[wu_187]

That won't work as the same bad actors typically dabble in CC fraud as well. They will typically already have thousands of CC numbers at their disposal.

[f430]

My solution was to block IP addresses from the following regions who were never our target customers anyways:

India, Midde East, Turkey, Russia, China, South East Asia (except Singapore), All of Eastern Europe, Africa and island nations.

It immediately reduced the amount of fraud and spam. Sure you might miss out on the <1% of your revenues but its a tradeoff I'm okay with.

[TheCapeGreek]

Is the African and island nation traffic that significant and fraudulent?

Having worked in the South African tech scene and for a UK company, every spam/dos detection I've seen has been from everywhere you mention except Africa and island nations.

[f430]

not sure what you are trying to say here. Simply blocking all sources of traffic which we don't do business with has been beneficial in stopping spam and frauds.

[bigint]

Rude!

[f430]

Please explain why you think its rude to block countries thats responsible for most of the spam and fraud.

or is this another one of your alt nick you periodically sign in from?

[sergiotapia]

Yep, totally agree. We blocked China (a country we do zero business in) and saw a drastic double digit percentage decrease.

[f430]

weird. not sure why you and my comment is being downvoted.

[dec0dedab0de]

Credit card and a delay.

[applecrazy]

That would basically destroy user acquisition metrics. As a user, I don’t want to wait days to get access to something.

[dec0dedab0de]

it doesn't have to be days, most credit card fraud is found within hours. You can also allow partial use of the application during the vetting period, just exclude the parts that are being abused. Though you should probably aim to build a product that people want to sign up for, and are willing to wait for.

[mro_name]

> acquisition metrics

here's the trade-off. Make you decision.