Hey there @clarajanenash. Risk Manager is ENTIRELY based on credit/debit card numbers. That is all it was designed to do, mostly because it interfaces with the national card issuers. Those companies do not make phone number, email address, etc, available to anyone for such purposes. As for IP address, that is tricky anymore. We live in a time when nearly everyone who understands the internet either uses a VPN, or something like the iPhone/iPad Private Relay. This means that IP addresses are constantly being masked and hidden and therefore completely unusable for the most part. At the very least, companies that have relied on IP addresses banning are now pretty much useless.
That being said, I agree with you that Square could give us the ability to make blacklists of email addresses and phone numbers that we don’t want to accept orders from. This could be somewhat of a decent solution, but even that would not be foolproof. Why, you might ask? Well, let’s take the Apple Account feature called “Hide My Email.” This allows customers to use alternate email addresses instead of our real ones so that we can keep our email addresses private and less hackable. Sure, Apple is able to associate our alternate email addresses with our real one so that we can get emails to those alternate addresses. But they never, under any circumstances, share this information with anyone, or the whole purpose of Hide My Email would be useless. Also, people have multiple.e phone numbers these days and hackers and scam artists rarely use their own phone numbers, but use burner numbers, instead. It’s pretty much the Wild West out there on the Word-Wide Web right now, which makes it very difficult to do what you think should be easy.
I do know that Square has been investigating new features for customer verification and such. But I’ve not seen announcements that would indicate that these efforts are much beyond the research phase because as I pointed out it is highly complicated and may not even be possible right now. Square is not alone here. All card processors are dealing with this and maybe if they combine their efforts we might one day arrive at a solution. But as long as customer privacy rightfully takes precedence over anything, it will not be any time soon, I’m afraid.
