[thekonqueror]

I assume they look for name on ID that matches name on payment method. That's what I used to do when I worked in a hosting company ~10 years ago.

This way, if someone has a stolen credit card, there's a very good chance, they won't have a matching government ID with same name. Hence obvious fraud.

[toomuchtodo]

Does a prepaid card name verification occur during an auth? Also, does Digital Ocean disallow prepaid cards from being used to pay for service?

Their pricing/billing page indicates they'll accept these cards if the payment is made through Paypal, which will shield them from payment fraud, but not if the card is prepaid but the users actions on the instance are malicious.

https://www.digitalocean.com/help/pricing-and-billing/

[raiyu]

Here you see the complexity of the process in that anything that is added or used can be circumvented, including IDs and so forth.

In regards to pre-paid and debit cards we saw a very high incidence of abuse related to those cards specifically so we've had to put certain restrictions on them as well.

We're going to look for other layered approaches that can be created programmatically to increase the authenticity of a user and need to get that implemented asap because I'm in agreement that this ID request is a horrible workflow and also it still isn't fool proof so its just doubly bad.

Running the product prioritization meeting today so we'll bring up a couple of solutions and begin to prioritize and implement.

[deftnerd]

I've founded a startup that might be able to provide some help in this space. It's basically a mix of being an OpenID Connect provider that does authenticity checks on any information that users provide and makes the results of those verifications available to third-party-sites, all while protecting the actual information itself.

The first market we were planning on targeting was for Bitcoin related services that require KYC verification, but we also are planning on targeting any other services that need to know that their users are not bots and that if they ban a user they stay banned.

We just got some Series A funding and we're doing a crowdfunding from people who want to operate their own Identity Registrar. We should be launching our basic services in a month, and the franchise partners that are planning to participate will be able to do so in about two months.

If your problem can wait until summer is over, we'll be able to have a solution that would be free so anyone with a BlockAuth account can log in with a standards-compliant OpenID login form and you can be assured that they've been verified as being a real and unique person and all of the details they've submitted have been put under a microscope.