homepage Welcome to WebmasterWorld Guest from 54.163.91.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
IP Logging
pros / cons
sugarkane




msg:894923
 10:04 am on Jul 28, 2000 (gmt 0)

My MD wants us to start logging IPs of ordering customers in an effort to reduce credit card chargebacks, the idea being we can trace fraudsters through their ISP, and state that this is what we do in order to scare dodgy people off.

I have my concerns about this, as I think it might also scare legit customers - it could be interpreted as 'Big Brother'-ish by some. At the moment we state in our privacy policy that we neither link IPs to customers nor use cookies.

Also, would an ISP actually release such info as what user was using a certain IP at a certain time?? I would have thought that (in the UK) this would have data protection act implications?

Thoughts, anyone?

Cheers.


 

GWJ




msg:894924
 12:27 pm on Jul 28, 2000 (gmt 0)

Hi Sugarkane,

I have been there and done that.

First, in your privacy statement it would need edited to state the new tracking usage (if you want to stay legit in the customers eyes).

2nd, when I went through my last chargeback...

A)IPs change, they are not static (as I am sure you know)
B)No, ISPs will not release ANY customer information let alone who was using what IP at what time
C)When I did try contacting an ISP with the IP and E mail header showing who the user was they stated I needed a subpeno(?) and even then good luck with thier legal department. Also how could I prove that someone else was not using thier customers computer to place the order and send the E mail (OK reality check), but they are correct.

All I can say is document everything and have hard copies. Any E mail communications, any signed shipping slips. I even go so far as stating if AVS (address verification) does not match I credit the customer back and E mail them why. I also then ask them to contact thier bank and update the billing information. This last thing is what I find weeds out the "dodgy" people best.

No system is fool proof and without a CC imprint you are exposed. I am also not doing ANY dropshipments.

Good luck,

Brian

Brett_Tabke




msg:894925
 1:16 pm on Jul 28, 2000 (gmt 0)

I've found users don't mind if you promote it as a protection process instead of worrying about the privacy. "We monitor all ip's for credit card fraud'. It builds buyer confidence, it doesn't errode it.

GWJ




msg:894926
 4:26 pm on Jul 28, 2000 (gmt 0)

"We monitor all ip's for credit card fraud"

Brett,

What does monitoring the IP gain you. If they were static I could see keeping a list of all IPs that placed a fraudulant order and use that list on orders submitted to weed out the fraud but with dynamic IPs what would the point be. sorry must be missing something here...:(

Brian

Air




msg:894927
 4:48 pm on Jul 28, 2000 (gmt 0)

Brian, here's how I think about it -

>What does monitoring the IP gain you.

In many cases nothing, but it serves the same purpose as those store cameras. Many of those have no tapes in the VCR or the quality is so bad they can't tell if it was a person or a squirrel the did something untoward.

But the end result is the same, done correctly everyone feels a little safer, it deters the amateurs, and keeps your losses to the pros, which you would lose to no matter what you did.

sugarkane




msg:894928
 6:40 pm on Jul 28, 2000 (gmt 0)

Thanks all,

Using it as a 'look how careful we are with our customers details' kind of statement hadn't occurred to me. I'll ponder further.

Thanks again,
Dan

littleman




msg:894929
 8:31 pm on Jul 28, 2000 (gmt 0)

I recently had someone purchase a cloaking script with a stolen credit card number. This guy was very clever. He used the real address of the guy who's number he stolen and the phone number was one digit off. He used a free email address that looked legitimate, something like admin@privetsoundingdomain.com. I did a lookup on the IP and it came out of Russia. This guy knew what he was doing.

Funny, this guy is that good at being bad, but yet he needed to get his hands on a cloaking script.

sugarkane




msg:894930
 8:53 pm on Jul 28, 2000 (gmt 0)

To expand the topic slightly, what measures do you all use to guard against fraud?

We archive all emails (in and out) and they are searchable to bring up a full history in case of disputes, but it seems all too easy for a customer to simply deny all knowledge of anything, and then the chargeback stands.

We have a 'card not present' merchant account, but no access to databases of CC user addresses etc to verify that the customer is who (s)he claims to be.

Various online merchant services offer increased security checking (eg matching against address etc), but all the ones I've found require you to actually clear the transaction through them.

Does anyone know of a service where I can check a customer's identity details in real time but then process the payment through our own facilities?

Cheers,
Dan


Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved