS right now updating packages. The whole thing took less than four minutes. The company you think you're equal to has your money, and didn't give me an ounce of trouble to get it. I also set up a VPS at Linode, figuring I'll give them a shot too. Same everything. Zero problems. Tell me again how you're so good at what you do. Do it again in front of these people wondering if you're even legally compliant in asking for the information you think your betters also demand. You have way bigger problems than chargebacks. You call enough customers criminals to their faces and you think you'll get another one? Nope. I GD sure sent out emails to my technical circle today ensuring that you don't get any of them, ever. And also because if they're the same specifics you emailed to me earlier, because they're patently false and/or utterly silly. They certainly didn't have any problem passing the scrutiny of better companies against which you've chosen to compare yourselves. One of your justifications was that I signed up for a year term. You're so shocked that someone actually trusted you that you attacked and drove them away, in this case screaming "shenanigans" on the way out. I went WAY out of my way to work with you too. Keep up the good work, future EIG brand.
Posted by madRoosterTony, 12-16-2015, 07:31 PM
What I think is funny that Stablehost thinks by having a copy of a "credit card" and Driver's License is going to stop fraud orders from coming in. The people commiting true fraud in this industry are smart enough to either "photoshop" a credit card and DL "scan", or have a card printer from ebay for $100 to produce a physical card that can look real. None of my personal credit cards have raised numbers on them anymore, and you can buy printable cards with smart chips in them these days. As mentioned before, any hosting company that is requiring this form of verification needs to understand the future is now and we have much better ways to verify an account.
Posted by Madbunny, 12-17-2015, 12:32 AM
I would like to hear Stablehost answer to this question. At least they could have a copy of background check to show so the client knows that people who are handling his/her sensitive information doesnt have any criminal charges in the past or currently pending.
Posted by MechanicWeb-shoss, 12-17-2015, 03:28 AM
This discussion has become very interesting. As a host up to which extent you are allowed to go to protect yourself? Who allowed you? And while you do so why don't you publish/guarantee how you are going to protect your clients personal information that you are asking for. If they don't care to say this, can the client call it fraud? Is this ethical that hosts only think about themselves but paying no verifiable attention to protect clients personal information at all? Not to me.
Posted by anon-e-mouse, 12-17-2015, 03:49 AM
I can understand online businesses need to protect their own property, but with cyber crime becoming a massive problem, the general public are not going to want to release sensitive documents to just anyone that asks.
Posted by Madbunny, 12-17-2015, 10:08 AM
Can we imagine this situation in "real world". I cant even think on what would be the outcome if i approach my client as Madbunny and this is all what he knows about me but in the same time i'm asking all the details including the copy of the legal documents. Somehow i have hard time to believe he would ever say "Of course mr. Madbunny, we (as company) are so happy to work with you so lets sign this contract even we dont know who you are". C'on, no one thinks this could ever happen but when it comes to hosting then everything is ok and acceptable. @MechanicWeb-shoss and @anon-e-mouse made great points, still when it comes to hosting we can see a bunch of them jumping here on forum explaining how this is a norm, a must, something normal... to the point of even calling the client a scam, shady, spammer, etc. or question his integrity or motives if he doesnt want to provide his ID. On other hand they will immediately stop any conversation or even ban/block the client if he dare to ask same question to them.
Posted by Tyl3r, 12-17-2015, 10:58 AM
This does happen in the "real world" I'm asked to provide my ID atleast daily when using my bank cards, are you not? They are confirming those cards belong to me, the same theory applies for us.
Posted by trop, 12-17-2015, 11:59 AM
The big difference is that when this happens you're standing in a store, with a clearly marked brand, in front of an employee in a uniform, surrounded by technology and products which confirm their legitimacy. When they check your ID/CC, it's not by taking a picture of it and storing it on an unsecured Windows server in their home office. When you want mine it's with no such legitimacy and does not follow data protection laws (that you've indicated). Furthermore, they only check your ID to the extent that it's necessary - the clerk you already know at your favorite head shop doesn't bother checking your ID every time these days, do they? Further comparisons from you ought to be better thought out than this one, and sound like they came from a rational adult, not a flailing teenager. Point me to where Amazon asks for scans of your DL, or better yet, outright f'ing lie about another hosting company so I can go sign up there in 4 minutes to prove you wrong again. Moreover, if you really wanted to verify me, I was more than willing to work with you and went out of my way to provide you more than enough detail to authenticate my being a normal, non-criminal, IT geek who needed a VPS. The simple fact is that you did NOT want to verify me for fraud, as you're claiming, else you would have done so with the information available. What you DID want, and what you were willing to go to whatever means necessary to receive, even to the point of cancellation, was a digital picture of my credit card and DL/Passport. You even recommended I send them to you by cellphone snap, which in your words would be "faster/quicker" (which just so you know are synonymous, genius). Your overwhelming desire to obtain these documents is outright terrifying, and implies to me that despite having any number of clients, that your real goal is collecting those documents. You even emailed me AFTER you'd replied publicly here, telling me that I could still be a customer, but that you'd still need those docs. That REEKS of crooked, dude. You have yet to apologize either, which means that besides your abhorrent business practices, are a repugnant human being who somehow has not yet realized their own fault in this matter. You've wasted my time, overwhelmingly attempted to make me less safe, been rude, and are very obviously lying about being remotely good at either business or technology. All the while you somehow cling to the notion - publicly - that it is in fact me who is the criminal trying to take advantage of you, when you are so clearly the party in the wrong, potentially dangerously so. I didn't go into this thinking that you were probably breaking any law (yet), just that given your overwhelming desire for my CC/DL that you very likely either have future ulterior motives (something I still believe), or might even save those documents in an insecure location. Now, however, seeing that you probably have a MID, and that you're storing scans of credit cards, which is, in fact, credit card data, wonder if both your support@ email system and all of its accompanying infrastructure are PCI compliant, and since you have also indicated that I can add those scans to your ticket system, also wonder if your support/ticket servers are PCI compliant too. Since you already have a scan of my CC, it's in my best interest to ensure that you are. To that end I've contacted my bank and Visa regarding your requesting scans of my CC over email and not detailing the manner in which they're stored, as I'm very concerned with an organization which behaves as if its being run by teenagers having a digital copy of my credit card right now. What's ironic about that is that in attempting to protect your merchant account at the expense of my privacy you seem to have violated protections which could, in fact, impact your merchant accounts. I sincerely hope that the changes you without a doubt will be making to your laughable fraud system are not only legal, but also extend the protection you wish for yourselves to your own paying customers. Welcome to the real world.
Posted by madRoosterTony, 12-17-2015, 12:17 PM
Actually I am never asked for my ID anymore, even though the back of my card clearly states See ID. Either the store has a terminal where I swipe my card myself, or the employee doesnt care. Also as I mentioned before, its so easy to fake cards and IDs these days, that this "practice" does not stop fraud. Since Stablehost has never said how this data is secured, even though its been asked, it can only be assumed its stored un-encrypted in which any employee can get access to it. This 100% breaks PCI compliance and if you are worried about the information you submitted, then they most definitely should be reported to Visa and their merchant account.
Posted by Tyl3r, 12-17-2015, 12:18 PM
Trolling much? Of course we secure our data. If you want to be a professional, give me a call and I'll be happy to talk to you.
Posted by trop, 12-17-2015, 12:24 PM
Funny, I made this exact request to you.
Posted by MechanicWeb-shoss, 12-17-2015, 12:44 PM
Just to clarify my earlier post, this is what I meant. If someone is asking CC data they should announce this publicly with a verifiable proof that they are PCI compliant.
Posted by trop, 12-17-2015, 02:05 PM
I sent StableHost a private email to attempt to get more information, but as children are prone to behave, received a flippant response. From me to StableHost: To which they replied: The problem is that I've already notified American Express, Discover, MasterCard and Visa (all PCI entities except JBL) this morning, but since the merchant bank is the one ultimately responsible for penalties if/when StableHost's email/customer-image-stash gets hacked or used by an employee, I think they'd really rather know about this than not. Since my wife's CC is in that stash, I'd very much like it investigated as well. Does anyone know who StableHost uses for merchant processing, or of any way besides signing up for an account and processing a payment all the way through to find out? I did my best to find out quietly, but StableHost... Well, they replied back, as childishly as expected: I read all that same information. It's precisely the information I'm using in filing cases with credit card companies who might want to know their customers are being asked to insecurely email credit card and DL scans to a company that has a questionable grasp on fraud and security matters. And I'd like to close this matter too, kids. From what I've seen you've not done anything illegal, so the very last stop for me is warning your merchant account that you might be setting them up for a fall. I've notified your peers, credit card companies, and hopefully any potential future clients that you're hacks, but the last stop on the tour made necessary by your abject idiocy is, in fact, the people most at risk of financial loss in the event that you're as bad at security as you are at customer service. I can't see why you'd be against that, given that the text you just linked me specifically says, "If you fail to get a resolution and you know which credit card processor the organization uses, then you can report the violation directly to them." Well, StableHost, you've been more than awful at resolution, and I don't know which credit card processor you use. I thought it was more than fair to ask you politely, but if you're going to make me ask publicly, or sign up and cancel to find out, then I'll ask publicly, or sign up and cancel to find out. Oh, and I'm far from bored. Boring would have been if you'd handled this like adults and called me and chatted for a few minutes. What we're dealing with here is, in fact, a hypocritical company who is obviously very bad at handling angry customers both privately and publicly, and based on points made by your peers, clearly far from the well-managed organization you want us to believe that you are. Not only is it NOT boring, but with over five hundred views is decidedly the least boring thing going on in the entirety of the VPS forum at the moment. You're just mad that you've gotten your digital butts kicked up one side and down the other and still think you're going to get out of this without admitting that you're bad at what you do for a living and apologizing to me for your initial, and continuous, assertions that this is all the result of me trying to scam you. But I'm not bored. You just picked on a Texan - a particularly ethical one who outright hate crooks and mealy-mouthed bottom-dwellers like you - and are getting what's coming to you. Close whatever ticket you want, but you've already bought the ticket, so shouldn't complain about going on the ride. You want to talk straight? You have my phone numbers. You've had them since day one. Man up and talk straight or stop pretending.
Posted by kpmedia, 12-17-2015, 02:08 PM
That's why you don't use kiddie hosts -- you use actual companies (Stablehost, Siteground, Namecheap, etc). They're not sitting at home, using Windows XP, munching on cookies in their underwear. I think you're confused about how real hosts work. It depends on your relationship with Amazon. They have my full tax info, IDs, and social security number. I'm not just buying books with them. That's what happens when you seek an advanced relationship online. Seeking a VPS from a host is much different from seeking $5 shared hosting. Then you'd have provided to request documents. But you didn't. Nor should they. You're the one ranting. Teacher asked you to turn in your homework, and instead you threw a box of crayons at her. (Sadly, parents these days would insist on the asinine apology as well, suggesting that teacher shouldn't ask students to turn in homework.) IDs are a roadblock, and most scammers are lazy and looking for the easy prey. Furthermore, most scammers lack quality Photoshop skills. PS isn't an easy program to master, contrary to common mythical belief. "Just Photoshop it" is easier said than done. I've been using it for 20 years, and creating a quality fake image takes at least an hour. Most scammers won't take the time for this. This whole thread is ridiculous.
Posted by nessa, 12-17-2015, 02:40 PM
Ok, pretty much anyone commenting on how hosts should be stopping fraud accounts, who is not actually in that area of responsibly or works for/runs a hosting company shouldn't really be commenting on this. I'm sorry, but as @stablehost said, these things come out of business need and battling fraud is a constant issue. Any business person knows this. The problem I see is that customers a lot of the time aren't on the other side of the fence so they just make assumptions and assume everything is a scam or conspiracy. Believe it or not, just because someone posts a grievance on a public forum doesn't mean the company doesn't have a side of the story, either, nor that they shouldn't be allowed to defend themselves. With that said, I can say that generally what triggers a manual review of a hosting account is some sort of mismatch in data. For example, suspicious domain names, a billing address that doesn't match the country the customer's IP is from, etc. So yes, sometimes it may be necessary to request info from a customer to verify their identify. None of us have any place to criticize what prompted a manual review of this account, and most of you are attacking this provider to do nothing more than jump on a bandwagon/ However, it seems in this case it may have been unnecessary. As I stated earlier, asking for passports/IDs is not a very common practice nowadays unless there is a very VERY suspicious account. Most of the verification process we use is automated, and generates a score based on a number of factors to determine the likelihood that the order is fraudulent. From the information provided thus far, I don't really see how the OP landed on this boat, but again, @stablehost probably had their reasons: Either the account was in fact suspicious, or their verification processes are outdated. Everything else in this thread seems to just be people going back and forth bringing up nonsensical points just to keep the argument going.
Posted by trop, 12-17-2015, 02:42 PM
Thanks for the great points. I'd like to reply to a few. I agree 100% with you on this one. My choosing StableHost was precisely because I thought that's what they were. If you'll look back into post #1, however, you'll see that their initial, one-line responses to my questions were, and throughout this conversation have continued to be, poorly worded, do not address the questions asked of them, and flippant. While I'd like to think that they're not at home, using Windows XP, munching on cookies in their underwear, I think we can both agree that the level of communication we get from Amazon, with whom I also have a business relationship, and what was delivered by StableHost in this case, are different enough to bring that image into question. While Amazon or any other legitimate, reasonable business on Earth would have assisted, StableHost barely displayed a grasp of writing. I, therefore, absolutely assert that StableHost is more likely made up of people sitting at home, using Windows XP, munching on cookies in their underwear, than whatever it is that you think they are. I currently own production VPS servers across 5 hosting providers, 2 dedicated servers at two providers, a dozen test/dev systems scattered far and wide, contracts with 3 telcos for security services (one of which is well over 20 years old), and an AWS account in constant flux. I also signed up for a 1-year VPS at DigitalOcean yesterday with no problems, laughably at the exact same time StableHost was penning a lie about DigitalOcean needing the same information that they did. Not one other host has ever asked me to snap a cellphone picture of my passport and email it from my Android to their multi-user support@ email account. While most of them did in fact want to get to know me before getting into business with me, they did so reasonably and without putting me at risk. StableHost, on the other hand, emailed me lies about treating me like family, then asked me to do stupid things. I wonder if they'd ask their mothers to email them selfies of their passports. Nor would any reasonable person. More importantly, any company claiming to be serious about security would NEVER tell a customer to, instead of waiting until later tonight to email a redacted copy of their driver's license in, just go ahead and shoot a cellphone picture of it because, and I quote "it's faster/quicker" (note the tentative grasp of the English language here, given that faster/quicker are synonymous). Your analogy is close, but needs tweaking. The teacher didn't ask for my homework, they asked me to raid mommy and daddy's files and bring them pictures of passports. Not only is throwing a box of crayons appropriate, but in this case the asinine apology would be delivered with a fat check and lots of fired administrative and teaching personnel. I agree, which is why I initially thought that StableHost asking for this information was merely to verify that I wasn't a run-of-the-mill scambot. It was, and still very much is, my belief that emailing them back with the details that I sent - to include the fact that my communication was via a paid Google Apps account using the exact same domain as that from which I was emailing, and which is the same name as the company on the company credit card I used, was enough to overcome any fraud scrutiny - especially since I actually DID email them a scanned copy of that credit card I'd used, which bore the name of the company tied to the domain, email I was using, etc. If I sent you the same details I'd sent StableHost - all of which can be surmised from the redacted information in post #1 - I'd hope that you'd be smart enough to recognize that it is, in fact, far better than a scan of an ID.
Posted by kpmedia, 12-17-2015, 03:37 PM
It's not hard to use a piece of paper or a napkin to block out part of your ID, and take the picture with a camera phone. You don't need software to block something out. Too many people are stuck in the digital/computer era, and overlook easy solutions to easy problems. Had you done that, this whole thread would have never existed, and you'd be a happy Stablehost user like the rest of us. That's just one reason that this thread is ridiculous. You should see some of the records that I have to provide Nominet (UK). It makes the Stablehost request look like the nothing it is. I can only guess you've never tried to get hosting from Europe. It's worse there. Blame hackers/spammers, not the companies providing hosting. You're honestly starting to act trollish now with some of your comments. You've moved on, the end. I suggest mods just close the thread.
Posted by WPCYCLE, 12-17-2015, 04:02 PM
There is WAY to much to read in this thread. It's one thing for a host/company to get a bad review, but this is a parade of negative comments towards a host that always appeared to have a good name....which isn't this a conflict of one of the WHT rules...a non-customer bad-mouthing a host? They never even got to the point of exchanging money. Heck, any of us can start bad-mouthing a company just from a chat session. The slope is going downhill quickly. In terms of the VPS....what was the amount? Was the payment for a month or a year? One has to look at the company's side of this too....is accepting a $20 account worth the potential $$$$$$$$$ hassles in case this order was fraud. Not saying it's fraud, but when you come across bad apples, you tend to be very protective. In terms of scams and the clean up if possible...I got stories.....which validates why the host did this. If people weren't so dishonest, there wouldn't be the need for extra questions. Two things happened to me some years ago that caused a lot of issues. 1. Did some client work....everything "checked" out with the client. They made some payments and everything was cool...until I found out one of the payments came from a stolen account. That disabled my banking access while they had to look into it. Imagine running a business with no banking access. How do you cover your expenses? How do yo get paid? You can....but it's becomes a work-around where your $$$ of time now becomes $$$$$$ or your time. 2. Had another client where everything was smooth for the entire project. Everything checked out and no issues with him...but to cut some of this short...he was running multiple scams at once, so his name was not on the radar at that time. Google him now and you can basically map out all his scams and how one scam helped him with other scams. But with him....paid for everything with a legit account...and then at the end of the project filed a dispute on all the payments which locked up my account for some weeks while resolving the issue. Again...imagine running a business where you cannot pay yourself or pay for your expenses. There are ways around the issue, but again, the daily $$$ process is now costing you $$$$$$$$ of your time to fix. Scams....even in the real world, a customer could pay for an item with really good fake money. When the bank notices....you're now out of that money since the bank won't refund counterfeit money....you're out of that item that you paid for from your supplier....and the bank now has an issue with you since you have no way to prove you were innocent. Now in terms of the OP and the recent reply....I bet somewhere along the line they used a VPN to do their work. That raises all sorts of alarms. I've been flagged many times since my IP is in a different country, but it's cleared up afterwards. Again...not taking sides since I've also been on the side of having to prove to a company that I was myself, which you have to remember, proving your self over email, fax or phone can be extremely useless and a joke. I could call up any utility company and use any name from someone on WHT and get free services. Not until you go to physical location of the company and yell at people to prove who you are that the situation could be resolved. Unless someone is willing to go to the hosts office to prove themselves in person, then the jumping through hoops is what's left. Maybe it was extreme, but again, all this negative towards a host that didn't even get to the setting up an account stage....and the time put into this. Imagine how long the initial post would have been if there was an exchange of money and something went wrong.
Posted by kpmedia, 12-17-2015, 05:15 PM
Excellent point. Time to report the post.
Posted by trop, 12-17-2015, 06:40 PM
I signed up and paid via credit card, which they initiated a charge against, and later refunded when I was not willing to send them a picture of a driver's license. $139.78. It would have been more, but I took a few minutes and looked over the offers forum here at WHT and found a 15% coupon. You know, the same kind of thing scammers would do if they were using your stolen card, right? (/facepalm) One year. Apparently that's worse than signing up for a month, according to StableHost. It was the best option, however, for use with their coupon, which was 15% of the first term of any length. I'm sure StableHost has a lot of scammers who look for the best possible deals before they sign up though, so we shouldn't laugh at them for overlooking this obvious bit of common sense. I tried to work with them. They were REALLY insistent that I send them a cellphone snap of my drivers license as soon as possible. Any reasonable person's BS meter would have been blowing up. Having been in business for well over four times longer than these children, I not only understand their side of it, but understand it well enough to recognize that even if I were a scammer, what they were asking for would be trivial to fake and that in lieu of that bad information they ought to absolutely have met me at the adult table with a better method. That they could not speaks either significantly to their technical, creative, and personable skills, or intimates that they're grossly understaffed. Neither is good. Me too. Scams are a very real threat. Being good at identifying and dealing with them is crucial. Being bad at identifying and dealing with legitimate customers because you think they're scams leads to this. I've dealt with everybody from contractors double-invoicing to AT&T filing lawsuits to try to keep from paying what they owe, but this is actually the first time I've ever had a business deny my money because they thought I was a scammer, and in doing to essentially out themselves as dangerous themselves. My wife and I even, out of an abundance of caution, had our corporate card replaced this afternoon since we've already given it to them, and to be honest don't in the least trust them. One bad $15/hour hire with access to all of those CC/DL images and everybody's in for some hurt. Better to opt out of that inevitable mess. Newp. Signed up from my own IP address, and have communicated with them from the onset over a paid-for, long-established Google Apps account on a domain I've owned for a long while and which bears my name in the registry. If I'm trying to scam them, then by doing so with a paid Apps account, with a properly-registered domain name, on a corporate card with the same name as that of the domain listed, while trying to score a 15% off coupon deal, and asking to chat with them by phone because I understand security enough not to snap a selfie of my drivers license, all for an account that's actually cheaper than the sum of those verifiable factors, would make me quite literally the worst (or most clever) scammer in the history of the world. Good questions. Last edited by trop; 12-17-2015 at 06:42 PM. Reason: formatting
Posted by Madbunny, 12-17-2015, 08:06 PM
So if host have "good name" no one is allowed to disagree with their rules/statements or even comment his opinion. If the mods really side with you two it just means this forum is biased toward elite group of host and no one can say anything bad because it would be "bad-mouthing. On other side many host will be eager to jump into accusations of "not well know host" with usual comments "time to change host" a.k.a. check my signature. This become even more clear when mod called me out as liar before checking all the facts and once i posted bunch of screenshots then he wanted to close the topic. Good job. @trop made this topic, @stablehost come with their statement and anyone else have a right to agree or disagree with both of them and express their own opinions. You are right. Sometimes i need to provide my ID in the store who have clearly exposed their info (usually at the entrance door) and once i'm done with a shopping i will get the receipt what holds all the information about the store, company who is the owner, company ID and tax number and sometimes even the name of the owner. Hm, wonder how i'm willing to give them my ID but i have a problem with some other cases. So if i buy hosting from you can you provide me with all the info i usually get from "real world" store? If you say yes then i will immediately side with you as rarely seen honest and worth your reputation host who doesnt hide behind some offshore company or shady tactics. Just before anything be so kind to send same info to OP, i'm sure he will change his opinion at least in some degree.
Posted by MechanicWeb-shoss, 12-17-2015, 09:13 PM
I completely agree on this. OP requested such information, didn't get it. My question is why. It is my right to know to whom I am handing over my personal data, and what and how they intend to use/store or destroy that data. If I am wrong, please some of you more experienced ones correct me. I'll be humble, understanding and grateful. This thread is far from being a troll or if anyone didn't get it yet, farther from bad-mouthing a host. This thread has gone beyond from OP complaining about a host not securing his personal information to serious security concerns, which are as of now have not been answered clearly. As a host, some of us may think security is only their concern, while it is not and a client can be concerned, too. And fraud can happen not only from clients side but also from hosts side, too. If I am a client I need to be assured that I am safe with a host. Right questions need to be answered properly, not ignored. Lets not mix reputation with authority. Someone having reputation doesn't grant him authority. You don't have authority? Politely explain that I don't have authority to that but I do provide good service and my record shows that. Last edited by MechanicWeb-shoss; 12-17-2015 at 09:19 PM.
Posted by Tyl3r, 12-17-2015, 09:22 PM
Are you a customer of ours? If so, please create a ticket and we'll be happy to discuss any security concerns you may have. We're not going to talk about how we handle security to random strangers on a public forum, especially to a competitor.
Posted by MechanicWeb-shoss, 12-17-2015, 09:25 PM
What's wrong in declaring that you are PCI compliant in public forum?
Posted by Tyl3r, 12-17-2015, 09:26 PM
and since this thread won't die, I'll be happy to discuss why we needed more information from the OP, besides verifying his phone number. However, we have a strict privacy policy and can't release that information, including ticket contents without his consent. You guys are welcome to make your own judgement about how we handle things. Until you see the ticket contents and order information mismatch, you won't understand the true story... OP - Please let me know if you give consent to let the forum know why we denied you.
Posted by Tyl3r, 12-17-2015, 09:27 PM
Apparently you don't read very good We've mentioned we are PCI compliant and have it on your website. Please stop trolling.
Posted by WPCYCLE, 12-17-2015, 09:30 PM
Thanks, and I enjoy good debates, even if it becomes "heated". Some times the best points come out....as long as it's intelligent and not name calling. They did refund you which is honorable. There's many where that money would have been gone. Some would say that because they did refund you, it should have ended there....but it wasn't the experience you were hoping for. In life, nothing 100%. Even some providers I deal with could be up 365 days a year without an issue, but a new person may sign up a week before that only single downtime for 30 minutes. For me, it's 30 minutes down after being up almost 12 months straight. For the new person, 3 weeks and downtime...which was probably why they left their last host. One year...it's a bigger purchase, and an even bigger issue if something should go wrong. Even well known hosts will say to try them for a month or two, and if all is well, then sign up for a year. If they respect the customer, they will still give you a year discount since you still essentially a new customer. Then having been in business for years, you could understand that some of the scams now didn't exist some years ago...especially since everything is online now. Nope?!?! Is this a new way of saying nope? I'm old school, so some of the new slang and the destruction of the English language gets lost on me at times Some scammers use their real information. Why...I don't know....but it allows them to easily slip under the radar to cause issues. You missed the point of my statement, the rule, and contradicted yourself. Without the rule, you end up with heresay; 1. I think you have blonde hair and wear smelly clothes. How do I know.....someone of a forum said so. Have I ever met you...no. Do I even know if you're a man or woman....no. Do I know anything about you....no. So how can I make judgement of you without any form of interaction. Such statements aren't even allowed in a court case. 2. I think Donald Trump or even StableHost are nice people. How do I know this? Have I ever met Trump....no. Have ever used the services of Stablehost or met anyone who worked their....no. I can only say I've seen good things written about them, and from experience, when 100 reviews about a company are all good, and one of them is bad...a large percentage of the time, the bad review was the fault of the reviewer....or the potential customer and host were not a good fit. A company cannot and will never please 100% of people. When I worked in music, I worked with artists that were intentionally known. One group for instance.....one artist will hang out and meet the fans after, even if there's a thousand of them. The other artists runs and hides in his change room. They make amazing music and have been touring for almost 30 years....but how would you know one of them is an ass from listening to the music or watching their video. You have to interact with them to realize this. Today were in the world of keyboard gangsters. People bad-mouthing anonymously. Back in the day, if you had an issue with someone, you said it to them as I would. Not hide behind a user name with a fake or non-existent profile pic. Anything I say here I would say in person. Anything I've ever said bad about a company, I dealt with them. Imagine if the rule didn't exist....I could create 50 bad reviews about my competitor everyday, and pay someone to create another 50...every day.....so I would have then bad-mouthed my competitor 36,500 times in one year. Now I never said because they have a good name you can't leave a review, but the OP wasn't even a full customer. It's like leaving a review for something after a day. Stick with 6 months....then let us know how it went. Here's the contraindication. You had screenshots of whatever happened, thus you had some form of interaction to base experience on....but was your experience a 5-10 minute interaction, or a 5-10 week interaction. Drastic difference between the two.
Posted by MechanicWeb-shoss, 12-17-2015, 09:42 PM
Apparently, I failed again. You have never replied on this thread that you are PCI compliant. Not on your about us page, not on home page. If you put it anywhere else, you needed to point that out. I feel sad that you took my posts as trolling. Actually not. I did not agree, yes. But not trolling or directed to harm your reputation in any way.
Posted by Madbunny, 12-17-2015, 11:12 PM
What my experience or interaction with a host have to do with mod calling me a liar and jumping immediately to conclusion before knowing all the facts. And i'm sure if we go to dig enough we could find a lot of cases where this situation happened before. Once the discussion is not anymore good for someone then we can see mods jumping all over the place closing or moderating the topics. Like happened with one topic not so long ago complaining about Eleven2 where admin immediately closed the topic with statement "this is not E2 help desk" even it was clear from opening post the client didnt manage to get any reply for days. Interesting how just day or two before there was another topic complaining about same host where i saw admin, mod or ex mod (sorry i forgot the color) commenting in the name of E2 as he was the owner or representative. So yeah, they can close even this topic but it will just reinforce my opinion (and probably not just mine) how things are not clear on WHT and some games take place in the background. Or doesnt change the fact that OP asked for the owner of SH same info he needed to provide to them and was immediately denied the service, actually not only the service but based on their reply they just put to the end everything including the conversation. No one forced SH to have this rules but if they have it then be ready to defend them with some good arguments or whole story about "reputable" just doesnt mean anything. I think in my first post i said i dont have any problem to send my ID but then be ready to satisfy some of my basic questions like "who are you" and with some proof. I'm not stupid i know almost every host is living this nightmare because of spammers, hackers, people who abuse the system and so on and i never said host should never ask for ID but then once you get my ID send me something to prove who are you. If you do this to protect your company, money, whatever else its fine, personally i dont have any problem with that but lets to the same from the client perspective. You can rarely see any business where trade, deals, contracts (tos), payments are one sided like in hosting industry where you actually pay and provide your ID to unknown entity. I dont want to say every host is like this but they are definitely a minority. Last edited by Madbunny; 12-17-2015 at 11:17 PM.
Posted by trop, 12-17-2015, 11:30 PM
You'd be happy do discuss that with internet strangers, but darn sure wouldn't take the time to discuss it with me until this went public. One phone call to discuss it with me would have made you some money. It seems a bit duplicitous to insist now that you're reasonable people who would have been happy to work this all along, when I think anyone with half a brain can tell you're just trying - poorly - to conduct PR at this point. I'll save you the trouble. Here's why I was flagged: When I signed up with them I did so using a credit card issued to my wife - let's call her Matilda Jones. Matilda and I - let's call me Bob Jones - run a dozen companies, one of them called OurWebCompany. My wife handles customers and billing, which is why the corporate card is in her name, and I handle technical stuff. When signing up I put in Matilda Jones as the account owner, but put in bob@ourwebcompany.com as the company email address. When StableHost processed the order they emailed me at bob@ourwebcompany.com saying "Dear Matilda, welcome!" So did DigitalOcean, Linode, InMotionHosting, ASmallOrange, HostGator, AlphaRacks, Amazon, Zonomi, NameCheap, Dotster, GoDaddy, Google, and a hundred other technology companies who have taken this same credit card with the same information, and emailed my welcome emails to bob@ourwebcompany.com with my wife's name. Immediately after signing up I logged into the control panel and changed Matilda Jones to Bob Jones, since it was in fact me that would be getting their emails. Soon afterwards I got the email about needing phone verification, then shortly after having completed that successfully, yet still failing it (thanks for wasting my time guys), received notice that they wanted further identification. I scanned, redacted, and mailed them a copy of the credit card, which in the image clearly says both "Matilda Jones" and "OurWebCompany" on it, as it is a corporate card. I then emailed this file to them from bob@ourwebcompany.com. After receiving this image they contacted me again needing the DL/Passport image to go with it. By this point I was on-site with a client and couldn't send documentation, so responded: So what StableHost is referring to is that they got emails from a guy named Bob Jones, who sent them email from bob@ourhostingcompany.com, but who they somehow doubt is related to Matilda Jones, who has a credit card in her name also carrying the name of OurHostingCompany.com. Genius. Once I figured this out, of course, I made yet further reasonable suggestions to correct the matter, which to this point I'm still unsure if StableHost ever even read: I have a couple of personal credit cards that I could easily have switched to, or might have even switched to PayPal if they'd have preferred it. Heck, in retrospect I could even have emailed them from matilda@ourwebcompany.com to nip it in the bud. And yes, at the time I almost certainly would have sent them a copy of the DL if they'd provided a PGP key or SSL website. They chose not to address any of these options. Their exact reply, in its 25-word entirety to my suggestions for helping expedite this order, are right there on Page 1 of this thread. All they wanted was a picture of the DL. Send it in or else. That put both my wife and I in a state of concern. We knew at that moment that StableHost was either lulzy kiddies, scammers, or both. Sometime after I made the initial post here, which finally got their attention and prompted their very first meaningful email to me, I received the following from them detailing exactly why I'd flunked their fraud prevention. This email came to me yesterday, quite some time AFTER I'd complained publicly, and well after they'd already canceled my account. What's most hilarious is that after having ignored my suggestions initially and canceled me because I wouldn't send them an immediate picture of my driver's license, this time around they actually came up with the same ideas I'd proposed initially, and now want to act like I'm the bad guy for not jumping on one of their reasonable suggestions. Had I not posted here, StableHost would very probably have never mailed this to me: First off, this representative needs to learn the difference between your and you're. The fastest way to indicate to any potential customer than you're a fly-by-night kiddie shop is to hire people who don't communicate in proper English as your front-line associates. And of course all three points are silly. 1) Claiming that "On the internet we can't prove these things" might be the stupidest statement yet uttered by man. If I gave any semi-technical person on this forum half the information I gave StableHost, not only could they do more than verify it, they'd know more about me than I know about myself inside of an hour. Worse yet, what kind of a f'ing moron does a person have to be to overlook @ourwebCompany being all over my TLD, our website, the credit card, etc? This wasn't a matter of an individual signing up, this was clearly a business signing up. It takes a special kind of blind to miss that, or to ignore completely my several good options for rectification, only to publish them as your own ideas after being called out in public for being so stupid. Long before StableHost canceled me without a warning I'd offered to pay with another card. It's a bit disingenuous of them to ignore that, cancel me, then later pretend that all I had to do all along was send them another card! 2) Welcome to the real world, idiots. Phone number portability became a big deal in the 90's, and was well entrenched over ten years ago. A gargantuan percentage of people over 25 have phone numbers that no longer correspond to their physical locations. That said, the phone number that I submitted, and which they wasted my time verifying anyway (despite it somehow being flagged as fraud) comes from a major metropolitan area only 60 minutes up the road from my town, and roughly 75% of the people here have numbers from that area. But because I was even willing to work with them on this matter, I also supplied them with a business phone number with an area code that does come from this zip code, is listed on the OurWebCompany website right next to my wife and my names, and told them that they could call it anytime they wished. To date they have not called either of my phone numbers for anything but to waste my time with their poorly-programmed verification system. 3) The saddest part about this is that StableHost is telling a paying customer that taking advantage of their best offers is a bad idea! Just because over 75% of orders that look like mine are fraud doesn't immediately make me a criminal, and their behaving as if it does is what led to where we are right now. @stablehost: Altogether, no, I do not consent to your release of the tickets or further information because, quite simply, I do not trust your intelligence sufficiently to believe that you would redact it appropriately. If you feel that I'm being unfair by not exposing some communication that you think would be valid in this case, then by all means email or PM me what you want posted and I'll be happy to redact and post it in its entirety. Upon request I'd even be willing to post a redacted copy of every single character transmitted between you and I thus far in chronological order. As of the time of my first posting I did exactly that, so anything you might wish to post at this point would have been generated after you'd ignored and canceled me as well, meaning that its relevance would be limited.
Posted by Tyl3r, 12-17-2015, 11:35 PM
Okay - no problem. Sadly, without releasing that information, we are unable to show our side of the story as to why we required further information and therefore, there's nothing further to add to this thread.
Posted by trop, 12-17-2015, 11:46 PM
Unless the information is in the email I posted above, then you actually haven't even told ME - the customer who was denied - your side of the story yet. Why don't you pick up the phone and try that first. You have my phone number. Use it and explain yourself to me before you go whining about not being able to defend yourself to everyone else. If there's something I've overlooked or I've grossly misunderstood something, then I assure you that as far better people than you are I'd immediately come here and explain that to everyone. Heck, if you were adult enough to just call and say, "this is way out of control, we clearly could have communicated better, and we're absolutely sorry," I'd have posted that on page one. But you didn't. You haven't. You continue to insist that there's more to the story, indicating that somewhere in there I must still be the scammer that you pegged me for. And you responded so quick that it's not even possible for you to have read my last post with any understanding. That too would be par for the course for you guys. Last edited by trop; 12-18-2015 at 12:00 AM. Reason: correction
Posted by alucasa, 12-18-2015, 12:01 AM
The OP brings up several good questions and the host does seem like evading some of his questions. But the problem with OP is that he is literally waging a crusade. Basically, you write too much and tl;dr effect takes in. In this age, you gotta write simple.
Posted by HRR--, 12-18-2015, 12:04 AM
This thread is so weird. Asking for ID's in the hosting industry nowadays is plain justified and common. If is shared hosting I don't think is necessary to ask for such documents but VPS and Dedicated... you better ask for those if you are a host. The fact that if one of the customers hosting a VPS in your network gets to do a major fraud operation using your resources... oh you better pray you have those documents because the authorities can confiscate your equipment for weeks, months... you can even be charged. Any serious company will ask for this sensitive documentation specially if you pay with a CC. If you don't want to provide such documentation, just pay with a fully verified paypal account. Which btw ... is not a matter of IF is a matter of when, PayPal will ask for your SS, License, pictures of it, that's how it works. Nobody will take the fall for others fraud. Now in relation to the whole public WHT thread, well is WHT as usual, drama is the fuel, people just register to open such lengthy threads raging with furious vengeance. When in simple thoughts: 1- If you don't like the host requirements, ask refund move on, no need for drama or to try to cause such worthless bad PR. 2- Is normal for Hosting Companies and many other business areas on the internet to ask for personal sensitive documentation. Is a matter of how well established and serious is the company and if you are willing to provide and comply. Funny enough I have had hosts cancel my account just because it doesnt match a physical address. Is that simple. What can we learn from all this weird lengthy thread? 1- Don't pay with CC, these usually lead to further verification. Pay with CC through PP. Also avoid proxies. 2- Chill, take a deep breath. There are just 9999998 other hosts for you to try. 3- This thread is missing some WHT moderation. BTW people ...Have a nice Holidays and may the 2016 be a year of success and health for all of us.
Posted by anon-e-mouse, 12-18-2015, 12:23 AM
Sound like a plan! I think there is enough discussion from both sides for people to form an opinion, so let's leave it to the OP and host to take it up privately if more is needed.