eNom, Hostgator, and "enormous amounts of fraudulent domain purchases"

Portal Home > Knowledgebase > Articles Database > eNom, Hostgator, and "enormous amounts of fraudulent domain purchases"

Posted by GeckoD, 08-15-2013, 07:28 PM
Hey folks, As you may remember (or not ), I'm new to this reseller business. I got hostgator's package which includes an eNom reseller for domains. You have to contact their support to get it though because their site doesn't work to get it automatically, which I did. They asked for some info, which I promptly supplied, and then they go...: ----------------- Before we upgrade we want to let you know the default account that we set you up with through eNom is a 'retail' account. Most of our resellers choose this option because the only advantage of having a 'domain reseller' account would be that you can use eNom's automated registration scripts/API. The downside of a domain reseller account as opposed to retail, is that there is a $100 deposit required with a 3% convenience fee if you wish to pay by credit card or PayPal. In addition by having the API setup to do automatic domain purchases you place yourself at risk for enormous amounts of fraudulent domain purchases, and unlike other things, there are no refunds on domain names through eNom or any other registrar. At HostGator we choose to do every domain registration manually, and therefore highly suggest you do the same and forgo the automation. Once a retail account is upgraded to a domain reseller account it cannot be downgraded back to a retail account. ------------------ Now then, if I get this correctly, if I'm a "retailer" I must be online 24/7 to manually register domains in case someone buys from me. And if I'm a "reseller", somehow (??) there's this risk of "enormous fraud" - now what the heck is that supposed to mean could someone please enlighten me, in the year 2013 this sounds so out of place. I prefer to ask here because hostgator's support doesn't speak in terms that I can actually make sense of. And another question, in your business are you using the automated API for domains, or are you registering manually as hostgator does and urges others to do? Thank you so much!
Posted by Kingfish85, 08-15-2013, 07:40 PM
Manual registration after doing some due diligence on all domains. Honestly, if a bit of time to protect my business causes a customer to not buy, they'll most likely jump ship when another minor issue arises. I'd rather take a little extra time than risk fraudulent transactions with domain registrations.
Posted by Kingfish85, 08-15-2013, 08:08 PM
You can still use the whmcs module to automate registering the domain, but only after you approve it..
Posted by TeraFire, 08-16-2013, 01:30 AM
Manually approving them is recommended always, but it can be tiresome. Imagine having a bunch of fraud purchases, and you are ending up paying for domain name you dont want.
Posted by GeckoD, 08-16-2013, 07:25 AM
Thanks guys for all your responses. I hear you, manual approval of domain transactions is the recommended way. What I'm trying to understand is, how exactly is possible for someone to purchase domains fraudulently if I'm using the API? Can they invoke the API just like that? Remember, I'm new to this and it's still not clear to me how these things integrate and work together... thanks!
Posted by Kingfish85, 08-16-2013, 08:41 AM
If you have it set to approve after the first payment is received, the API will automatically register the domain. Go to Setup > Products/Services > Domain Pricing - then you'll see the drop down next to each extension type for "Auto Registration". Select "none" in the drop down for each extension type.
Posted by DWS2006, 08-16-2013, 12:21 PM
It's not the API itself that leads to fraudulent orders but the way the system can be abused if you automate registration after payment. For example a scammer could register a $1,000 worth of domains at 1:00 in the morning. As @Kingfish85 stated, disabling automatic registration negates most of the risk involved.
Posted by GeckoD, 08-16-2013, 03:40 PM
Yes, but what would I care if he registers a lot of domains AFTER the payment? Hasn't he paid for them already at that point? Sorry folks I just can't wrap my head around this one... thank you for your patience.
Posted by Kingfish85, 08-16-2013, 03:43 PM
DWS2006 is talking about if the auto registration is enabled. A scammer could register the domains, pay with a stolen account & you'd be out of luck because the domains were automatically registered. You want to check them first before allowing the API to register the domain.
Posted by GeckoD, 08-16-2013, 04:36 PM
Oh, NOW I finally understand, thank you so much for clarifying! You guys are the best, I love this forum. Have a great weekend everyone!
Posted by Shinjiru Technology, 08-28-2013, 04:49 PM
Exactly. So best way to be safe is to keep it manual. True, it'll require more vigilance, and more effort, but atleast it'll allow you to manually screen each account & prevent any fraudulent order to pass through.

Add to Favourites Print this Article