Table of Contents
Short answer: Namecheap's Risk & Compliance team can freeze accounts over "verification issues" that surface months or years after signup. Documented cases include bank-statement requests and domains held pending documents the customer couldn't reasonably provide. Respond calmly, provide exactly what's asked, escalate to Twitter if frontline doesn't move, and if the case is unresolvable — move your domains out the moment you have the chance.
Key Takeaways
- Risk & Compliance is a separate team from frontline support and operates on their own timeline.
- Documented requests include bank statements, passport scans, and business registration — disproportionate to the purchase amount in some cases.
- Comply exactly with what they ask — don't argue, don't threaten chargeback until you've exhausted every other route.
- Once you're out of the freeze, move your domains. A Risk & Compliance flag can re-trigger later.
What actually triggers a Namecheap account lock
Based on public NamePros threads, Trustpilot reviews, and Namecheap's own KB articles:
- Payment flagged by fraud detection. Card mismatches billing address, VPN country differs from card country, first-time customer with a large order.
- Chargeback (even resolved ones). A chargeback filed on any Namecheap account can flag future relationships.
- Content flag on a hosted site. Shared hosting customers whose sites are reported for phishing, spam, or TOS-violating content.
- WHOIS mismatches. Domains registered with contact info that doesn't match the account holder.
- Periodic re-verification. Some long-term customers have reported accounts locked for verification after 12+ months of uneventful use, often citing "incomplete contact details" as the trigger.
The documents Namecheap actually asks for
From public reports, common requests include:
- Government-issued photo ID (passport / driver's licence).
- Proof of address (utility bill, bank statement).
- Selfie holding the ID (in some cases).
- 3 months of bank statements — documented in multiple Trustpilot reviews for higher-value accounts.
- Business registration documents if account is in a business name.
- Proof of domain ownership rights (for trademark-adjacent domains).
The proportionality problem: a customer renewing a $12 domain has been asked for documents that a bank wouldn't require for a new account. This is a legitimate grievance, but the only responses that actually work are comply or exit.
Tired of slow, overcrowded shared hosting?
LaunchPad Host runs on NVMe SSDs + LiteSpeed with free migration, free SSL, daily backups, and crypto payments. 30-day money-back guarantee.
See Hosting PlansTicket template that actually gets a response
Subject: Verification documents for account [ID] — resubmission
Hello Risk & Compliance team,
I received your verification request on [date]. Attached:
- Government ID (passport / driver's licence).
- Proof of address dated within the last 90 days.
- [Any other specific document they requested — list each.]
Please confirm receipt and indicate the expected review timeline. I would also like to confirm that, once verification completes, standard domain transfer and account access will be restored.
Thank you.
Do not send unrequested documents. Do not include a grievance. Do not mention competitors. Keep the tone strictly procedural — this is a compliance team, not customer service.
Escalation that works
- Wait 48 hours after document submission. Review takes time.
- Public Twitter post tagging @Namecheap and @NamecheapCEO. Factual, no accusations: "Account locked [date], documents submitted [date], no response. Case #X." This works with surprising consistency.
- Trustpilot review with case number. Namecheap responds to these publicly — gets the case escalated.
- BBB complaint (US) or equivalent. Slow but moves some cases.
- ICANN compliance complaint if your domain is affected and you believe the registrar is not following ICANN policy (e.g., refusing to provide auth code after lock is cleared).
Moving out safely once you're unlocked
Once unlocked, don't wait. Risk & Compliance flags don't disappear — they go dormant.
- Wait through the 60-day transfer lock (if you recently registered or transferred in).
- Unlock each domain and request the auth (EPP) code via the Namecheap dashboard.
- Initiate transfer at the new registrar. Use a privacy-respecting registrar with a clear appeal process — our domain registration is designed for exactly this kind of migration.
- Once transfer completes, update your hosting's nameservers if they pointed at Namecheap DNS.
- Keep the Namecheap account active with zero domains for 12 months (don't close it during a dispute or it can complicate chargeback/refund recovery).
Frequently Asked Questions
Their Risk & Compliance team treats high-value or unusual-pattern accounts the way a bank's AML team does. For most customers this is wildly disproportionate. Legally, they're within their TOS. Practically, it's a clear signal that they consider you high-risk — and whether you comply or not, it's worth asking if this is the registrar you want for the long term.
No. Account lock = domain lock. You have to clear the account issue first. This is why we recommend keeping your domains at a separate registrar from your hosting — a hosting issue shouldn't take your domains with it.
There are forum claims that Namecheap flags domains with "suspicious" backlink activity. We have not found evidence this is a systematic policy — most suspensions track to TOS, payment, or verification issues. Take individual "they suspended me for SEO" claims with caution; usually there's more to the story.
Namecheap stopped accepting direct crypto payments in 2024; customers now use third-party gateways. Crypto payment doesn't exempt you from KYC checks, and you lose chargeback leverage. This is another argument for choosing a registrar where privacy is built into the policy, not bolted on via a third party.
Different risk profile. GoDaddy is louder, more aggressive on upsells, and has a larger support team with more tiers. Namecheap is quieter, cheaper, and has a smaller, less predictable compliance operation. Neither is "safe" in the sense of being suspension-free. Best practice: pick based on support transparency and appeal process, not brand reputation.
Rarely successful. Once Risk & Compliance has terminated (not suspended) an account, the decision is almost always final. The leverage points are: documenting a policy violation on their end, public pressure via Twitter/Trustpilot, ICANN complaint if domains are held hostage. Budget weeks, not days.
Ready for hosting that just works?
NVMe + LiteSpeed hosting with free migration, crypto payments accepted, and a 30-day money-back guarantee.
See Hosting PlansRelated tools, articles & authoritative sources
Hand-picked internal pages and external references from sources Google itself considers authoritative on this topic.
Related free tools
- WHOIS Lookup Registrar, creation date, expiry, nameservers, DNSSEC status — for any domain.
- DNS History Checker Historical DNS, SSL certificates, subdomains & Wayback snapshots for any domain.
- DNS Lookup & Records Checker All DNS records (A, AAAA, MX, NS, TXT, CAA, SPF, DMARC) for any domain.
- DNS Propagation Checker Check DNS propagation across 12 global resolvers in real time.
Offshore & privacy hosting
- DMCA-Ignored Hosting Due-process complaint handling, explained
- Offshore Hosting EU jurisdiction, privacy-first, from $3.99/mo
- Anonymous-Friendly Hosting Email-only signup, crypto checkout, free WHOIS privacy