←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 4 comments | 25 Aug 25 04:23 UTC | HN request time: 0s | source
Show context
lwansbrough ◴[25 Aug 25 05:55 UTC] No.45010657[source]
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.

It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.

replies(6): >>45010748 #>>45010787 #>>45010871 #>>45011590 #>>45011656 #>>45011732 #
lxgr ◴[25 Aug 25 06:10 UTC] No.45010748[source]
Why stop there? Just block all non-US IPs!

If it works for my health insurance company, essentially all streaming services (including not even being able to cancel service from abroad), and many banks, it’ll work for you as well.

Surely bad actors wouldn’t use VPNs or botnets, and your customers never travel abroad?

replies(11): >>45010774 #>>45010777 #>>45010786 #>>45010861 #>>45010879 #>>45010925 #>>45011206 #>>45011711 #>>45012110 #>>45013192 #>>45025318 #
raffraffraff ◴[25 Aug 25 06:17 UTC] No.45010777[source]
And across the water, my wife has banned US IP addresses from her online shop once or twice. She runs a small business making products that don't travel well, and would cost a lot to ship to the US. It's a huge country with many people. Answering pointless queries, saying "No, I can't do that" in 50 different ways and eventually dealing with negative reviews from people you've never sold to and possibly even never talked to... Much easier to mass block. I call it network segmentation. She's also blocked all of Asia, Africa, Australia and half of Europe.

The blocks don't stay in place forever, just a few months.

replies(3): >>45010839 #>>45010856 #>>45018681 #
lxgr ◴[25 Aug 25 06:29 UTC] No.45010856[source]
As long as your customer base never travels and needs support, sure, I guess.

The only way of communicating with such companies are chargebacks through my bank (which always at least has a phone number reachable from abroad), so I’d make sure to account for these.

replies(2): >>45011074 #>>45013446 #
closewith ◴[25 Aug 25 07:00 UTC] No.45011074[source]
Chargebacks aren't the panacea you're used to outside the US, so that's a non-issue.
replies(1): >>45011803 #
lxgr ◴[25 Aug 25 09:03 UTC] No.45011803[source]
Only if your bank isn't competent in using them.

Visa/Mastercard chargeback rules largely apply worldwide (with some regional exceptions, but much less than many banks would make you believe).

replies(1): >>45011946 #
closewith ◴[25 Aug 25 09:29 UTC] No.45011946[source]
No, outside the US, both Visa and Mastercard regularly side with the retailer/supplier. If you process a chargeback simply because a UK company blocks your IP, you will be denied.
replies(2): >>45012527 #>>45012650 #
lxgr ◴[25 Aug 25 11:24 UTC] No.45012650[source]
Visa and Mastercard aren't even involved in most disputes. Almost all disputes are settled between issuing and acquiring bank, and the networks only step in after some back and forth if the two really can't figure out liability.

I've seen some European issuing banks completely misinterpret the dispute rules and as a result deny cardholder claims that other issuers won without any discussion.

replies(1): >>45013311 #
1. closewith ◴[25 Aug 25 12:53 UTC] No.45013311[source]
> Visa and Mastercard aren't even involved in most disputes. Almost all disputes are settled between issuing and acquiring bank, and the networks only step in after some back and forth if the two really can't figure out liability.

Yes, the issuing and acquiring banks perform an arbitration process, and it's generally a very fair process.

We disputed every chargeback and post PSD2 SCA, we won almost all and had a 90%+ net recovery rate. Similar US businesses were lucky to hit 10% and were terrified of chargeback limits.

> I've seen some European issuing banks completely misinterpret the dispute rules and as a result deny cardholder claims that other issuers won without any discussion.

Are you sure? More likely, the vendor didn't dispute the successful chargebacks.

replies(1): >>45017806 #
2. lxgr ◴[25 Aug 25 19:18 UTC] No.45017806[source]
I think you might be talking about "fraudulent transaction/cardholder does not recognize" disputes. Yes, when using 3DS (which is now much more common at least in Europe, due to often being required by regulation in the EU/EEA), these are much less likely to be won by the issuer.

But "merchant does not let me cancel" isn't a fraud dispute (and in fact would probably be lost by the issuing bank if raised as such). Those "non-fraudulent disagreement with the merchant disputes" work very similarly in the US and in Europe.

replies(1): >>45018159 #
3. closewith ◴[25 Aug 25 19:48 UTC] No.45018159[source]
No, you're just wrong here. Merchant doesn't let me cancel will almost always be won by the vendor when they demonstrate that they do allow cancellations within the bounds of the law and contracts. I've won many of these in the EU, too (we actually never lost a dispute for non-compliance with card network rules, because we were _very_ compliant).

I can only assume you are from the US and are assuming your experience will generalise, but it simply does not. Like night and day. Most EU residents who try using chargebacks for illegitimate dispute resolution learn these lessons quickly, as there are far more card cancellations for "friendly fraud" than merchant account closures for excessive chargebacks in the EU - the polar opposite of the US.

replies(1): >>45026344 #
4. lxgr ◴[26 Aug 25 13:34 UTC] No.45026344{3}[source]
You’re assuming wrong.

And have you won one of these cases in a scenario where the merchant website has a blanket IP ban? That seems very different from cardholders incapable of clicking an “unsubscribe” button they have access to.