FraudHosting API
Overview

Overview

One-way encryption

One-way encryptions are mathematical algorithms that create a digital signature for customer information (names, email addresses and IP addresses, domain names). FraudHosting never accepts unsecured client information, only hashed results of processing client information are accepted.

Only the encrypted version is stored in the database, which even the service specialists cannot convert back to the original version. The SHA-1 algorithm is used, which is repeated 32000 times.

Pseudocode of the function to be used:

FUNCTION FraudHosting_hash ( value )
  FOR 32,000 TIMES LOOP 
    value = "fraudhosting-" + value 
    value = SHA-1( value ) 
  END LOOP 
  RETURN value 
END FUNCTION

Hashing Examples

The system only accepts hashed versions of client information.

Here is an example of a client:

Name: Alan Ross 
Email: [email protected] 
Additional email address: [email protected] 
Registration IP address: 123.123.123.123 
Mobile: +11231231231 
Landline: +13213123213 
Domain: www.example.com

Before sending this information, any billing system performs one-way encryption of the values, so the service only receives the values on output:

name   = ac2c739924bf5d4d9bf5875dc70274fef0fe54cf 
email  = 34efd0a968b48cbf9a43ac3e73053e4f343234 
email2 = 2a1ab4a6ed14713d0e26127c1920417e4b193924 
ip     = f25c0306279af0bd9faf1caf0549daedb3472b7f 
phone1 = 3f09086d8d4e4019eb534ce28e6b64c8ef563e 
phone2 = d542e4bad3dbb13bcf0e31f484394997cd969b8 
domain = ff07748b4d4b8f08f21499e078ef792fded46641

Since the database only stores these values, any other company that wants to access FraudHosting reports about a customer must also have the actual values of the information. They can process this information using a one-way encryption algorithm and generate encrypted values. The two encrypted values are then compared and if matches are found in the database, a client report is generated.

FraudHosting has never had access to real client information. Only the final result of the encryption is accepted, not sensitive source information. If users comply with all rules, unsecured and sensitive customer information never reaches FraudHosting’s servers. According to current industry standards and professional opinions of data security experts, the SHA-1 iterated and hashed system is a one-way encryption and does not allow the recovery of actual customer information from the hashed result.

Making query