Welcome to WebmasterWorld Guest from

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

IP Logging

pros / cons



10:04 am on Jul 28, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

My MD wants us to start logging IPs of ordering customers in an effort to reduce credit card chargebacks, the idea being we can trace fraudsters through their ISP, and state that this is what we do in order to scare dodgy people off.

I have my concerns about this, as I think it might also scare legit customers - it could be interpreted as 'Big Brother'-ish by some. At the moment we state in our privacy policy that we neither link IPs to customers nor use cookies.

Also, would an ISP actually release such info as what user was using a certain IP at a certain time?? I would have thought that (in the UK) this would have data protection act implications?

Thoughts, anyone?



12:27 pm on Jul 28, 2000 (gmt 0)

Hi Sugarkane,

I have been there and done that.

First, in your privacy statement it would need edited to state the new tracking usage (if you want to stay legit in the customers eyes).

2nd, when I went through my last chargeback...

A)IPs change, they are not static (as I am sure you know)
B)No, ISPs will not release ANY customer information let alone who was using what IP at what time
C)When I did try contacting an ISP with the IP and E mail header showing who the user was they stated I needed a subpeno(?) and even then good luck with thier legal department. Also how could I prove that someone else was not using thier customers computer to place the order and send the E mail (OK reality check), but they are correct.

All I can say is document everything and have hard copies. Any E mail communications, any signed shipping slips. I even go so far as stating if AVS (address verification) does not match I credit the customer back and E mail them why. I also then ask them to contact thier bank and update the billing information. This last thing is what I find weeds out the "dodgy" people best.

No system is fool proof and without a CC imprint you are exposed. I am also not doing ANY dropshipments.

Good luck,



1:16 pm on Jul 28, 2000 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

I've found users don't mind if you promote it as a protection process instead of worrying about the privacy. "We monitor all ip's for credit card fraud'. It builds buyer confidence, it doesn't errode it.


4:26 pm on Jul 28, 2000 (gmt 0)

"We monitor all ip's for credit card fraud"


What does monitoring the IP gain you. If they were static I could see keeping a list of all IPs that placed a fraudulant order and use that list on orders submitted to weed out the fraud but with dynamic IPs what would the point be. sorry must be missing something here...:(



4:48 pm on Jul 28, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Brian, here's how I think about it -

>What does monitoring the IP gain you.

In many cases nothing, but it serves the same purpose as those store cameras. Many of those have no tapes in the VCR or the quality is so bad they can't tell if it was a person or a squirrel the did something untoward.

But the end result is the same, done correctly everyone feels a little safer, it deters the amateurs, and keeps your losses to the pros, which you would lose to no matter what you did.


6:40 pm on Jul 28, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Thanks all,

Using it as a 'look how careful we are with our customers details' kind of statement hadn't occurred to me. I'll ponder further.

Thanks again,


8:31 pm on Jul 28, 2000 (gmt 0)

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I recently had someone purchase a cloaking script with a stolen credit card number. This guy was very clever. He used the real address of the guy who's number he stolen and the phone number was one digit off. He used a free email address that looked legitimate, something like admin@privetsoundingdomain.com. I did a lookup on the IP and it came out of Russia. This guy knew what he was doing.

Funny, this guy is that good at being bad, but yet he needed to get his hands on a cloaking script.


8:53 pm on Jul 28, 2000 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

To expand the topic slightly, what measures do you all use to guard against fraud?

We archive all emails (in and out) and they are searchable to bring up a full history in case of disputes, but it seems all too easy for a customer to simply deny all knowledge of anything, and then the chargeback stands.

We have a 'card not present' merchant account, but no access to databases of CC user addresses etc to verify that the customer is who (s)he claims to be.

Various online merchant services offer increased security checking (eg matching against address etc), but all the ones I've found require you to actually clear the transaction through them.

Does anyone know of a service where I can check a customer's identity details in real time but then process the payment through our own facilities?