Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Prevent Fake Account - Registration Confirmation

fragger shared this idea 4 years ago
Completed

We often have customer who entered wrong data at the registration form. I think it would be nice if the customer have to confirm their e-mail address.

The order was to be executed, but can only be accepted after confirmation.

Best Answer
photo

Client email verification was added in WHMCS 6.3. You can learn more about it at http://docs.whmcs.com/Client_Email_Verification

We took the decision at the time not to prevent completion of checkout or payment for an order prior to email verification being completed as it was feared that would affect conversions for orders. You can however impose restrictions like that should you wish via the templates and hooks.

Comments (29)

photo
1

Yes WHMCS should store the clients registration data in a temporary database table until client confirms their email address by clicking on the activation link and block account creation/access process from proxy servers by checking the ip data against popular proxy servers, geo location , reverse IP information, check whether the logged IP address owns by a hosting company or ISP , compare clients' physical address (city or province ) with the IP address's location information (city or province - telecom service provider information) https://geoiptool.com/ and add a built-in risk score system for those orders so that admin can determine legitimate and illegitimate orders

photo
1

While WHMCS could store the data in a temporary table until the email is confirmed and then delete the data/account if its not confirmed in a proper time, the others things you posted are way beyond WHMCS responsibilities as what it does. You should use Maxmind or another fraud service for that, WHMCS is not supposed to be checking for fraud or fake sign ups, its way to complex to build something like and so it is way better handled in an external module or service like its currently working for most users. You can build this yourself if you want but don't expect any billing system to have something like this build in, in particular because IP alone is an horrible way to deter fraud with many false positives. There are plenty of services that do account verification and signature matching, reverse proxy check, even they are not perfect and have false positives so you will always required a human making the final decisions in the end.

photo
photo
1

There should be an option to force customer email verification before they can pay for the order. This feature will be able to provide more control over fraud orders.

photo
1

Client email verification was added in WHMCS 6.3. You can learn more about it at http://docs.whmcs.com/Client_Email_Verification

We took the decision at the time not to prevent completion of checkout or payment for an order prior to email verification being completed as it was feared that would affect conversions for orders. You can however impose restrictions like that should you wish via the templates and hooks.