homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Ever Impersonate your customers?
Well, do you?

 9:39 pm on Jul 11, 2005 (gmt 0)

Occasionally we get customers who call in their orders, but want to be able to track their order status via our site and receive email notifications. This is all done automatically for those who place their orders via the site, but currently there is no admin feature that allows us to add orders to a customers' account.

Do you ever "pretend" to be them, and place an order from your site using their information?

Is this even legal?



 10:19 pm on Jul 11, 2005 (gmt 0)

Not sure about legal, but it's against the TOS.

They may detect your IP address as the same one that logs on to check out your admin panel, so be careful with this kinda thing.


 10:24 pm on Jul 11, 2005 (gmt 0)

Sure. A previous version of our cart couldn't complete a purchase if the user was using a screen reader. The rest of the site worked fine, so for visually impaired customers we'd enter the purchase on their account as if we were them. They'd then be able to track it in their order history normally.

I don't really see any legal issues with this, assuming the customer wants you to do this on their behalf. If you had an special admin interface to enter a customer's details and order information, it's not really any different from using your regular, public site to accomplish the same task.


 10:33 pm on Jul 11, 2005 (gmt 0)

I assume you mean the TOS of the merchant account provider? Couldn't find anything about this specifically on the visa/mc sites...


 10:34 pm on Jul 11, 2005 (gmt 0)

If this is your system, which you own, and deploy, then you make the rules...


 11:17 pm on Jul 11, 2005 (gmt 0)

I think this is standard practice.

When someone calls in to make an order via telephone we use the same front end as they would and fill in the same forms.

Full-serve or self-serve gas, you still get it out of a hose.

They do it or we do it - it is the same thing.

Why create a checkout cart system in your admin area when you already have one that works in the front? Just twice as many things to breakdown/maintain.


 1:42 am on Jul 12, 2005 (gmt 0)

otc_cmnn has it right - wish we had done it...

built a whole back-end system because we were worried about what we would do if our internet connection was down - well that was the old days - today's answer is simple, just use your web interface!


 3:42 am on Jul 12, 2005 (gmt 0)

Check the rules of your merchant account. This may be "Factoring", which in most cases is illegal.

CYA :)


 1:56 pm on Jul 12, 2005 (gmt 0)

As I understand it, Factoring is using someone else's merchant account to process your sales. For example, if my brother who owns a restaurant could not get a merchant account and asked me if he could run his meal charges through my merchant account that would be factoring.

What they are talking about in this thread is nowhere near factoring. It's just using your own external web interface to place a phone order for a customer instead of using a back-end order entry system. I can't see anything wrong with that at all.


 2:31 pm on Jul 12, 2005 (gmt 0)

Yes, what akmac refers to is acting as a surrogate typist for the customer rather than factoring. Factoring is essentially money laundering, and typing in a customer's order for them is far from laundering.

But as blaze suggests, is it against the TOS? I couldn't find anything in our processor's TOS when we started processing all orders through our website. Anyone know of something in any of the larger processors terms that forbids doing what akmac mentions?


 2:37 pm on Jul 12, 2005 (gmt 0)

Officially, if you have an internet merchant account, it is NOT allowed by Visa/MasterCard as they require the customer to enter the details themselves.

It depends on your acquiring bank if they are really going to do something about it. I guess most of them do know that this happens occassionally and take it for granted.

The problem is: If Visa/MasterCard finds out, both the merchant and acquiring bank can and, probably, will be fined or even loose their merchant facilities.
(That's what we call a MONOPOLY, although there are two parties involved that RULE the whole industry.
But I don't think that anyone has the time and money available to fight against that...
Maybe we can start a new topic about that subject?)


 2:40 pm on Jul 12, 2005 (gmt 0)

That's what we call a MONOPOLY, although there are two parties involved

Erm, that'll be a 'duopoly' then.


Pedant mode off. I'll go and sit in the corner now.

best, a.


 2:54 pm on Jul 12, 2005 (gmt 0)

This is an interesting topic...

I sometimes get people phone up who aren't happy to put "their creditcard details across the Internet". But then I go and type it in the same form they would have anyway...

Also, in the UK at least, credit cards often have passwords on them now for Internet use, which is a bit of a problem when we are prompted for this.

I think Worldpay do provide an Internet terminal for merchants to type card details in directly, maybe this would be a better approach.



 3:11 pm on Jul 12, 2005 (gmt 0)

I do it all the time, but all orders are saved to a database where I batch process them once a day. In my case, there is no difference between a customer order and my hand entering orders.


 5:18 pm on Jul 12, 2005 (gmt 0)

Officially, if you have an internet merchant account, it is NOT allowed by Visa/MasterCard as they require the customer to enter the details themselves.

Officially from who? That's crazy. If Visa/MC required a customer to enter a CC themselves, then nobody would be able to take a phone order.


 5:21 pm on Jul 12, 2005 (gmt 0)

Is the question about using a 3rd party payment processor to process payments or using your own checkout system?

If it's a 3rd party system then the only person to ask is the 3rd party.

If it's your own checkout system then the only person to ask is you = you make the rules.


 6:33 pm on Jul 12, 2005 (gmt 0)

I have had a merchant account in the past where if I "keyed" in a sale using the admin/merchants terminal I was charged the non-qual rate, which happenned to be 2+ percent higher than if a customer placed the oder via the website. I've since left this provider, and my new one does not differentiate between the two methods.

That said, still no news on whether the practice is prohibited, punished or pursued by either/all parties.


 6:52 pm on Jul 12, 2005 (gmt 0)

I've used Verisign's PayFlow Pro and also Authorize.net for ecommerce sites. Both of these have a merchant Virtual Terminal that is provided specifically to allow the merchant to enter CC transactions. I believe that these are even promoted as a means of allowing you to take off-line orders.

I currently use the Virtual Terminal functionality for phone-in orders when the customer doesn't care to receive order status emails. I also use it for special orders where the products being ordered don't exist in the website database. When the customer calls to ask questions about something on the website, and then decides to go ahead and order, we just use our shopping cart interface to enter the information. One difference is that our shopping cart asks for the CVC code, whereas the Virtual Terminal doesn't.

As for logging in as one of your customers - On one custom shopping cart I worked on, we added a "Login As Customer" link to the customer admin area of the website. You just navigated to the Detail screen for the specific customer and click the link. It allowed you to browse the site under their customization settings and access privileges. (This was a corporate purchasing site, so screens were heavily tailored to the individual user.)


 7:23 pm on Jul 12, 2005 (gmt 0)

Does anyone have any documentation specifically addressing this practice?

It seems that it's commonly accepted...

Any evidence to the contrary welcome!


 5:04 pm on Jul 13, 2005 (gmt 0)

I sometimes get people phone up who aren't happy to put "their creditcard details across the Internet". But then I go and type it in the same form they would have anyway...

I had the same dilemma... so I'd tell them that I have to run the information across the same sort of phone lines but it is a secure transaction. They don't seem to mind that! LOL

But now I have switched to all manual online processing. Having Authorize.net was costing me double with having the POS machine here in the store. I just manually run all the internet orders I gather now. Makes it easier to delay billing, as well, if I have to backorder something.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved