Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
As a Microsoft Cloud Solution Provider (CSP) partner, you are responsible for your customers' purchases and use of our services. It is important that partners monitor and address anomalous activities from their customers. Microsoft may send partners notifications if we detect suspicious activities, but it is critical that partners use additional methods of monitoring to help detect anomalous customers’ behavior.
Microsoft takes online transaction risk management seriously, and partners should do the same to mitigate business risks. To support partners, Microsoft is sharing a set of recommendations to manage risks when onboarding new customers. While Microsoft is committed to supporting partners, direct-bill and indirect CSPs are financially responsible for fraudulent purchases by their customers and/or customers' nonpayment of purchased services.
Best practices
Microsoft recommends partners implement the following protocols throughout the lifecycle of the customer relationship:
Onboard new customers
- Establish personal relationships with customers, when possible (for example, contact by phone).
- Verify customers' credentials and background through reputable and trusted organizations and/or methods (Credit Bureaus/Business Commercial Report Agencies).
- Require customers use multifactor authentication (MFA) during sign-up to minimize exposure to robotic account creation and purchasing.
- Require customers to monitor and secure their tenants by following security best practices.
- Manage and track identities using services such as digital identity services.
- Assess customer financial strength through rigorous credit card fraud detection systems.
- Establish a clear collections policy. Detail collections processes, and when access to subscriptions is affected by nonpayment.
Suggestions for customer onboarding best practices
This section provides best practices for customer onboarding. Sections include information about Short Message Service (SMS) verification, end-user identity management, and knowing your customer when onboarding.
SMS (text) verification
During the sign-up process, end customers are presented with a "Proof that you aren't a robot" page, that initiates a customer verification via SMS (text):
- Using an SMS verification solution helps partners mitigate the risk of customer sign-ups occurring through robotic methods. SMS verification also helps prevent bad actors being able to easily create multiple accounts (for example, fake sign-ups).
- During the sign-up process, partners can choose to confirm if a person is on the other end of the transaction. The verification is accomplished by requiring the customer to provide a mobile number to which a one-time passcode is sent via SMS.
- Additionally, SMS verification can also be used as part of a multifactor authentication (MFA) sign-in process for established customers.
End-user identity management
The best practices to mitigate the risk of identify fraud are:
- One way to manage and track a customer's identity is by using a Digital Identity Service.
- A digital identity is a unique signature of an individual user and/or device at the other end of an online transaction.
- Digital Identity Services enables partners to better identify customers beyond simple identifiers such as an email address, physical address, and so on.
- Partners can validate the identity of customers and identify potential bad actors by using trusted third-party tools.
Know your customer when onboarding
It's important that partners take extra steps to verify the identity and financial strength, when possible, of individuals and companies that want to purchase online services. The best practices are:
- Build personal relationships with customers, for example, contact by phone, meet in person, and so on.
- Require a credit card during sign-up; don't accept stored-valued cards or prepaid credit cards as a payment method.
- Implement rigorous credit card fraud detection systems to ensure the customer presenting the payment instrument is an authorized user; review financial reports from credit bureaus.
- Validate customers' credentials and background in trusted places like Business Commercial Report Agencies.
Note
Acceptable Use Policy enforcement
- As part of their agreement with Microsoft, partners and their customer are expected to comply with the Acceptable Use Policy as described in the Online Services Terms.
- When Microsoft detects, or is otherwise made aware of, partner or customer activity that we confirm or otherwise suspect violates the Acceptable Use Policy, Microsoft takes enforcement steps.
- Violations of the Acceptable Use Policy might result in suspension of Online Services - suspension can be immediate, if necessary. Otherwise Microsoft notifies partners requesting action be taken and/or of enforcement actions already taken by Microsoft.