Knowledgebase: Settings

Why am I getting "Security Alert for your Shift4Shop Store" emails?


A new security feature has been added to your Shift4Shop store on version 10.2.3

Upon logging into your Shift4Shop Online Store Manager, the system will now check your connection's IP address and record its location city of origin.

If the system detects a login to your account from a different city, you will receive an email to notify you of this.

The email is merely a precaution to help you detect any unauthorized logins to your account. The email will be sent to the login's email address and contain the user ID that was logged into, and the store it was detected on (in case you have multiple accounts), as well as the following:

  • When the login occurred
  • Where the recorded IP address location is.
  • The new IP address
  • Your Previous IP

Along with this information, you will also see instructions on how to handle the alert.

  • If the login is/was you, simply ignore the message. No action is taken or needed. Again, the email is a precaution.
  • If the login was NOT you, reply to the message or email [email protected] to let us know.

We will note the information on your account to keep track of these instances, and we will lock your login to cancel and prevent any unauthorized logins to your Online Store Manager.

When the account is locked, a follow up email will be instantly sent to your login's email address to allow you (and you alone) to unlock the account.

Afterward, you should also take steps to change your password and perhaps consider adding 2 factor authentication to your login to secure it even further.

Be aware that - if you log into your Online Store Manager with your regular PC at one point, and then log in later via a VPN/Proxy at work or with your mobile device - you may inadvertently trigger this email.

By design, VPNs and Proxies will have different IP ranges than your regular connection. Furthermore, mobile connection providers typically recycle IP addresses for large areas of service so it is possible that the IP address for your mobile access provider has a geolocation tag for a different city.

To test to see if the trigger may have come from your mobile device, enter the IP address (from the warning email) at the following site:

This lookup tool will let you see the provider which uses the range of IP addresses for the connection. More often than not, it will be your mobile or VPN provider.

If you use your mobile device often for accessing your Online Store Manager, we strongly recommend setting up the 2-Factor Authentication mentioned above.

Help Desk Software by Kayako fusion