216.73.216.8
216.73.216.8
Start Thread
Can't find what you're searching for? Start Thread
hsikander
‎10-23-2023 07:12 PM

Fake Appointment's booking on our Square Appointment.

After spending several hours on the phone with Square support regarding our recent occurrence of fake appointments on our Square platform from various sources, I was told that Square as a platform has NO capability to track these fake sources and IP addresses.

The only option they provided was to email Square's legal department, which I did - see below.

The only solution they offered was to send an email to Square's legal department and I did - see below

I don't believe we are the only ones as this is a security-related issue, but is anyone else in that space having these problems? Any advice from this esteemed group of people would be greatly welcomed.

Message to Square Team:

I have included screen shots to provide a few examples. 

Respected Square Team, 

For almost two weeks, we have had problems with fraudulent appointments showing up on our appointment calendar. Both email and phone numbers are fictitious. We continue to receive these phony appointments despite the fact that I have given your customer service team samples. When I asked whether there were any ways to track down these IP addresses, I was told there weren't. How do we report this? As a small business, we cannot afford such interruptions. Without any proof, we can do little to prevent this crime from being carried out by one of our competitors. In order to put an end to this, we need your support and guidance.
Reply
3,827 Views
Message 1 of 7
Report
6 REPLIES 6
VanKalkerFarms
Square Champion
‎10-24-2023 05:30 AM

That is a really complicated issue for sure.  Just from a technology perspective, it could be possible to block an IP address from booking, not saying it is built in but theoretically can be, but a motivated person can hammer a site with a new booking every minute (even faster like thousands per second for DDOS attacks) with a new IP. You would have to use something more akin to CloudFlare to stop massive spamming.  Then the issue is that real appointments get caught up in the fake net too.  Definitely not a fun issue of online sales.

Just thinking that if an email is a required field then you could require a confirmation that was sent to the email to be clicked to actually book it.  again though that can mean losing sales of people who don't complete the email confirmation and then possibly show up when they booked but didn't confirm.



Bob Van Kalker
My Van Kalker Farms Garden Center Facebook page
My Rise'n Roll Bakery Schererville Facebook Page
My Rise'n Roll Bakery Valparaiso Facebook Page
My Rise'n Roll Bakery Cedar Lake Facebook Page
SQUARE LOGO
Reply
3,792 Views
Message 2 of 7
Report
hsikander
‎10-24-2023 01:14 PM

In response to VanKalkerFarms

I appreciate your reply. I concur that this is a complex problem. If you have Google integration enabled, which allows individuals to make appointments through Google, you will notice more of these phony appointments, which is one of the commonalities I discovered. I requested that support turn off this function. I'm keeping an eye on things to see if anything changes.

In this day and age, we should have the ability to activate packet capture or verbose logging for the target host that is impacted if I report this security problem.

I have not yet heard back from Square support. Since we are only a small business, I have asked them to escalate, but I don't believe my request will have any impact.

Reply
0 Kudos
3,729 Views
Message 3 of 7
Report
Candlestore
Square Champion
‎10-24-2023 09:28 AM

@hsikander ;

Another issue you may run into is someone who books multiple places and then at the last moments is like well this place is closest to where we currently are so we will go there.  People do this so they can Book multiple places with no regards to the business they do not show up at because they were on vacation and did not want to worry about times.  One thing you could try doing is having a Non refundable security deposit at the time of booking.  This is a slippery slope too, some people might not like the deposit idea and not book at all.  But then if it is another business trying to put you under they will be paying you.   Their name and zip code will also be recorded for the Credit Card Transaction.  

Keith
Owner
Pocono Candle

Mark as Best Answer if this Helped you solve an issue or give it a thumbs up if you like the answer.
Square Support Number 855-700-6000.
Make Sure App and OS is up to date on your Device.
Reply
3,774 Views
Message 4 of 7
Report
hsikander
‎10-24-2023 01:18 PM

In response to Candlestore

I appreciate your response. I agree that there needs to be a careful balance between user experience and security, and this is the challenge I am now working on. Another problem I discovered is that you cannot specify a fee for cancellation and no-show; when you go to charge, it will only accept the cancellation fee. In my case, I have explicitly stated in my policies that there is a 20% cancellation fee and a 50% no-show fee, but I can only charge cancellation if the appointment is missed. You all had similar experiences.

Reply
0 Kudos
3,727 Views
Message 5 of 7
Report
TheRealChipA
Square Champion
‎10-24-2023 10:07 AM

Hi @hsikander.  I won’t repeat the technical issues (and new headaches for us as sellers) that would arise if Square were to do IP checks/blocking.  I will add one other, however,  Apple devices allow the owners to hide their real IP addresses and use a pool of addresses sort of like a VPN.  This means that all the competitor (or whoever) needs to do is simply change the region of the world they are using with Apple’s Hide my IP function and then they would no be blocked anymore.  It also means that if we could block one of those random IPs, then every Apple device user who used that — even legitimate ones — would not be able to book appointments with you.  As @Candlestore and @VanKalkerFarms, this is both a nightmare and a can of worms, and I’m speaking as a former techie with decades of experience.

 

@VanKalkerFarmsalluded to this, but Square has given us an “out” as it were.  It requires that you upgrade to the Appointments Plus tier.  But once you do, you can send out confirmation emails and/or texts which require a reply before the appointment is actually confirmed.  Here is the Square document about Appointment Confirmations & Reminders.  I understand that you might not want to upgrade, but in this case if you are losing a lot of money this would reduce or most likely eliminate that loss for the much lower monthly fee.  You’ll make it up in having more appointment slots for actual customers.

 

I wish you well.

Chip A.
Square Expert & Innovator
(But NOT a Square employee, just a seller like you)

Was my post helpful? Take a moment to mark it as a possible "best answer." I hate the term, and wish we could just mark posts as "helpful." But this is our only mechanism at the moment. Just remember "Best answer" should be interpreted as "helpful," and nothing more. LOL. "Best" (ugh) answers help folks possibly find solutions to similar problems they are hoping to solve.
Reply
3,772 Views
Message 6 of 7
Report
hsikander
‎10-24-2023 01:24 PM

In response to TheRealChipA

I appreciate your reply. I concur that bad actors can conceal their identity because there are many ways to do so. I'm trying to make a point by saying that the help and answer I got from Square support was incredibly aggravating and gave the impression that small businesses like ours have no voice in their ecosystem. I made the decision to voice my concerns here since I knew that I was not the only one experiencing similar problems. I appreciate you giving this Appointment Plus information; I will look into it.

 

Reply
3,723 Views
Message 7 of 7
Report
Anonymous

Square Community

Square Products

Resources

More

© 2025 Square, Inc.